API tools faq
paste
Guest User

Untitled

a guest
Aug 30th, 2012
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.74 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-08-29.03 - SEMPRON 3000 30.08.2012 12:14:25.2.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.168 [GMT 2:00]
  3. Running from: c:\documents and settings\SEMPRON 3000\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\SEMPRON 3000\Desktop\CFScript.txt
  5. AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  6. .
  7. FILE ::
  8. "c:\windows\ESETUninstaller(2).exe"
  9. "c:\windows\system32\DRIVERS\ehdrv.sys"
  10. "c:\windows\system32\DRIVERS\epfwtdir.sys"
  11. .
  12. .
  13. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  15. .
  16. .
  17. --------------- FCopy ---------------
  18. .
  19. c:\windows\system32\dllcache\explorer.exe --> c:\windows\explorer.exe
  20. c:\windows\system32\dllcache\regedit.exe --> c:\windows\regedit.exe
  21. .
  22. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  23. .
  24. .
  25. -------\Legacy_EHDRV
  26. -------\Legacy_EKRN
  27. -------\Legacy_EPFWTDIR
  28. -------\Service_ehdrv
  29. -------\Service_ekrn
  30. -------\Service_epfwtdir
  31. -------\Service_EsetUninstaller
  32. -------\Service_EhttpSrv
  33. .
  34. .
  35. ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
  36. .
  37. .
  38. 2012-08-28 23:07 . 2012-08-28 23:07 -------- d-----w- c:\documents and settings\SEMPRON 3000\Application Data\SUPERAntiSpyware.com
  39. 2012-08-28 23:06 . 2012-08-28 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
  40. 2012-08-28 23:06 . 2012-08-28 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  41. 2012-08-28 19:15 . 2012-08-28 19:15 -------- d-----w- c:\documents and settings\SEMPRON 3000\Application Data\Malwarebytes
  42. 2012-08-28 19:15 . 2012-08-28 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
  43. 2012-08-28 19:15 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
  44. 2012-08-28 19:15 . 2012-08-28 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  45. 2012-08-28 18:50 . 2012-08-28 18:50 -------- d-----w- c:\program files\CCleaner
  46. 2012-08-21 15:56 . 2012-08-21 15:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
  47. 2012-08-08 21:19 . 2012-08-08 21:20 -------- d-----w- c:\windows\VMUVC
  48. 2012-08-08 21:19 . 2011-03-16 12:44 252928 ----a-w- c:\windows\system32\drivers\VMUVC.sys
  49. 2012-08-08 21:19 . 2009-04-29 14:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
  50. 2012-08-08 21:19 . 2008-09-02 15:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
  51. 2012-08-08 21:19 . 2008-07-01 09:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
  52. 2012-08-08 21:19 . 2007-04-12 20:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
  53. 2012-08-08 21:19 . 2011-05-27 07:55 399360 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
  54. 2012-08-08 21:19 . 2008-09-18 14:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
  55. 2012-08-08 21:19 . 2008-02-29 08:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
  56. 2012-08-08 21:19 . 2007-01-24 10:26 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
  57. 2012-08-08 21:19 . 2012-08-08 21:19 -------- d-----w- c:\program files\Vimicro Corporation
  58. 2012-08-08 13:37 . 2008-04-14 02:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
  59. 2012-08-08 13:26 . 2008-04-14 07:42 20992 ----a-w- c:\windows\system32\dshowext.ax
  60. 2012-08-08 13:26 . 2008-04-14 02:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
  61. 2012-08-08 13:26 . 2008-04-14 02:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
  62. .
  63. .
  64. .
  65. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  66. .
  67. 2012-07-06 13:58 . 2008-04-14 08:00 78336 ----a-w- c:\windows\system32\browser.dll
  68. 2012-07-04 14:05 . 2010-09-27 20:42 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
  69. 2012-07-03 13:40 . 2008-04-14 08:00 1866112 ----a-w- c:\windows\system32\win32k.sys
  70. 2012-07-03 12:30 . 2012-07-03 12:30 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
  71. 2012-07-02 17:49 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll
  72. 2012-07-02 17:49 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
  73. 2012-07-02 17:49 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
  74. 2012-07-02 12:05 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec
  75. 2012-06-26 11:03 . 2012-06-26 11:02 3796065 ----a-w- c:\documents and settings\All Users\Application Data\sbsdwin95req.exe
  76. 2012-06-06 23:54 . 2012-06-06 23:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  77. 2012-06-05 15:50 . 2008-04-14 08:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
  78. 2012-06-05 15:50 . 2008-04-14 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
  79. 2012-06-04 15:35 . 2010-09-27 20:44 210968 ----a-w- c:\windows\system32\wuweb.dll
  80. 2012-06-04 04:32 . 2008-04-14 08:00 152576 ----a-w- c:\windows\system32\schannel.dll
  81. 2012-06-02 13:19 . 2010-09-28 20:12 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
  82. 2012-06-02 13:19 . 2010-09-28 20:12 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
  83. 2012-06-02 13:19 . 2010-09-27 20:44 329240 ----a-w- c:\windows\system32\wucltui.dll
  84. 2012-06-02 13:19 . 2010-09-27 20:44 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
  85. 2012-06-02 13:19 . 2010-09-28 20:12 45080 ----a-w- c:\windows\system32\wups2.dll
  86. 2012-06-02 13:19 . 2010-09-28 20:12 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
  87. 2012-06-02 13:19 . 2010-09-27 20:44 53784 ----a-w- c:\windows\system32\wuauclt.exe
  88. 2012-06-02 13:19 . 2010-09-27 20:44 35864 ----a-w- c:\windows\system32\wups.dll
  89. 2012-06-02 13:19 . 2008-04-14 08:00 97304 ----a-w- c:\windows\system32\cdm.dll
  90. 2012-06-02 13:19 . 2010-09-28 20:12 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
  91. 2012-06-02 13:19 . 2010-09-27 20:44 577048 ----a-w- c:\windows\system32\wuapi.dll
  92. 2012-06-02 13:19 . 2010-09-27 20:44 1933848 ----a-w- c:\windows\system32\wuaueng.dll
  93. 2012-07-14 00:17 . 2012-08-21 15:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  94. .
