Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 12-03-02.01 - kahlina 3.03.2012. 15:55:26.1.2 - x86
- Microsoft Windows 7 Professional 6.1.7601.1.1250.385.1033.18.1023.249 [GMT 1:00]
- Running from: c:\users\kahlina\Desktop\ComboFix.exe
- AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
- SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\windows\system32\oobe\audit.exe
- c:\windows\system32\oobe\msoobe.exe
- c:\windows\system32\oobe\oobeldr.exe
- c:\windows\system32\oobe\Setup.exe
- c:\windows\system32\oobe\setupsqm.exe
- c:\windows\system32\oobe\windeploy.exe
- .
- .
- ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
- .
- .
- 2012-03-03 15:05 . 2012-03-03 15:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
- 2012-03-03 15:05 . 2012-03-03 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2012-03-03 15:00 . 2012-03-03 15:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E83F3C3-408C-4DB9-BB31-671E740603BF}\offreg.dll
- 2012-03-03 14:35 . 2012-03-03 14:35 -------- d-----w- C:\_OTL
- 2012-03-02 08:39 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E83F3C3-408C-4DB9-BB31-671E740603BF}\mpengine.dll
- 2012-02-23 12:11 . 2012-02-23 12:11 -------- d-----w- c:\users\kahlina\AppData\Roaming\SUPERAntiSpyware.com
- 2012-02-23 12:10 . 2012-02-23 12:12 -------- d-----w- c:\program files\SUPERAntiSpyware
- 2012-02-23 12:10 . 2012-02-23 12:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
- 2012-02-22 13:16 . 2012-02-22 13:16 -------- d-----w- c:\users\kahlina\AppData\Roaming\Avira
- 2012-02-22 13:15 . 2012-02-23 13:17 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
- 2012-02-22 13:15 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
- 2012-02-22 13:15 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
- 2012-02-22 13:14 . 2012-02-22 13:15 -------- d-----w- c:\programdata\Avira
- 2012-02-22 13:14 . 2012-02-22 13:14 -------- d-----w- c:\program files\Avira
- 2012-02-17 16:13 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
- 2012-02-15 16:22 . 2012-02-15 16:22 -------- d-sh--w- c:\windows\system32\%APPDATA%
- 2012-02-15 15:37 . 2012-02-17 14:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
- 2012-02-15 15:37 . 2012-02-17 14:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
- 2012-02-15 11:00 . 2010-09-21 01:41 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
- 2012-02-15 11:00 . 2010-09-21 01:41 404016 ----a-w- c:\windows\system32\vmnat.exe
- 2012-02-15 11:00 . 2010-09-21 01:40 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
- 2012-02-15 11:00 . 2010-09-21 01:41 760368 ----a-w- c:\windows\system32\vnetlib.dll
- 2012-02-15 11:00 . 2010-09-21 01:41 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
- 2012-02-15 10:59 . 2012-02-15 10:59 -------- d-----w- c:\program files\Common Files\VMware
- 2012-02-15 10:59 . 2012-02-15 10:59 -------- d-----w- c:\program files\VMware
- 2012-02-15 10:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
- 2012-02-15 10:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
- 2012-02-15 10:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
- 2012-02-15 10:23 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
- 2012-02-14 22:29 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
- 2012-02-14 22:29 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
- 2012-02-14 22:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
- 2012-02-13 19:04 . 2012-02-13 19:04 -------- d-----w- c:\users\kahlina\AppData\Local\NeoSmart_Technologies
- 2012-02-13 18:54 . 2012-02-13 18:54 -------- d-----w- c:\program files\NeoSmart Technologies
- 2012-02-13 16:25 . 2012-02-15 13:51 -------- d-----w- c:\users\kahlina\AppData\Local\VMware
- 2012-02-13 16:25 . 2012-02-15 13:50 -------- d-----w- c:\users\kahlina\AppData\Roaming\VMware
- 2012-02-13 16:17 . 2012-03-03 14:37 -------- d-----w- c:\programdata\VMware
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2012-02-01 22:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
- 2012-01-29 04:10 . 2011-12-23 12:16 237072 ------w- c:\windows\system32\MpSigStub.exe
- 2011-12-26 21:57 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
- 2011-12-23 12:57 . 2011-12-23 12:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
- 2011-12-10 14:24 . 2012-01-30 14:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2012-02-17 15:51 . 2011-12-23 12:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
- .
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
- "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-24 399736]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
- "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
- "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
- "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
- "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
- "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
- .
- c:\users\kahlina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 5 (0x5)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableUIADesktopToggle"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
- "aux1"=wdmaud.drv
- .
- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
- Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
- @=""
- .
- R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
- R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2008-08-29 256512]
- R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
- R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1343400]
- S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
- S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
- S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
- S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
- S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
- S2 Apache2.2;Apache2.2;d:\program files\xampplite\apache\bin\httpd.exe [2009-12-19 29416]
- S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
- S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-09-21 70704]
- S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
- .
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page =
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
- LSP: c:\program files\VMware\VMware Player\vsocklib.dll
- TCP: DhcpNameServer = 192.168.1.1
- FF - ProfilePath - c:\users\kahlina\AppData\Roaming\Mozilla\Firefox\Profiles\yymrku32.default\
- .
- - - - - ORPHANS REMOVED - - - -
- .
- URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
- WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
- .
- .
- .
- --------------------- LOCKED REGISTRY KEYS ---------------------
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- Completion time: 2012-03-03 16:17:02
- ComboFix-quarantined-files.txt 2012-03-03 15:16
- .
- Pre-Run: 11.315.658.752 bytes free
- Post-Run: 11.929.825.280 bytes free
- .
- - - End Of File - - 6745A06790B185418F4064250B1FA4F6
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement