API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 5th, 2010
502
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.23 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-03-04.04 - Dragan 03/05/2010 10:16:32.3.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.242 [GMT 1:00]
  3. Running from: c:\documents and settings\Dragan\Desktop\ComboFix.exe
  4. AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  5. FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
  6. FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
  7. .
  8.  
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11.  
  12. c:\windows\d.ini
  13. c:\windows\system32\vb6ko.dll
  14.  
  15. .
  16. ((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
  17. .
  18.  
  19. 2010-02-23 09:50 . 2010-02-23 09:50 -------- d-----w- c:\documents and settings\Dragan\Downloads
  20. 2010-02-20 09:53 . 2010-02-20 09:53 -------- d-----w- c:\documents and settings\Dragan\Application Data\MailFrontier
  21. 2010-02-20 09:33 . 2010-02-20 09:33 -------- d-----w- c:\program files\Zone Labs
  22. 2010-02-20 09:20 . 2010-03-05 09:12 -------- d-----w- c:\windows\Internet Logs
  23. 2010-02-12 19:25 . 2010-02-12 19:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
  24. 2010-02-11 12:45 . 2010-02-04 21:28 245760 ----a-w- c:\documents and settings\Dragan\Application Data\Mozilla\Firefox\Profiles\wavrpthw.Novi\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
  25. 2010-02-05 09:14 . 2010-02-05 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
  26. 2010-02-05 08:56 . 2010-02-05 08:56 -------- d-----w- c:\program files\Common Files\PCSuite
  27. 2010-02-05 08:56 . 2010-02-05 08:56 -------- d-----w- c:\program files\Common Files\Nokia
  28. 2010-02-05 08:55 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
  29. 2010-02-05 08:55 . 2010-02-05 08:55 -------- d-----w- c:\program files\PC Connectivity Solution
  30. 2010-02-05 08:55 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
  31. 2010-02-05 08:55 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
  32. 2010-02-05 08:55 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
  33. 2010-02-05 08:55 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
  34. 2010-02-05 08:55 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
  35. 2010-02-05 08:55 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
  36. 2010-02-05 08:55 . 2010-02-05 08:56 -------- d-----w- c:\program files\Nokia
  37. 2010-02-05 08:54 . 2010-02-05 08:52 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web.exe
  38. 2010-02-05 08:54 . 2010-02-05 08:54 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
  39. 2010-02-05 08:54 . 2010-02-05 08:54 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
  40. 2010-02-05 08:54 . 2010-02-05 08:54 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
  41. 2010-02-05 08:54 . 2010-02-05 08:54 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
  42.  
  43. .
  44. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  45. .
  46. 2010-03-05 08:55 . 2009-12-23 13:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
  47. 2010-03-05 06:49 . 2010-02-20 09:36 144 ----a-w- c:\windows\system32\pdfl.dat
  48. 2010-03-04 15:52 . 2009-02-11 09:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
  49. 2010-02-26 06:48 . 2007-05-12 07:33 -------- d--h--w- c:\program files\InstallShield Installation Information
  50. 2010-02-20 09:53 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\Dragan\Application Data\CheckPoint
  51. 2010-02-20 09:36 . 2010-02-20 09:36 80 ----a-w- c:\windows\system32\ibfl.dat
  52. 2010-02-20 09:36 . 2010-02-20 09:36 144 ----a-w- c:\windows\system32\lkfl.dat
  53. 2010-02-20 09:36 . 2009-12-23 13:17 -------- d-----w- c:\program files\CheckPoint
  54. 2010-02-19 13:10 . 2007-10-01 14:24 -------- d-----w- c:\program files\Planplus
  55. 2010-02-17 15:35 . 2007-05-12 09:25 -------- d-----w- c:\program files\TuneUp Utilities 2007
  56. 2010-02-05 09:43 . 2007-05-30 07:19 -------- d-----w- c:\documents and settings\Dragan\Application Data\PC Suite
  57. 2010-02-05 09:15 . 2007-05-30 07:19 -------- d-----w- c:\documents and settings\Dragan\Application Data\Nokia
  58. 2010-02-05 08:56 . 2007-05-12 07:33 -------- d-----w- c:\program files\DIFX
  59. 2010-02-05 08:54 . 2009-10-03 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
  60. 2010-01-20 10:06 . 2010-01-20 10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  61. 2010-01-20 09:41 . 2009-02-11 09:01 -------- d-----w- c:\documents and settings\Dragan\Application Data\URSoft