  95. .
  96. ------- Sigcheck -------
  97. Note: Unsigned files aren't necessarily malware.
  98. .
  99. [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
  100. .
  101. ((((((((((((((((((((((((((((( SnapShot@2012-08-29_23.07.50 )))))))))))))))))))))))))))))))))))))))))
  102. .
  103. + 2012-08-30 10:22 . 2012-08-30 10:22 16384 c:\windows\Temp\Perflib_Perfdata_4c4.dat
  104. .
  105. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  106. .
  107. .
  108. *Note* empty entries & legit default entries are not shown
  109. REGEDIT4
  110. .
  111. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  112. "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-22 3077528]
  113. "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
  114. .
  115. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  116. "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
  117. "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
  118. "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
  119. "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2010-09-10 143360]
  120. "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
  121. .
  122. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  123. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  124. .
  125. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  126. "nltide_2"="shell32" [X]
  127. .
  128. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  129. Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2012-7-3 1339392]
  130. .
  131. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  132. "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
  133. .
  134. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
  135. "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
  136. .
  137. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  138. 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
  139. .
  140. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  141. @=""
  142. .
  143. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  144. "AntiVirusOverride"=dword:00000001
  145. .
  146. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  147. "DisableNotifications"= 1 (0x1)
  148. .
  149. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  150. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  151. "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
  152. "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
  153. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  154. .
  155. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  156. "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
  157. .
  158. R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
  159. R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
  160. R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
  161. R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.8.2012 21:15 655944]
  162. R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.8.2012 21:15 22344]
  163. S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [23.6.2011 8:43 1068216]
  164. S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
  165. S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21.8.2012 17:56 113120]
  166. S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13.5.2011 3:21 121064]
  167. S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13.5.2011 3:21 12776]
  168. S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13.5.2011 3:21 136808]
  169. S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13.5.2011 3:21 114280]
  170. S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8.8.2012 23:19 252928]
  171. S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8.8.2012 23:19 399360]
  172. .
  173. --- Other Services/Drivers In Memory ---
  174. .
  175. *NewlyCreated* - SISPORT
  176. *Deregistered* - SiSPort
  177. .
  178. .
  179. ------- Supplementary Scan -------
  180. .
  181. uStart Page = hxxp://www.windowsxlive.net
  182. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  183. TCP: Interfaces\{EEA9D5F0-DC04-4CAF-BB0C-7EDC61861DBA}: NameServer = 10.5.0.100
  184. FF - ProfilePath - c:\documents and settings\SEMPRON 3000\Application Data\Mozilla\Firefox\Profiles\8oyt4nrc.default\
  185. FF - prefs.js: browser.startup.homepage - www.google.rs
  186. .
  187. .
  188. **************************************************************************
  189. .
  190. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  191. Rootkit scan 2012-08-30 12:23
  192. Windows 5.1.2600 Service Pack 3 NTFS
  193. .
  194. scanning hidden processes ...
  195. .
  196. scanning hidden autostart entries ...
  197. .
  198. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  199. HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]??Z???????Z???Z???????????????? ??Z???Z?N?????Z$??????Z????????????{??Z???????????Z$?G~????(????~B~??G~?????~B~??G~???Z@???????d??????Z%??Zx??Zd??????Z,>?Z???Zv?B~Z|?Z{3?Z?2?Z????st.I????G??Z????d????<?Z?I?Z
  200. .
  201. scanning hidden files ...
  202. .
  203. scan completed successfully
  204. hidden files: 0
  205. .
  206. **************************************************************************
  207. .
  208. --------------------- DLLs Loaded Under Running Processes ---------------------
  209. .
  210. - - - - - - - > 'winlogon.exe'(496)
  211. c:\program files\SUPERAntiSpyware\SASWINLO.DLL
  212. c:\windows\system32\WININET.dll
  213. c:\windows\system32\cscui.dll
  214. .
  215. - - - - - - - > 'explorer.exe'(2656)
  216. c:\windows\system32\WININET.dll
  217. c:\windows\system32\NETSHELL.dll
  218. c:\windows\system32\SETUPAPI.dll
  219. c:\windows\system32\ieframe.dll
  220. c:\windows\system32\webcheck.dll
  221. c:\windows\system32\wpdshserviceobj.dll
  222. c:\windows\system32\portabledevicetypes.dll
  223. c:\windows\system32\portabledeviceapi.dll
  224. .
  225. ------------------------ Other Running Processes ------------------------
  226. .
  227. c:\program files\Java\jre6\bin\jqs.exe
  228. c:\windows\system32\nvsvc32.exe
  229. .
  230. **************************************************************************
  231. .
  232. Completion time: 2012-08-30 12:31:25 - machine was rebooted
  233. ComboFix-quarantined-files.txt 2012-08-30 10:31
  234. ComboFix2.txt 2012-08-29 23:11
  235. .
  236. Pre-Run: 30.430.523.392 bytes free
  237. Post-Run: 30.328.315.904 bytes free
  238. .
  239. - - End Of File - - 2E141D2A141B2324E1F5DC55207D9F40
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!