Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 13-06-25.01 - Sekic 26.06.2013 10:03:55.8.2 - x86
- Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1023.211 [GMT 2:00]
- Running from: c:\documents and settings\Sekic\My Documents\Preuzimanja\ComboFix.exe
- AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
- AV: AVG Internet Security *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
- FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
- * Created a new restore point
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\documents and settings\All Users\Application Data\TEMP
- c:\documents and settings\Sekic\Application Data\dclogs
- c:\documents and settings\Sekic\Application Data\dclogs\2012-08-30-5.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-08-31-6.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-01-7.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-02-1.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-03-2.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-04-3.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-05-4.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-06-5.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-07-6.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-08-7.dc
- c:\documents and settings\Sekic\Application Data\dclogs\2012-09-09-1.dc
- .
- .
- ((((((((((((((((((((((((( Files Created from 2013-05-26 to 2013-06-26 )))))))))))))))))))))))))))))))
- .
- .
- 2013-06-26 07:53 . 2013-06-26 07:53 -------- d-----w- C:\_OTL
- 2013-06-09 09:31 . 2013-06-09 09:31 -------- d-----w- c:\program files\Cheat Engine 6.2
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2013-06-12 14:54 . 2012-10-11 11:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
- 2013-06-12 14:54 . 2011-07-30 20:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
- 2013-04-30 13:26 . 2013-04-30 13:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
- 2013-04-30 13:26 . 2012-09-02 08:16 144896 ----a-w- c:\windows\system32\javacpl.cpl
- 2013-04-30 13:26 . 2012-09-02 08:16 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
- 2013-04-30 13:26 . 2010-08-30 10:38 788896 ----a-w- c:\windows\system32\deployJava1.dll
- .
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
- @="{472083B0-C522-11CF-8763-00608CC02F24}"
- [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
- 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
- "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
- "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
- .
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
- "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
- .
- c:\documents and settings\Sekic\Start Menu\Programs\Startup\
- RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
- @="Driver"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
- @=""
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
- @="Service"
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
- 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
- 2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
- 2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
- 2003-03-20 06:21 1855488 ----a-r- c:\windows\mixer.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
- 2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
- 2012-07-11 19:49 116648 ----atw- c:\documents and settings\Sekic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
- 2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService]
- 2013-02-27 14:13 125952 ----a-w- c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
- 2011-06-16 14:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
- 2011-01-07 13:54 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
- 2013-01-23 14:02 802304 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
- 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
- 2013-05-08 16:27 18680424 ----a-r- c:\program files\Skype\Phone\Skype.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
- 2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
- .
- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
- "ctfmon.exe"=c:\windows\system32\ctfmon.exe
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\security center]
- "AntiVirusOverride"=dword:00000001
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- "%windir%\\system32\\sessmgr.exe"=
- "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
- "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
- "c:\\Program Files\\Opera\\opera.exe"=
- "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
- "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
- "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
- "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
- "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
- "c:\\Program Files\\Messenger\\msmsgs.exe"=
- "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
- "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
- "c:\\Program Files\\uTorrent\\uTorrent.exe"=
- "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
- "c:\\Program Files\\SopCast\\SopCast.exe"=
- "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
- "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
- "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
- "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2013\\pes2013.exe"=
- "c:\\Program Files\\Sony Mobile\\Update Service\\Update Service.exe"=
- "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
- "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "5353:TCP"= 5353:TCP:Adobe CSI CS4
- "5432:TCP"= 5432:TCP:postgres
- .
- R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [8.1.2010 17:44 24971]
- R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.7.2012 16:57 643072]
- R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.3.2011 22:01 612184]
- R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.3.2011 22:01 337880]
- R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.3.2011 22:01 20696]
- R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [9.3.2011 15:57 247760]
- R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [31.3.2013 13:14 125952]
- R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
- S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
- S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
- S2 gupdate1cad63defad3cdc;Usluga Google ažuriranje (gupdate1cad63defad3cdc);c:\program files\Google\Update\GoogleUpdate.exe [7.4.2010 12:34 133104]
- S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 19:25 161384]
- S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.1.2012 22:25 13224]
- S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
- S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
- S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
- S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.1.2012 22:19 155320]
- S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
- .
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
- UxTuneUp
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
- 2013-06-20 13:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
- .
- Contents of the 'Scheduled Tasks' folder
- .
- 2013-06-26 c:\windows\Tasks\1-Click Maintenance.job
- - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
- .
- 2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 14:54]
- .
- 2013-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
- .
- 2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 10:34]
- .
- 2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 10:34]
- .
- 2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1417001333-1003Core.job
- - c:\documents and settings\Sekic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-31 19:49]
- .
- 2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1417001333-1003UA.job
- - c:\documents and settings\Sekic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-31 19:49]
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = hxxp://www.google.com
- mStart Page =
- uSearchAssistant = hxxp://www.google.com/ie
- uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
- IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
- IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
- IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
- TCP: DhcpNameServer = 192.168.1.1
- Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
- FF - ProfilePath - c:\documents and settings\Sekic\Application Data\Mozilla\Firefox\Profiles\le4ma9l8.default\
- FF - prefs.js: browser.startup.homepage - hxxp://www.net.hr/
- FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
- .
- .
- **************************************************************************
- .
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2013-06-26 10:14
- Windows 5.1.2600 Service Pack 3 NTFS
- .
- scanning hidden processes ...
- .
- scanning hidden autostart entries ...
- .
- scanning hidden files ...
- .
- .
- C:\avast! sandbox
- .
- scan completed successfully
- hidden files: 1
- .
- **************************************************************************
- .
- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
- "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
- .
- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
- "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
- .
- --------------------- LOCKED REGISTRY KEYS ---------------------
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="FlashBroker"
- "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
- "Enabled"=dword:00000001
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
- @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="IFlashBroker5"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
- @="{00020424-0000-0000-C000-000000000046}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- "Version"="1.0"
- .
- [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
- "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
- bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
- "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
- bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
- .
- Completion time: 2013-06-26 10:17:43
- ComboFix-quarantined-files.txt 2013-06-26 08:17
- .
- Pre-Run: 4.959.256.576 bytes free
- Post-Run: 4.934.389.760 bytes free
- .
- - - End Of File - - E948D97513A6B6D3DDAB87E51D3AE8B8
- 8F558EB6672622401DA993E1E865C861
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement