API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 16th, 2012
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.08 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-05-16.01 - GEOMARSRV 05/16/2012 14:58:18.2.1 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.1023.588 [GMT 2:00]
  3. Running from: c:\documents and settings\GEOMARSRV\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\GEOMARSRV\Desktop\CFScript.txt
  5. .
  6. .
  7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  9. .
  10. .
  11. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13. .
  14. -------\Legacy_LBD
  15. -------\Service_Lbd
  16. .
  17. .
  18. ((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
  19. .
  20. .
  21. 2012-05-15 12:42 . 2012-05-15 12:42 -------- d-----w- C:\_OTL
  22. 2012-05-15 06:15 . 2012-05-15 06:15 -------- d-----w- c:\documents and settings\GEOMARSRV\Application Data\Malwarebytes
  23. 2012-05-15 06:03 . 2012-05-15 12:39 -------- d-----w- c:\documents and settings\GEOMARSRV\Application Data\Skype
  24. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\program files\Common Files\Skype
  25. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----r- c:\program files\Skype
  26. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
  27. 2012-05-15 05:20 . 2012-05-15 05:20 -------- d-----w- c:\program files\RandyRants.com
  28. 2012-05-14 07:06 . 2012-05-14 07:06 -------- d-----w- c:\documents and settings\GEOMARSRV\Local Settings\Application Data\PDF-TIFF-Tools.com
  29. 2012-05-14 07:06 . 2012-05-14 07:06 -------- d-----w- c:\program files\JPG to PDF Converter
  30. 2012-05-07 05:12 . 2012-05-07 05:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
  31. 2012-05-07 05:12 . 2012-05-07 05:12 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
  32. 2012-05-07 05:12 . 2012-05-07 05:12 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
  33. .
  34. .
  35. .
  36. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  37. .
  38. 2012-05-08 05:10 . 2012-03-29 06:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  39. 2012-05-08 05:10 . 2011-07-04 04:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  40. 2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
  41. 2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
  42. 2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
  43. 2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
  44. 2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
  45. 2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
  46. 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
  47. 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
  48. 2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
  49. 2012-05-07 05:12 . 2011-10-25 05:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  50. .
  51. .
  52. ((((((((((((((((((((((((((((( SnapShot@2012-05-16_05.28.49 )))))))))))))))))))))))))))))))))))))))))
  53. .
  54. + 2012-05-16 13:06 . 2012-05-16 13:06 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
  55. .
  56. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  57. .
  58. .
  59. *Note* empty entries & legit default entries are not shown
  60. REGEDIT4
  61. .
  62. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  63. "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
  64. "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
  65. .
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  67. "nForce Tray Options"="sstray.exe" [2003-06-17 73728]
  68. .
  69. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  70. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  71. .
  72. c:\documents and settings\Marko Server\Start Menu\Programs\Startup\
  73. OpenOffice.org 1.9.79.lnk - c:\program files\OpenOffice.org 1.9.79\program\quickstart.exe [N/A]
  74. .
  75. c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
  76. EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-7-11 131584]
  77. .
  78. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
  79. 2007-09-28 15:50 111616 ----a-w- c:\windows\system32\ackpbsc.dll
  80. .
  81. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
  82. 2007-06-20 17:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
  83. .
  84. [HKLM\~\startupfolder\C:^Documents and Settings^GEOMARSRV^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
  85. path=c:\documents and settings\GEOMARSRV\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
  86. backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
  87. .
  88. [HKLM\~\startupfolder\C:^Documents and Settings^GEOMARSRV^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
  89. path=c:\documents and settings\GEOMARSRV\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
  90. backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
  91. .
  92. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
  93. 2007-09-21 16:15 294440 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
  94. .
  95. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acsagent]
  96. 2007-06-20 17:08 130864 ----a-w- c:\program files\ActivIdentity\ActivClient\acsagent.exe
  97. .
  98. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
  99. 2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  100. .
  101. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
  102. 2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
  103. .
  104. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
  105. 2004-03-24 10:41 1294446 ------w- c:\program files\Ahead\InCD\InCD.exe
  106. .
  107. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  108. 2006-06-11 08:26 155648 -c--a-w- c:\program files\QuickTime\qttask.exe
  109. .
  110. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
  111. 2005-10-26 16:17 159744 ----a-w- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
  112. .
  113. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  114. 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
  115. .
  116. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
  117. 2008-05-12 05:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  118. .
  119. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  120. "%windir%\\system32\\sessmgr.exe"=
  121. "c:\\WINDOWS\\system32\\msiexec.exe"=
  122. "c:\\Program Files\\Hewlett-Packard\\HP Designjet System Maintenance\\hp_dj_sme.exe"=
  123. "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
  124. "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
  125. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  126. "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  127. "d:\\DOWNLOADS\\Xfire\\Xfire.exe"=
  128. "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
  129. "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
  130. "c:\\Program Files\\ZWCAD 2011 Eng\\ZWCAD.EXE"=
  131. "c:\\Program Files\\ZWCAD 2011 Eng\\zwlm_ts.exe"=
  132. "c:\\Program Files\\ZWCAD 2011 Eng\\CrashReportManagement.exe"=
  133. "c:\\Program Files\\ZWCAD 2011 Eng\\ZWErrorDialog.exe"=
  134. "c:\\Program Files\\Synkron\\Synkron.exe"=
  135. "c:\\Program Files\\ZWCAD 2012 Eng\\ZWCAD.EXE"=
  136. "c:\\Program Files\\ZWCAD 2012 Eng\\zwlm_ts.exe"=
  137. "c:\\Program Files\\ZWCAD 2012 Eng\\CrashReportManagement.exe"=
  138. "c:\\Program Files\\ZWCAD 2012 Eng\\ZWErrorDialog.exe"=
  139. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  140. .
