API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2010
379
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.75 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-08-08.01 - Administrator 08.08.2010 22:54:57.1.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1535.1120 [GMT 2:00]
  3. Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
  4. AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  5. * Resident AV is active
  6.  
  7.  
  8. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  9. .
  10.  
  11. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13.  
  14. c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
  15. c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest
  16. c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar
  17. c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js
  18. c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf
  19. c:\program files\Mozilla Firefox\searchplugins\zwunzi143.xml
  20. c:\windows\start.bat
  21. c:\windows\system32\d3d10core.dll
  22. c:\windows\system32\kernel32new.dll
  23. c:\windows\system32\msvcrtnew.dll
  24.  
  25. .
  26. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  27. .
  28.  
  29. -------\Legacy_ZWUNZI_SERVICE
  30.  
  31.  
  32. ((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
  33. .
  34.  
  35. 2010-08-08 20:28 . 2010-08-08 20:28 -------- d-----w- C:\_OTL
  36. 2010-08-08 01:06 . 2010-08-08 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Need for Speed World
  37. 2010-08-08 00:58 . 2010-08-08 00:58 10896656 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe
  38. 2010-08-08 00:58 . 2010-08-08 00:58 267536 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\gameplay.dll
  39. 2010-08-08 00:58 . 2010-08-08 00:58 1790736 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
  40. 2010-08-08 00:58 . 2010-08-08 00:58 4068624 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\eawebkit.dll
  41. 2010-08-08 00:58 . 2010-08-08 00:58 462864 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
  42. 2010-08-08 00:58 . 2010-08-08 00:58 3786760 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
  43. 2010-08-08 00:40 . 2010-08-08 00:40 883670 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
  44. 2010-08-08 00:40 . 2010-08-08 00:40 57344 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
  45. 2010-08-08 00:31 . 2010-08-08 00:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Electronic_Arts_Inc
  46. 2010-08-08 00:29 . 2010-08-08 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
  47. 2010-08-07 10:12 . 2010-08-07 10:12 452104 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.12\setup.exe
  48. 2010-08-05 20:13 . 2010-08-05 20:13 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\msvcp71.dll
  49. 2010-08-05 20:13 . 2010-08-05 20:13 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\jmc.dll
  50. 2010-08-05 20:13 . 2010-08-05 20:13 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\msvcr71.dll
  51. 2010-08-05 20:13 . 2010-08-05 20:13 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-412fde9c-n\decora-sse.dll
  52. 2010-08-05 20:13 . 2010-08-05 20:13 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-412fde9c-n\decora-d3d.dll
  53. 2010-08-02 15:21 . 2010-08-02 15:21 192512 ----a-w- C:\bog2.exe
  54. 2010-08-01 21:33 . 2010-08-01 21:33 192512 ----a-w- C:\bog.exe
  55. 2010-08-01 21:15 . 2010-08-01 21:15 -------- d-----w- c:\program files\Common Files\Java
  56. 2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMP3Downloader
  57. 2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\EasyMP3Downloader
  58. 2010-07-24 11:14 . 2010-07-24 11:14 460 ----a-w- c:\documents and settings\Administrator\304217.zip
  59. 2010-07-24 10:58 . 2010-07-24 10:58 191184 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
  60. 2010-07-24 10:35 . 2010-07-24 10:35 -------- dc----w- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
  61. 2010-07-24 10:24 . 2010-07-24 10:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
