API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 20th, 2010
519
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.55 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-03-20.01 - zero 03/20/2010 23:00:32.1.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.372 [GMT 1:00]
  3. Running from: c:\documents and settings\zero\Desktop\ComboFix.exe
  4. .
  5.  
  6. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  7. .
  8.  
  9. c:\documents and settings\zero\csrss.exe
  10. D:\install.exe
  11.  
  12. .
  13. ((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
  14. .
  15.  
  16. 2010-03-20 20:53 . 2010-03-20 20:53 -------- d-----w- c:\documents and settings\zero\DoctorWeb
  17. 2010-03-20 18:33 . 2010-03-20 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
  18. 2010-03-20 18:19 . 2010-03-20 18:19 48 ----a-w- c:\documents and settings\zero\Application Data\svighost.dll
  19. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\UC.PIF
  20. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\RAR.PIF
  21. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKZIP.PIF
  22. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
  23. 2010-03-16 16:00 . 2010-03-16 16:01 -------- d-----w- C:\totalcmd
  24. 2010-03-16 16:00 . 2010-03-16 16:00 -------- d-----w- c:\documents and settings\zero\Application Data\GHISLER
  25. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
  26. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\LHA.PIF
  27. 2010-03-16 16:00 . 2009-09-24 06:50 545 ----a-w- c:\windows\ARJ.PIF
  28. 2010-03-15 22:56 . 2010-03-15 22:57 -------- d-----w- c:\program files\Recovery Toolbox for RAR
  29. 2010-03-15 09:53 . 2010-03-15 10:00 20833776 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
  30. 2010-03-15 09:53 . 2010-03-15 09:53 8405312 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
  31. 2010-03-15 09:52 . 2010-03-15 09:52 149000 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
  32. 2010-03-15 09:52 . 2010-03-15 09:52 10309448 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
  33. 2010-03-15 09:50 . 2010-03-15 09:50 79368 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\vista.exe
  34. 2010-03-15 09:50 . 2010-03-15 09:50 64000 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
  35. 2010-03-15 09:50 . 2010-03-15 09:50 52288 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
  36. 2010-03-15 09:50 . 2010-03-15 09:50 50688 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
  37. 2010-03-15 09:50 . 2010-03-15 09:50 49152 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
  38. 2010-03-15 09:50 . 2010-03-15 09:50 118784 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
  39. 2010-03-14 22:23 . 2010-03-14 22:23 439816 ----a-w- c:\documents and settings\zero\Application Data\Real\Update\setup3.10\setup.exe
  40. 2010-03-04 00:44 . 2010-03-04 00:44 -------- d-----w- c:\windows\G2Runner
  41. 2010-03-04 00:38 . 2010-03-04 00:38 -------- d-----w- c:\program files\Eidos Interactive
  42. 2010-02-27 15:49 . 2009-11-24 16:39 1093064 ----a-w- c:\documents and settings\zero\Application Data\Mozilla\Firefox\Profiles\i7wyvsa7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
  43.  
  44. .
  45. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  46. .
  47. 2010-03-20 21:57 . 2009-06-02 17:21 -------- d-----w- c:\documents and settings\zero\Application Data\DNA
  48. 2010-03-20 20:20 . 2009-06-02 17:21 -------- d-----w- c:\program files\DNA
  49. 2010-03-20 18:25 . 2009-06-02 17:21 -------- d-----w- c:\documents and settings\zero\Application Data\BitTorrent
  50. 2010-03-04 00:51 . 2009-06-02 22:25 -------- d-----w- c:\program files\GameSpy Arcade
  51. 2010-03-04 00:38 . 2009-06-02 22:25 -------- d--h--w- c:\program files\InstallShield Installation Information
  52. 2010-02-07 23:21 . 2009-11-07 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
  53. 2010-02-03 02:00 . 2009-10-27 02:19 -------- d-----w- c:\documents and settings\zero\Application Data\mIRC
  54. 2010-02-01 23:14 . 2010-02-01 23:14 -------- d-----w- c:\program files\Webteh
  55. 2010-02-01 11:54 . 2009-06-07 05:11 12202 ----a-w- c:\documents and settings\zero\Application Data\Thinstall\BlazeDVD 5.0 Professional\%ProgramFilesDir%\BlazeVideo\BlazeDVD 5 Professional\BlazeDVD.dll
  56. 2010-01-27 18:10 . 2010-01-27 18:09 -------- d-----w- c:\program files\Common Files\Real
  57. 2010-01-27 18:10 . 2010-01-27 18:10 -------- d-----w- c:\program files\Common Files\xing shared
  58. 2010-01-27 18:09 . 2009-06-02 16:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
  59. 2010-01-27 18:09 . 2009-06-02 16:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
  60. 2010-01-27 18:09 . 2010-01-27 18:09 -------- d-----w- c:\program files\Real
  61. 2010-01-26 08:07 . 2009-06-01 22:08 22144 ----a-w- c:\documents and settings\zero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  62. 2010-01-19 23:47 . 2009-06-02 16:30 -------- d-----w- c:\program files\Common Files\InstallShield
  63. .
  64.  
  65. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  66. .
  67. .
  68. *Note* empty entries & legit default entries are not shown
  69. REGEDIT4
  70.  
  71. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  72. "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
  73. "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
  74.  
  75. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  76. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
  77. "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-05 148888]
  78. "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
  79. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-27 198160]
  80.  
  81. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  82. "ShowDeskFix"="shell32" [X]
  83.  
  84. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  85. "AntiVirusOverride"=dword:00000001
  86.  
  87. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  88. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  89. "%windir%\\system32\\sessmgr.exe"=
  90. "c:\\Program Files\\DNA\\btdna.exe"=
  91. "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
  92. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  93. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  94. "d:\\Program Files\\mIRC\\mirc.exe"=
  95. "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
  96. "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
  97. "c:\\Program Files\\Eidos Interactive\\Hothouse Creations\\Gangsters 2\\Gangsters2.exe"=
  98.  
  99. R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 8:13 AM 34064]
  100. S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/2/2009 6:33 PM 691696]
  101. .
  102. .
  103. ------- Supplementary Scan -------
  104. .
  105. uStart Page = hxxp://www.google.com/
  106. IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
  107. DPF: {028C3B99-F9B0-4188-8C2C-D71CA84824D5} - hxxp://media.inecco.net/program/SonySncCs1011View.cab
  108. DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
  109. FF - ProfilePath - c:\documents and settings\zero\Application Data\Mozilla\Firefox\Profiles\i7wyvsa7.default\
  110. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
  111. FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
  112. FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
  113. FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
  114. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
  115. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
  116. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
  117. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
  118. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
  119. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
  120. FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
  121. .
  122. - - - - ORPHANS REMOVED - - - -
  123.  
  124. HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe
  125. ShellExecuteHooks-{68101905-D80F-4788-96F6-98618116178A} - c:\windows\system32\flashadgmn32.dll
  126. AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE
  127.  
  128.  
  129.  
  130. **************************************************************************
  131.  
  132. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  133. Rootkit scan 2010-03-20 23:04
  134. Windows 5.1.2600 Service Pack 2 NTFS
  135.  
  136. scanning hidden processes ...
  137.  
  138. scanning hidden autostart entries ...
  139.  
  140. scanning hidden files ...
  141.  
  142. scan completed successfully
  143. hidden files: 0
  144.  
  145. **************************************************************************
  146. .
  147. Completion time: 2010-03-20 23:05:49
  148. ComboFix-quarantined-files.txt 2010-03-20 22:05
  149.  
  150. Pre-Run: 1,405,808,640 bytes free
  151. Post-Run: 1,494,953,984 bytes free
  152.  
  153. WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  154. [boot loader]
  155. timeout=2
  156. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  157. [operating systems]
  158. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  159. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
  160.  
  161. - - End Of File - - 97BD99A400B27D855A3B463F576B2743
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!