  141. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  142. "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  143. "5769:TCP"= 5769:TCP:UPSTCP
  144. .
  145. R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4/21/2005 3:58 AM 9600]
  146. R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [9/28/2007 5:50 PM 188456]
  147. R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\upsman\ServiceDriver.exe [8/22/2011 9:43 AM 225353]
  148. R2 UPSMan;UPSMan;c:\program files\UPS\upsman\upsman.exe [8/22/2011 9:43 AM 4042837]
  149. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 7:55 AM 136176]
  150. S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
  151. S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 2:41 PM 47660]
  152. S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [8/11/2008 9:30 AM 57356]
  153. S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 7:55 AM 136176]
  154. S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
  155. S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
  156. S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 7:12 AM 129976]
  157. S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [6/19/2007 8:51 AM 81832]
  158. S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [6/19/2007 8:51 AM 13864]
  159. S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [6/19/2007 8:51 AM 107304]
  160. S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [6/19/2007 8:51 AM 99112]
  161. S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [6/19/2007 8:51 AM 21928]
  162. S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [6/19/2007 8:51 AM 97320]
  163. S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [6/19/2007 8:51 AM 97704]
  164. .
  165. Contents of the 'Scheduled Tasks' folder
  166. .
  167. 2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  168. - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 05:55]
  169. .
  170. 2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  171. - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 05:55]
  172. .
  173. 2012-05-16 c:\windows\Tasks\User_Feed_Synchronization-{ECC3DC8F-3108-47C2-868F-C70316734A3C}.job
  174. - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
  175. .
  176. .
  177. ------- Supplementary Scan -------
  178. .
  179. uStart Page = hxxp://www.tportal.hr/fset.html
  180. uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  181. uInternet Connection Wizard,ShellNext = iexplore
  182. uSearchAssistant = hxxp://www.google.com/ie
  183. uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
  184. TCP: Interfaces\{3C9F0A57-FAF9-41E0-A008-544D3E4AB2FF}: NameServer = 192.168.168.230,195.29.150.3
  185. FF - ProfilePath - c:\documents and settings\GEOMARSRV\Application Data\Mozilla\Firefox\Profiles\0z9afk1o.default\
  186. FF - prefs.js: browser.search.selectedEngine - Google
  187. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
  188. .
  189. .
  190. **************************************************************************
  191. .
  192. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  193. Rootkit scan 2012-05-16 15:06
  194. Windows 5.1.2600 Service Pack 3 NTFS
  195. .
  196. scanning hidden processes ...
  197. .
  198. scanning hidden autostart entries ...
  199. .
  200. scanning hidden files ...
  201. .
  202. scan completed successfully
  203. hidden files: 0
  204. .
  205. **************************************************************************
  206. .
  207. --------------------- DLLs Loaded Under Running Processes ---------------------
  208. .
  209. - - - - - - - > 'winlogon.exe'(748)
  210. c:\windows\system32\ackpbsc.dll
  211. c:\windows\system32\aclog.dll
  212. c:\windows\system32\ACLIBEAY.dll
  213. c:\windows\system32\acevtsub.dll
  214. c:\windows\system32\asphat32.dll
  215. c:\windows\system32\acerrmes.dll
  216. c:\windows\system32\aspcom.dll
  217. c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
  218. c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
  219. c:\windows\system32\msi.dll
  220. c:\program files\ActivIdentity\ActivClient\acunlock.dll
  221. c:\windows\system32\aipingui.dll
  222. c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
  223. c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
  224. c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
  225. .
  226. - - - - - - - > 'explorer.exe'(560)
  227. c:\windows\system32\WININET.dll
  228. c:\windows\system32\msi.dll
  229. c:\windows\system32\ieframe.dll
  230. c:\windows\system32\webcheck.dll
  231. c:\windows\system32\WPDShServiceObj.dll
  232. c:\windows\system32\PortableDeviceTypes.dll
  233. c:\windows\system32\PortableDeviceApi.dll
  234. .
  235. ------------------------ Other Running Processes ------------------------
  236. .
  237. c:\program files\Ahead\InCD\InCDsrv.exe
  238. c:\program files\ActivIdentity\ActivClient\acevents.exe
  239. c:\windows\System32\SCardSvr.exe
  240. c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
  241. c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe
  242. c:\program files\Java\jre6\bin\jqs.exe
  243. c:\windows\system32\wscntfy.exe
  244. c:\windows\system32\sstray.exe
  245. c:\progra~1\MICROS~2\rapimgr.exe
  246. .
  247. **************************************************************************
  248. .
  249. Completion time: 2012-05-16 15:09:50 - machine was rebooted
  250. ComboFix-quarantined-files.txt 2012-05-16 13:09
  251. ComboFix2.txt 2012-05-16 05:31
  252. .
  253. Pre-Run: 14,054,387,712 bytes free
  254. Post-Run: 13,924,372,480 bytes free
  255. .
  256. - - End Of File - - 80A8C13042A79759441299AC395FAE59
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!