  62. 2010-07-24 10:08 . 2010-07-24 10:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
  63. 2010-07-24 10:04 . 2010-07-24 10:04 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
  64. 2010-07-24 10:03 . 2010-07-24 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  65. 2010-07-24 10:03 . 2010-07-24 10:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
  66. 2010-07-24 09:21 . 2010-07-24 10:58 -------- d-----w- c:\program files\Common Files\PC Tools
  67. 2010-07-24 08:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  68. 2010-07-24 08:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  69. 2010-07-22 12:52 . 2010-07-22 12:52 -------- d-----w- c:\program files\SystemRequirementsLab
  70. 2010-07-22 09:28 . 2010-07-22 09:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HandBrake
  71. 2010-07-22 09:28 . 2010-07-22 09:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HandBrake
  72. 2010-07-22 09:09 . 2010-07-22 09:09 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
  73. 2010-07-22 09:09 . 2010-07-22 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
  74. 2010-07-21 10:25 . 2010-07-21 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\VitySoft
  75. 2010-07-20 11:05 . 2010-07-20 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
  76. 2010-07-20 09:51 . 2010-07-20 09:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player
  77. 2010-07-17 12:37 . 2010-07-17 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Command and Conquer 3 Kanes Wrath
  78. 2010-07-17 12:21 . 2010-07-17 12:21 -------- d-----w- c:\program files\Folding@Home #01
  79. 2010-07-17 11:39 . 2010-07-17 11:39 -------- d-----w- c:\windows\system32\wbem\Repository
  80. 2010-07-16 16:13 . 2010-07-16 16:13 -------- d-----w- c:\windows\DVD Decrypter
  81. 2010-07-14 21:50 . 2008-03-09 05:25 236 ----a-w- c:\program files\Common Files\dx.reg
  82. 2010-07-14 21:50 . 2008-03-05 14:03 329224 ----a-w- c:\windows\system32\DXErr.exe
  83. 2010-07-14 21:50 . 2008-03-05 14:03 209416 ----a-w- c:\windows\system32\dxcpl.exe
  84. 2010-07-14 21:50 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
  85. 2010-07-14 21:50 . 2008-04-12 16:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
  86. 2010-07-14 21:50 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
  87. 2010-07-14 21:50 . 2006-11-02 10:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
  88. 2010-07-14 21:50 . 2010-07-14 21:50 2944 ----a-w- c:\windows\system32\unins000.dat
  89. 2010-07-14 21:50 . 2010-07-14 21:50 716153 ----a-w- c:\windows\system32\unins000.exe
  90. 2010-07-13 19:27 . 2010-07-13 20:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker
  91. 2010-07-13 18:29 . 2010-07-13 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler
  92. 2010-07-13 13:54 . 2010-07-13 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
  93. 2010-07-13 13:32 . 2010-07-13 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViGlance
  94. 2010-07-11 19:32 . 2010-07-17 16:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
  95. 2010-07-11 19:32 . 2010-07-11 19:32 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
  96. 2010-07-11 19:30 . 2010-07-11 19:30 -------- d-----w- c:\windows\system32\URTTEMP
  97. 2010-07-11 19:27 . 2010-07-17 16:29 -------- d-----w- c:\windows\San Andreas Mod Installer
  98. 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
  99. 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
  100. 2010-07-11 14:33 . 2010-07-11 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
  101. 2010-07-11 14:33 . 2010-07-11 14:34 -------- d-----w- c:\program files\RegCure
  102. 2010-07-11 12:28 . 2010-07-11 12:28 -------- d-----w- c:\windows\RegCure
  103. 2010-07-11 12:00 . 2010-07-11 12:00 -------- d-----w- c:\program files\Common Files\xing shared
  104. 2010-07-10 18:05 . 2010-07-10 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics
  105. 2010-07-10 12:01 . 2010-07-10 12:01 -------- d-----w- c:\program files\Microsoft.NET
  106.  
  107. .
  108. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  109. .
  110. 2010-08-08 00:31 . 2010-01-16 03:41 69616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  111. 2010-08-07 22:03 . 2010-01-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
  112. 2010-08-04 18:35 . 2010-01-17 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
  113. 2010-08-04 11:50 . 2010-01-16 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
  114. 2010-08-01 20:44 . 2010-01-16 06:04 -------- d-----w- c:\program files\Java
  115. 2010-07-29 10:40 . 2010-01-23 15:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer Pro
  116. 2010-07-24 10:30 . 2010-01-17 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
  117. 2010-07-24 10:02 . 2010-01-17 11:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
  118. 2010-07-24 10:01 . 2010-01-23 16:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
  119. 2010-07-24 08:44 . 2010-01-17 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  120. 2010-07-22 09:55 . 2005-12-31 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
  121. 2010-07-22 09:09 . 2010-01-17 03:27 -------- d-----w- c:\program files\Common Files\InstallShield
  122. 2010-07-17 03:00 . 2010-04-20 12:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
  123. 2010-07-15 23:06 . 2010-01-17 01:40 -------- d-----w- c:\program files\DNA
  124. 2010-07-15 19:07 . 2010-01-17 22:17 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
  125. 2010-07-15 19:07 . 2010-01-17 22:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
  126. 2010-07-13 19:07 . 2008-04-14 03:42 218624 ----a-w- c:\windows\system32\uxtheme.dll
  127. 2010-07-13 13:30 . 2008-04-14 03:42 218624 ----a-w- c:\windows\system32\uxtheme(2).dll
  128. 2010-07-13 12:44 . 2010-02-02 22:36 -------- d-----w- c:\program files\DivX
  129. 2010-07-13 12:44 . 2010-02-02 22:36 -------- d-----w- c:\program files\Common Files\DivX Shared
  130. 2010-07-11 17:59 . 2006-01-01 00:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
  131. 2010-07-11 17:59 . 2006-01-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
  132. 2010-07-11 12:00 . 2010-03-15 19:43 -------- d-----w- c:\program files\Common Files\Real
  133. 2010-07-11 12:00 . 2010-03-15 19:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
  134. 2010-07-11 12:00 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
  135. 2010-07-11 11:51 . 2010-03-15 19:43 -------- d-----w- c:\program files\Real
  136. 2010-07-10 18:51 . 2010-01-16 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  137. 2010-07-10 12:15 . 2010-01-16 04:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
  138. 2010-07-10 11:35 . 2010-07-04 19:07 -------- d-----w- c:\program files\Eset
  139. 2010-07-10 10:49 . 2010-01-16 04:15 -------- d-----w- c:\program files\Common Files\Nero
  140. 2010-07-10 10:49 . 2010-01-16 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
  141. 2010-07-10 09:28 . 2010-02-17 10:04 -------- d-----w- c:\program files\Unlocker
  142. 2010-07-08 11:11 . 2010-01-16 06:08 -------- d-----w- c:\program files\Common Files\Adobe
  143. 2010-07-07 10:16 . 2010-07-07 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
  144. 2010-07-07 09:45 . 2010-07-07 09:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
  145. 2010-07-05 16:04 . 2010-07-04 19:07 512096 ----a-w- c:\windows\system32\drivers\amon.sys
  146. 2010-07-05 16:04 . 2010-07-04 19:07 298104 ----a-w- c:\windows\system32\imon.dll
  147. 2010-07-05 16:04 . 2010-07-04 19:07 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
  148. 2010-07-04 18:52 . 2010-07-04 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
  149. 2010-07-04 18:51 . 2010-01-16 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
  150. 2010-07-04 18:36 . 2010-01-23 23:27 -------- d-----w- c:\program files\Google
  151. 2010-06-26 14:03 . 2010-01-24 18:04 286720 ------w- c:\windows\Setup1.exe
  152. 2010-06-26 14:03 . 2010-01-24 18:04 73216 ----a-w- c:\windows\ST6UNST.EXE
  153. 2010-06-25 20:41 . 2010-06-25 13:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Games
  154. 2010-06-25 20:41 . 2010-06-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
  155. 2010-06-25 16:10 . 2010-06-25 16:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
  156. 2010-06-21 15:33 . 2010-01-27 10:55 823 ----a-w- c:\windows\eReg.dat
  157. 2010-06-14 14:31 . 2010-01-16 03:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
  158. 2010-06-11 15:31 . 2010-06-11 15:31 -------- d-----w- c:\program files\Drag Racer 3
  159. 2010-06-02 02:55 . 2010-06-25 20:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
  160. 2010-06-02 02:55 . 2010-06-25 20:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
  161. 2010-06-02 02:55 . 2010-06-25 20:32 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
  162. 2010-05-27 20:40 . 2010-05-27 20:41 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
  163. 2010-05-27 20:33 . 2010-05-27 20:32 93783440 ----a-w- c:\documents and settings\All Users\Application Data\OLYMPUS\ib\CameraBackup\000JB3208233\SETUP.EXE
  164. 2010-05-27 20:13 . 2010-05-27 20:13 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\msvcp71.dll
  165. 2010-05-27 20:13 . 2010-05-27 20:13 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\jmc.dll
  166. 2010-05-27 20:13 . 2010-05-27 20:13 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\msvcr71.dll
  167. 2010-05-27 20:13 . 2010-05-27 20:13 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d7cbea8-n\decora-sse.dll
  168. 2010-05-27 20:13 . 2010-05-27 20:13 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d7cbea8-n\decora-d3d.dll
  169. 2010-05-26 09:41 . 2010-06-25 20:32 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
  170. 2010-05-26 09:41 . 2010-06-25 20:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
  171. 2010-05-26 09:41 . 2010-06-25 20:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
  172. 2010-05-26 09:41 . 2010-06-25 20:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
  173. 2010-05-26 09:41 . 2010-06-25 20:32 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
  174. .
  175.  
  176. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  177. .
  178. .
  179. *Note* empty entries & legit default entries are not shown
  180. REGEDIT4
  181.  
  182. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  183. "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
  184. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
  185. "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  186.  
  187. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  188. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7696384]
  189. "nwiz"="nwiz.exe" [2006-08-24 1617920]
  190. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
  191. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
  192. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
  193. "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
  194. "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
  195. "nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-07-05 949376]
  196. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  197. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-11 185896]
  198.  
  199. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  200. 11bg Wireless LAN USB Utility.lnk - c:\program files\OEM\11bg Wireless LAN USB Utility\RtWLan.exe [2010-2-25 835584]
  201.  
  202. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  203. 2009-09-03 12:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll
  204.  
  205. [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Real Desktop.lnk]
  206. backup=c:\windows\pss\Real Desktop.lnkStartup
  207.  
  208. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^11bg Wireless LAN USB Utility.lnk]
  209. path=c:\documents and settings\All Users\Start Menu\Programs\Startup\11bg Wireless LAN USB Utility.lnk
  210. backup=c:\windows\pss\11bg Wireless LAN USB Utility.lnkCommon Startup
  211.  
  212. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
  213. backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnkCommon Startup
  214. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
  215. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pchost
  216. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop
  217. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
  218.  
  219. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
  220. 2009-06-30 07:55 2329224 ----a-w- d:\program files\IObit\Advanced SystemCare 3\AWC.exe
  221.  
  222. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
  223. 2010-07-13 19:17 323392 ----a-w- c:\program files\DNA\btdna.exe
  224.  
  225. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
  226. 2006-10-31 00:03 284184 ----a-w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
  227.  
  228. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
  229. 2006-11-15 20:58 746520 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
  230.  
  231. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
  232. 2006-11-15 21:01 244512 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
  233.  
  234. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  235. 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
  236.  
  237. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
  238. 2006-08-24 06:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
  239.  
  240. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  241. 2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
  242.  
  243. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
  244. 2009-11-23 13:21 2001648 ----a-w- d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  245.  
  246. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  247. 2010-07-11 12:00 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
  248.  
  249. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
  250. 2007-08-16 07:03 1269000 ----a-w- d:\program files\Unibluee\SpyEraser\SpyEraser.exe
  251.  
  252. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
  253. 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
  254.  
  255. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  256. "AntiVirusOverride"=dword:00000001
  257. "FirewallOverride"=dword:00000001
  258.  
  259. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  260. "EnableFirewall"= 0 (0x0)
  261.  
  262. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  263. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  264. "%windir%\\system32\\sessmgr.exe"=
  265. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  266. "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  267. "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  268. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  269. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  270. "c:\\Program Files\\DNA\\btdna.exe"=
  271. "d:\\Program Files\\BitTorrent\\bittorrent.exe"=
  272. "d:\\Nova mapa\\Moja mapa\\Igre\\Tom Clancy H.A.W.X\\HAWX.exe"=
  273. "d:\\Nova mapa\\Moja mapa\\Igre\\Tom Clancy H.A.W.X\\HAWX_dx10.exe"=
  274. "d:\\Nova mapa\\Moja mapa\\Igre\\PES 2009\\pes2009.exe"=
  275. "d:\\Nova mapa\\Moja mapa\\Igre\\PES 2009\\hnl2009.exe"=
  276. "updater.exe"= c:\windows\updater.exe
  277. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  278.  
  279. R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16.1.2010 5:30 13696]
  280. R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.7.2010 21:07 15424]
  281. R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
  282. R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
  283. R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1.1.2006 1:18 38144]
  284. R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30.6.2008 20:38 253952]
  285. R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
  286. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 1:27 135664]
  287. S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [27.5.2010 22:32 21648]
  288. S3 RTL8187B;Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1.1.2006 1:18 275968]
  289. S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
  290. S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.1.2006 2:18 691696]
  291. .
  292. Contents of the 'Scheduled Tasks' folder
  293.  
  294. 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  295. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 23:27]
  296.  
  297. 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  298. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 23:27]
  299.  
  300. 2010-08-08 c:\windows\Tasks\RegCure Program Check.job
  301. - d:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
  302.  
  303. 2010-07-11 c:\windows\Tasks\RegCure.job
  304. - d:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
  305.  
  306. 2010-07-24 c:\windows\Tasks\Uniblue SpyEraser.job
  307. - d:\program files\Unibluee\SpyEraser\SpyEraser.exe [2010-07-24 07:03]
  308.  
  309. 2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{45AACD1B-D57A-44EF-B942-D264B60DF36D}.job
  310. - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
  311. .
  312. .
  313. ------- Supplementary Scan -------
  314. .
  315. uStart Page =
  316. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  317. LSP: c:\windows\system32\imon.dll
  318. FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s18irdy2.default\
  319. FF - prefs.js: browser.startup.homepage - www.google.hr
  320. FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
  321. FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
  322. FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
  323. FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  324. FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
  325. FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
  326. FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
  327.  
  328. ---- FIREFOX POLICIES ----
  329. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  330. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
  331. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
  332. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
  333. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
  334. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
  335. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
  336. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
  337. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
  338. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  339. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
  340. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
  341. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
  342. c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
  343. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  344. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
  345. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
  346. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
  347. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
  348. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
  349. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  350. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  351. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  352. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
  353. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
  354. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
  355. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
  356. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
  357. .
  358.  
  359. **************************************************************************
  360.  
  361. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  362. Rootkit scan 2010-08-08 23:01
  363. Windows 5.1.2600 Service Pack 3 NTFS
  364.  
  365. scanning hidden processes ...
  366.  
  367. scanning hidden autostart entries ...
  368.  
  369. scanning hidden files ...
  370.  
  371. scan completed successfully
  372. hidden files: 0
  373.  
  374. **************************************************************************
  375. .
  376. --------------------- LOCKED REGISTRY KEYS ---------------------
  377.  
  378. [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
  379. @Denied: (2) (Administrator)
  380. "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  381. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,ac,90,07,85,64,ed,45,9a,be,db,\
  382. "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  383. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,ac,90,07,85,64,ed,45,9a,be,db,\
  384. .
  385. --------------------- DLLs Loaded Under Running Processes ---------------------
  386.  
  387. - - - - - - - > 'winlogon.exe'(720)
  388. d:\program files\SUPERAntiSpyware\SASWINLO.dll
  389. c:\windows\system32\WININET.dll
  390. c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
  391.  
  392. - - - - - - - > 'explorer.exe'(7460)
  393. c:\windows\system32\WININET.dll
  394. c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
  395. c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
  396. c:\windows\system32\msi.dll
  397. c:\windows\system32\ieframe.dll
  398. c:\windows\system32\webcheck.dll
  399. c:\windows\system32\WPDShServiceObj.dll
  400. c:\windows\system32\PortableDeviceTypes.dll
  401. c:\windows\system32\PortableDeviceApi.dll
  402. .
  403. ------------------------ Other Running Processes ------------------------
  404. .
  405. c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
  406. c:\program files\Java\jre6\bin\jqs.exe
  407. c:\program files\Eset\nod32krn.exe
  408. c:\windows\system32\nvsvc32.exe
  409. .
  410. **************************************************************************
  411. .
  412. Completion time: 2010-08-08 23:05:32 - machine was rebooted
  413. ComboFix-quarantined-files.txt 2010-08-08 21:05
  414.  
  415. Pre-Run: 1.436.442.624 bytes free
  416. Post-Run: 1.303.650.304 bytes free
  417.  
  418. - - End Of File - - 3C752FF6B8E5038BED0733CF452A5E86
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!