Advertisement
Guest User

Untitled

a guest
Mar 3rd, 2012
123
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.98 KB | None | 0 0
  1. ComboFix 12-03-02.01 - kahlina 3.03.2012. 15:55:26.1.2 - x86
  2. Microsoft Windows 7 Professional 6.1.7601.1.1250.385.1033.18.1023.249 [GMT 1:00]
  3. Running from: c:\users\kahlina\Desktop\ComboFix.exe
  4. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  5. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. .
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. c:\windows\system32\oobe\audit.exe
  13. c:\windows\system32\oobe\msoobe.exe
  14. c:\windows\system32\oobe\oobeldr.exe
  15. c:\windows\system32\oobe\Setup.exe
  16. c:\windows\system32\oobe\setupsqm.exe
  17. c:\windows\system32\oobe\windeploy.exe
  18. .
  19. .
  20. ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
  21. .
  22. .
  23. 2012-03-03 15:05 . 2012-03-03 15:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  24. 2012-03-03 15:05 . 2012-03-03 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
  25. 2012-03-03 15:00 . 2012-03-03 15:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E83F3C3-408C-4DB9-BB31-671E740603BF}\offreg.dll
  26. 2012-03-03 14:35 . 2012-03-03 14:35 -------- d-----w- C:\_OTL
  27. 2012-03-02 08:39 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E83F3C3-408C-4DB9-BB31-671E740603BF}\mpengine.dll
  28. 2012-02-23 12:11 . 2012-02-23 12:11 -------- d-----w- c:\users\kahlina\AppData\Roaming\SUPERAntiSpyware.com
  29. 2012-02-23 12:10 . 2012-02-23 12:12 -------- d-----w- c:\program files\SUPERAntiSpyware
  30. 2012-02-23 12:10 . 2012-02-23 12:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
  31. 2012-02-22 13:16 . 2012-02-22 13:16 -------- d-----w- c:\users\kahlina\AppData\Roaming\Avira
  32. 2012-02-22 13:15 . 2012-02-23 13:17 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
  33. 2012-02-22 13:15 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  34. 2012-02-22 13:15 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  35. 2012-02-22 13:14 . 2012-02-22 13:15 -------- d-----w- c:\programdata\Avira
  36. 2012-02-22 13:14 . 2012-02-22 13:14 -------- d-----w- c:\program files\Avira
  37. 2012-02-17 16:13 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
  38. 2012-02-15 16:22 . 2012-02-15 16:22 -------- d-sh--w- c:\windows\system32\%APPDATA%
  39. 2012-02-15 15:37 . 2012-02-17 14:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
  40. 2012-02-15 15:37 . 2012-02-17 14:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
  41. 2012-02-15 11:00 . 2010-09-21 01:41 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
  42. 2012-02-15 11:00 . 2010-09-21 01:41 404016 ----a-w- c:\windows\system32\vmnat.exe
  43. 2012-02-15 11:00 . 2010-09-21 01:40 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
  44. 2012-02-15 11:00 . 2010-09-21 01:41 760368 ----a-w- c:\windows\system32\vnetlib.dll
  45. 2012-02-15 11:00 . 2010-09-21 01:41 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
  46. 2012-02-15 10:59 . 2012-02-15 10:59 -------- d-----w- c:\program files\Common Files\VMware
  47. 2012-02-15 10:59 . 2012-02-15 10:59 -------- d-----w- c:\program files\VMware
  48. 2012-02-15 10:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
  49. 2012-02-15 10:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
  50. 2012-02-15 10:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
  51. 2012-02-15 10:23 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
  52. 2012-02-14 22:29 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
  53. 2012-02-14 22:29 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
  54. 2012-02-14 22:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
  55. 2012-02-13 19:04 . 2012-02-13 19:04 -------- d-----w- c:\users\kahlina\AppData\Local\NeoSmart_Technologies
  56. 2012-02-13 18:54 . 2012-02-13 18:54 -------- d-----w- c:\program files\NeoSmart Technologies
  57. 2012-02-13 16:25 . 2012-02-15 13:51 -------- d-----w- c:\users\kahlina\AppData\Local\VMware
  58. 2012-02-13 16:25 . 2012-02-15 13:50 -------- d-----w- c:\users\kahlina\AppData\Roaming\VMware
  59. 2012-02-13 16:17 . 2012-03-03 14:37 -------- d-----w- c:\programdata\VMware
  60. .
  61. .
  62. .
  63. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  64. .
  65. 2012-02-01 22:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
  66. 2012-01-29 04:10 . 2011-12-23 12:16 237072 ------w- c:\windows\system32\MpSigStub.exe
  67. 2011-12-26 21:57 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
  68. 2011-12-23 12:57 . 2011-12-23 12:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  69. 2011-12-10 14:24 . 2012-01-30 14:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
  70. 2012-02-17 15:51 . 2011-12-23 12:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  71. .
  72. .
  73. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  74. .
  75. .
  76. *Note* empty entries & legit default entries are not shown
  77. REGEDIT4
  78. .
  79. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  80. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
  81. "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-24 399736]
  82. .
  83. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  84. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
  85. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
  86. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
  87. "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
  88. "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
  89. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
  90. .
  91. c:\users\kahlina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  92. OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
  93. .
  94. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  95. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  96. "ConsentPromptBehaviorUser"= 3 (0x3)
  97. "EnableUIADesktopToggle"= 0 (0x0)
  98. .
  99. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  100. "aux1"=wdmaud.drv
  101. .
  102. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  103. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  104. .
  105. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  106. @=""
  107. .
  108. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  109. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  110. R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2008-08-29 256512]
  111. R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
  112. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1343400]
  113. S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
  114. S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
  115. S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
  116. S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
  117. S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
  118. S2 Apache2.2;Apache2.2;d:\program files\xampplite\apache\bin\httpd.exe [2009-12-19 29416]
  119. S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
  120. S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-09-21 70704]
  121. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
  122. .
  123. .
  124. .
  125. ------- Supplementary Scan -------
  126. .
  127. uStart Page =
  128. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
  129. LSP: c:\program files\VMware\VMware Player\vsocklib.dll
  130. TCP: DhcpNameServer = 192.168.1.1
  131. FF - ProfilePath - c:\users\kahlina\AppData\Roaming\Mozilla\Firefox\Profiles\yymrku32.default\
  132. .
  133. - - - - ORPHANS REMOVED - - - -
  134. .
  135. URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
  136. WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  137. .
  138. .
  139. .
  140. --------------------- LOCKED REGISTRY KEYS ---------------------
  141. .
  142. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  143. @Denied: (Full) (Everyone)
  144. .
  145. Completion time: 2012-03-03 16:17:02
  146. ComboFix-quarantined-files.txt 2012-03-03 15:16
  147. .
  148. Pre-Run: 11.315.658.752 bytes free
  149. Post-Run: 11.929.825.280 bytes free
  150. .
  151. - - End Of File - - 6745A06790B185418F4064250B1FA4F6
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement