API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 12th, 2010
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.25 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-08-12.02 - Administrator 12.08.2010 22:01:42.1.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.107 [GMT 2:00]
  3. Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
  4. AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
  5. .
  6.  
  7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  9.  
  10. c:\documents and settings\Administrator\Application Data\020000007828957f982C.manifest
  11. c:\documents and settings\Administrator\Application Data\020000007828957f982O.manifest
  12. c:\documents and settings\Administrator\Application Data\020000007828957f982P.manifest
  13. c:\documents and settings\Administrator\Application Data\020000007828957f982S.manifest
  14. c:\documents and settings\Administrator\Application Data\GabPath
  15. c:\documents and settings\Administrator\Application Data\GabPath\config.cfg
  16. c:\documents and settings\Administrator\Application Data\GabPath\gabpath.exe
  17. c:\documents and settings\Administrator\Application Data\GabPath\GPUninstall.exe
  18. c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\extensions\{c0692f31-7181-4d31-a893-c594aaa55b44}
  19. c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\extensions\{c0692f31-7181-4d31-a893-c594aaa55b44}\chrome.manifest
  20. c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\extensions\{c0692f31-7181-4d31-a893-c594aaa55b44}\chrome\xulcache.jar
  21. c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\extensions\{c0692f31-7181-4d31-a893-c594aaa55b44}\defaults\preferences\xulcache.js
  22. c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\extensions\{c0692f31-7181-4d31-a893-c594aaa55b44}\install.rdf
  23. c:\documents and settings\Administrator\Application Data\SystemProc
  24. c:\documents and settings\Administrator\Application Data\SystemProc\lsass.exe
  25. c:\documents and settings\Administrator\Application Data\SystemProc\upd.exe
  26. c:\windows\GnuHashes.ini
  27. c:\windows\system32\1381209302
  28. c:\windows\system32\5078.dll
  29. c:\windows\system32\CABVIEW32.DLL
  30. c:\windows\system32\devmgr32.dll
  31. c:\windows\system32\SysWoW32
  32. c:\windows\system32\SysWoW32\mu976988651v4
  33. c:\windows\system32\SysWoW32\mu976988651v4.kwd
  34. c:\windows\system32\SysWoW32\mu976988651v5
  35. c:\windows\system32\SysWoW32\mu976988651v5.kwd
  36. c:\windows\system32\SysWoW32\mu976988651v6
  37. c:\windows\system32\SysWoW32\mu976988651v6.kwd
  38. c:\windows\system32\SysWoW32\mu976988651v7
  39. c:\windows\system32\SysWoW32\mu976988651v7.kwd
  40. c:\windows\system32\SysWoW32\wu976988651v0
  41. c:\windows\system32\SysWoW32\wu976988651v0.kwd
  42. c:\windows\system32\SysWoW32\wu976988651v1
  43. c:\windows\system32\SysWoW32\wu976988651v1.kwd
  44. c:\windows\system32\SysWoW32\wu976988651v2
  45. c:\windows\system32\SysWoW32\wu976988651v2.kwd
  46. c:\windows\system32\SysWoW32\wu976988651v3
  47. c:\windows\system32\SysWoW32\wu976988651v3.kwd
  48. c:\windows\system32\unrar.exe
  49.  
  50. .
  51. ((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
  52. .
  53.  
  54. 2010-08-12 09:02 . 2010-08-12 09:02 325632 ----a-w- c:\windows\system32\cscdll32.dll
  55. 2010-08-12 09:01 . 2010-08-12 09:01 318976 ----a-w- c:\windows\system32\bootvid32.dll
  56. 2010-08-12 09:00 . 2010-08-12 09:00 220672 ----a-w- c:\windows\system32\deployJava132.dll
  57. 2010-08-11 14:09 . 2010-08-11 14:09 -------- d-----w- c:\windows\Sun
  58. 2010-08-08 11:50 . 2010-08-08 11:50 50608 ---ha-w- c:\windows\system32\mlfcache.dat
  59. 2010-08-08 11:28 . 2010-08-09 08:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
  60. 2010-08-08 11:28 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
  61. 2010-08-08 11:28 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
  62. 2010-08-08 11:26 . 2010-08-08 11:26 -------- d-----w- c:\program files\iPod
  63. 2010-08-08 11:26 . 2010-08-09 12:38 -------- d-----w- c:\program files\iTunes
  64. 2010-08-08 11:26 . 2010-08-08 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
  65. 2010-08-08 11:23 . 2010-08-08 11:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
  66. 2010-08-08 11:23 . 2010-08-08 11:23 -------- d-----w- c:\program files\Apple Software Update
  67. 2010-08-08 11:22 . 2010-08-08 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
  68. 2010-08-08 11:22 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
  69. 2010-08-08 11:22 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
  70. 2010-08-08 11:22 . 2010-08-08 11:22 -------- d-----w- c:\program files\Bonjour
  71. 2010-08-08 11:21 . 2010-08-08 11:26 -------- d-----w- c:\program files\Common Files\Apple
  72. 2010-08-08 11:21 . 2010-08-08 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
  73. 2010-08-08 11:10 . 2010-08-08 11:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
  74. 2010-08-08 09:45 . 2010-08-06 15:01 57608 ----a-w- c:\documents and settings\All Users\Application Data\ResultDns\resultdns111.exe
  75. 2010-08-08 09:43 . 2010-08-08 10:34 -------- d-----w- c:\program files\ResultDns
  76. 2010-08-08 09:43 . 2010-08-08 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ResultDns
  77. 2010-08-08 09:43 . 2010-08-08 09:43 532480 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Windows\jnipmo.exe
  78. 2010-08-07 12:28 . 2010-08-12 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
  79. 2010-08-07 12:28 . 2010-08-07 12:28 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1bbc36a6-n\msvcp71.dll
  80. 2010-08-07 12:28 . 2010-08-07 12:28 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1bbc36a6-n\jmc.dll
  81. 2010-08-07 12:28 . 2010-08-07 12:28 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1bbc36a6-n\msvcr71.dll
  82. 2010-08-07 12:28 . 2010-08-07 12:28 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3915499f-n\decora-sse.dll
  83. 2010-08-07 12:28 . 2010-08-07 12:28 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3915499f-n\decora-d3d.dll
  84. 2010-08-07 12:28 . 2010-08-07 12:28 -------- d-----w- c:\program files\Common Files\Java
  85. 2010-08-07 12:27 . 2010-08-07 12:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
  86. 2010-08-07 12:27 . 2010-08-07 12:27 -------- d-----w- c:\program files\Java
  87. 2010-08-07 12:24 . 2010-08-07 12:25 -------- d-----w- c:\program files\LimeWire
  88. 2010-07-24 07:29 . 2010-07-24 07:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
  89. 2010-07-22 20:28 . 2008-04-14 04:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
  90. 2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
  91. 2010-07-21 09:25 . 2010-07-21 09:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
  92. 2010-07-21 06:03 . 2010-07-21 06:03 -------- d-----w- c:\program files\Common Files\SWF Studio
  93. 2010-07-14 13:32 . 2010-08-04 13:38 -------- d-----w- C:\output
  94. 2010-07-14 08:42 . 2010-07-14 08:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
  95.  
  96. .
  97. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  98. .
  99. 2010-08-12 12:24 . 2010-08-12 12:24 0 ---ha-w- c:\documents and settings\Administrator\xfnaurfhbq.tmp
  100. 2010-08-12 09:00 . 2010-08-12 09:00 1154048 --sha-w- c:\windows\system32\6A.tmp
  101. 2010-08-08 11:26 . 2010-06-28 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
  102. 2010-08-08 11:25 . 2010-06-28 16:55 -------- d-----w- c:\program files\QuickTime Alternative
  103. 2010-07-21 05:25 . 2010-06-28 05:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
  104. 2010-07-06 11:08 . 2010-07-06 08:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape
  105. 2010-07-06 08:10 . 2010-07-06 08:09 -------- d-----w- c:\program files\Google
  106. 2010-07-06 08:09 . 2010-07-06 08:09 -------- d-----w- c:\program files\PhotoScape
  107. 2010-07-05 12:01 . 2010-07-05 12:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\FastStone
  108. 2010-06-29 14:32 . 2010-06-28 16:41 64368 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  109. 2010-06-28 20:42 . 2010-06-28 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
  110. 2010-06-28 18:27 . 2010-06-28 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  111. 2010-06-28 18:13 . 2010-06-28 17:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
  112. 2010-06-28 17:53 . 2010-06-28 17:53 -------- d-----w- c:\program files\Common Files\Nero
  113. 2010-06-28 17:53 . 2010-06-28 17:53 -------- d-----w- c:\program files\Nero
  114. 2010-06-28 17:39 . 2010-06-28 17:39 -------- d-----w- c:\program files\Common Files\L&H
  115. 2010-06-28 17:39 . 2010-06-28 17:39 -------- d-----w- c:\program files\Microsoft ActiveSync
  116. 2010-06-28 17:38 . 2010-06-28 17:38 -------- d-----w- c:\program files\Microsoft Works
  117. 2010-06-28 17:28 . 2010-06-28 17:28 -------- d-----w- c:\program files\Microsoft.NET
  118. 2010-06-28 17:22 . 2010-06-28 17:22 -------- d-----w- c:\program files\MSBuild
  119. 2010-06-28 17:03 . 2010-06-28 17:03 -------- d-----w- c:\program files\Micronet Wireless Network Utility
  120. 2010-06-28 17:03 . 2010-06-28 17:03 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
  121. 2010-06-28 17:03 . 2010-06-28 17:01 -------- d--h--w- c:\program files\InstallShield Installation Information
  122. 2010-06-28 17:01 . 2010-06-28 17:01 -------- d-----w- c:\program files\C-Media 3D Audio
  123. 2010-06-28 17:01 . 2010-06-28 17:01 -------- d-----w- c:\program files\Common Files\InstallShield
  124. 2010-06-28 17:01 . 2010-06-28 17:00 -------- d-----w- c:\program files\Winamp
  125. 2010-06-28 17:00 . 2010-06-28 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
  126. 2010-06-28 16:56 . 2010-06-28 16:56 -------- d-----w- c:\program files\Real Alternative
  127. 2010-06-28 16:46 . 2010-06-28 16:46 -------- d-----w- c:\program files\Paint.NET
  128. 2010-06-28 16:44 . 2010-06-28 16:44 -------- d-----w- c:\program files\Reference Assemblies
  129. 2010-06-28 16:41 . 2010-06-28 16:41 -------- d-----w- c:\program files\K-Lite Codec Pack
  130. 2010-06-28 16:40 . 2010-06-28 16:40 -------- d-----w- c:\program files\GRETECH
  131. 2010-06-28 16:39 . 2010-06-28 16:39 -------- d-----w- c:\program files\FastStone Image Viewer
  132. 2010-06-28 16:37 . 2010-06-28 16:37 0 ----a-w- c:\windows\nsreg.dat
  133. 2010-06-28 16:27 . 2010-06-28 16:27 -------- d-----w- c:\program files\Avira
  134. 2010-06-28 16:27 . 2010-06-28 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
  135. 2010-06-28 16:25 . 2010-06-28 16:25 -------- d-----w- c:\program files\CCleaner
  136. 2010-06-28 16:24 . 2010-06-28 16:24 -------- d-----w- c:\program files\7-Zip
  137. 2010-06-28 16:24 . 2010-06-28 16:24 -------- d-----w- c:\program files\Common Files\Adobe
  138. 2010-06-28 05:54 . 2010-06-28 05:54 -------- d-----w- c:\program files\microsoft frontpage
  139. 2010-06-28 05:45 . 2010-06-28 05:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
  140. 2010-06-28 05:44 . 2010-06-28 05:44 -------- d-----w- c:\program files\Windows Media Connect 2
  141. 2010-06-27 21:37 . 2010-06-27 21:37 -------- d-----w- c:\program files\MSXML 4.0
  142. 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
  143. 2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
  144. 2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
  145. 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
  146. 2010-08-08 09:44 . 2010-08-08 09:44 211456 ----a-w- c:\program files\mozilla firefox\components\gpff.dll
  147. .
  148.  
  149. ------- Sigcheck -------
  150.  
  151. [-] 2010-03-15 . A02BF7E8C036A2A8587F70A038922449 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
  152.  
  153. [-] 2010-03-15 . 305D4CF34FA3DCDB58525E90A9A793B9 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
  154. .
  155. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  156. .
  157. .
  158. *Note* empty entries & legit default entries are not shown
  159. REGEDIT4
  160.  
  161. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{186C1E3D-CEFA-49DE-B3CF-67921309A9B3}]
  162. 2010-08-12 09:02 325632 ----a-w- c:\windows\system32\cscdll32.dll
  163.  
  164. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83435B8D-1309-02CE-6B94-960D62A0E21C}]
  165. 2010-08-12 09:00 220672 ----a-w- c:\windows\system32\deployJava132.dll
  166.  
  167. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  168. "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-06 135664]
  169. "SfKg6wIPuSp"="c:\documents and settings\Administrator\Application Data\Microsoft\Windows\jnipmo.exe" [2010-08-08 532480]
  170.  
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  172. "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]
  173. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
  174. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
  175. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
  176. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
  177. "nwiz"="nwiz.exe" [2006-10-22 1622016]
  178. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
  179. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  180. "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]
  181. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
  182.  
  183. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  184. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  185.  
  186. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  187. "_nltide_3"="advpack.dll" [2009-09-13 128512]
  188.  
  189. c:\documents and settings\Administrator\Start Menu\Programs\Startup\
  190. LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
  191.  
  192. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  193. Micronet Wireless Network Utility.lnk - c:\program files\Micronet Wireless Network Utility\RtWlan.exe [2010-6-28 675840]
  194.  
  195. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  196. "NoSMHelp"= 1 (0x1)
  197.  
  198. [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
  199. "ForceClassicControlPanel"= 1 (0x1)
  200. "NoSMHelp"= 1 (0x1)
  201.  
  202. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e061f3b1982]
  203. 2010-08-12 09:00 220672 ----a-w- c:\windows\system32\deployJava132.dll
  204.  
  205. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  206. "AppInit_DLLs"=c:\windows\system32\deployJava132.dll
  207.  
  208. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  209. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  210. "%windir%\\system32\\sessmgr.exe"=
  211. "c:\\Program Files\\LimeWire\\LimeWire.exe"=
  212. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  213. "c:\\Program Files\\iTunes\\iTunes.exe"=
  214.  
  215. R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.6.2010 18:27 135336]
  216. R2 ResultDns Service;ResultDns Service;c:\documents and settings\All Users\Application Data\ResultDns\resultdns111.exe [8.8.2010 11:45 57608]
  217. R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [28.6.2010 19:03 13532]
  218. S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.7.2010 10:09 135664]
  219. .
  220. Contents of the 'Scheduled Tasks' folder
  221.  
  222. 2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  223. - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 08:09]
  224.  
  225. 2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  226. - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 08:09]
  227.  
  228. 2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1645522239-1606980848-500Core.job
  229. - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 08:09]
  230.  
  231. 2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1645522239-1606980848-500UA.job
  232. - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 08:09]
  233.  
  234. 2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{66554CD7-19E0-4662-9264-10C674AE06C3}.job
  235. - c:\windows\system32\msfeedssync.exe [2008-04-14 16:47]
  236. .
  237. .
  238. ------- Supplementary Scan -------
  239. .
  240. uStart Page = hxxp://home.tangotoolbar.com/
  241. mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
  242. uInternet Connection Wizard,ShellNext = iexplore
  243. uInternet Settings,ProxyOverride = *.local
  244. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  245. FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8z7mqzyu.default\
  246. FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
  247. FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
  248. FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
  249. FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  250.  
  251. ---- FIREFOX POLICIES ----
  252. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  253. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
  254. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
  255. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
  256. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
  257. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
  258. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
  259. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
  260. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
  261. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  262. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
  263. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
  264. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
  265. c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
  266. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  267. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
  268. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
  269. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
  270. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
  271. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
  272. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  273. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  274. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  275. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
  276. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
  277. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
  278. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
  279. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
  280. .
  281. - - - - ORPHANS REMOVED - - - -
  282.  
  283. Toolbar-{C320CC1E-D77A-4C06-A20E-D3D3DCA6D1D9} - c:\windows\system32\5078.dll
  284. WebBrowser-{C320CC1E-D77A-4C06-A20E-D3D3DCA6D1D9} - c:\windows\system32\5078.dll
  285. HKCU-Run-GabPath - c:\documents and settings\Administrator\Application Data\GabPath\gabpath.exe
  286. HKLM-Run-Cmaudio - cmicnfg.cpl
  287. HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Administrator\Application Data\SystemProc\lsass.exe
  288. AddRemove-GabPath - c:\documents and settings\Administrator\Application Data\GabPath\GPUninstall.exe
  289.  
  290.  
  291.  
  292. **************************************************************************
  293.  
  294. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  295. Rootkit scan 2010-08-12 22:09
  296. Windows 5.1.2600 Service Pack 3 NTFS
  297.  
  298. scanning hidden processes ...
  299.  
  300. scanning hidden autostart entries ...
  301.  
  302. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  303. RTHDBPL = c:\documents and settings\Administrator\Application Data\SystemProc\lsass.exe???????????????????????????????????????????????????
  304.  
  305. scanning hidden files ...
  306.  
  307. scan completed successfully
  308. hidden files: 0
  309.  
  310. **************************************************************************
  311. .
  312. --------------------- LOCKED REGISTRY KEYS ---------------------
  313.  
  314. [HKEY_USERS\S-1-5-21-861567501-1645522239-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
  315. @Denied: (2) (Administrator)
  316. "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  317. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,56,c9,21,54,4a,aa,40,b4,27,c2,\
  318. "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  319. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,56,c9,21,54,4a,aa,40,b4,27,c2,\
  320. .
  321. --------------------- DLLs Loaded Under Running Processes ---------------------
  322.  
  323. - - - - - - - > 'winlogon.exe'(864)
  324. c:\windows\system32\deployJava132.dll
  325.  
  326. - - - - - - - > 'lsass.exe'(928)
  327. c:\windows\system32\deployJava132.dll
  328. .
  329. Completion time: 2010-08-12 22:13:13
  330. ComboFix-quarantined-files.txt 2010-08-12 20:13
  331.  
  332. Pre-Run: 52.225.269.760 bytes free
  333. Post-Run: 52.563.734.528 bytes free
  334.  
  335. WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  336. [boot loader]
  337. timeout=2
  338. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  339. [operating systems]
  340. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  341. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
  342.  
  343. - - End Of File - - B34FD35724547C18B940CB4042315498
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!