  62. 2010-01-20 09:41 . 2010-01-20 09:41 -------- d-----w- c:\program files\Your Uninstaller 2010
  63. 2010-01-09 09:23 . 2010-01-09 09:23 -------- d-----w- c:\program files\Windows Media Connect 2
  64. 2010-01-07 15:07 . 2010-01-20 10:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  65. 2010-01-07 15:07 . 2010-01-20 10:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
  66. 2009-12-31 16:50 . 2008-04-14 03:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
  67. 2009-12-21 19:14 . 2008-04-23 04:40 916480 ----a-w- c:\windows\system32\wininet.dll
  68. 2009-12-16 18:43 . 2007-05-12 07:18 343040 ----a-w- c:\windows\system32\mspaint.exe
  69. 2009-12-14 07:08 . 2008-04-14 08:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
  70. 2009-12-08 19:27 . 2008-04-14 03:57 2189184 ------w- c:\windows\system32\ntoskrnl.exe
  71. 2009-12-08 18:43 . 2008-04-14 00:01 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
  72. 2008-09-26 10:08 . 2008-04-24 11:46 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
  73. .
  74.  
  75. ------- Sigcheck -------
  76.  
  77. [-] 2008-04-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
  78. .
  79. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  80. .
  81. .
  82. *Note* empty entries & legit default entries are not shown
  83. REGEDIT4
  84.  
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  86. "nwiz"="nwiz.exe" [2006-10-31 1622016]
  87. "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
  88. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
  89. "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
  90.  
  91. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  92. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  93.  
  94. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  95. "nltide_2"="shell32" [X]
  96.  
  97. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  98. @="Driver"
  99.  
  100. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
  101. 2008-04-14 08:42 15360 ------w- c:\windows\system32\ctfmon.exe
  102.  
  103. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
  104. 2004-06-14 09:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe
  105.  
  106. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
  107. 2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
  108.  
  109. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  110. "ctfmon.exe"=c:\windows\system32\ctfmon.exe
  111.  
  112. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
  113. "DisableMonitoring"=dword:00000001
  114.  
  115. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  116. "%windir%\\system32\\sessmgr.exe"=
  117. "c:\\Program Files\\Messenger\\msmsgs.exe"=
  118. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  119. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  120. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  121.  
  122. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  123. "5700:TCP"= 5700:TCP:WWW
  124.  
  125. R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 10:44 AM 107256]
  126. R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3/13/2008 9:25 AM 15424]
  127. R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/19/2009 10:44 AM 731840]
  128. R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 2:30 PM 25208]
  129. R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 2:30 PM 476528]
  130. R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 11:06 AM 236368]
  131. R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 2:29 PM 35448]
  132. R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/20/2010 11:06 AM 19160]
  133. R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [5/20/2007 10:07 AM 59260]
  134. S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
  135. S2 cysagl;cysagl;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 9:42 AM 14336]
  136. S3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [9/2/2009 4:38 PM 90112]
  137. .
  138. Contents of the 'Scheduled Tasks' folder
  139.  
  140. 2010-02-26 c:\windows\Tasks\1-Click Maintenance.job
  141. - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
  142. .
  143. .
  144. ------- Supplementary Scan -------
  145. .
  146. uStart Page = https://www.ebank.nlb.rs/PravnaLica/
  147. uInternet Connection Wizard,ShellNext = iexplore
  148. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
  149. LSP: c:\windows\system32\imon.dll
  150. Trusted Zone: lhb.co.rs\www.ebank
  151. Trusted Zone: nlb.rs\www.ebank
  152. Trusted Zone: ppbank.com\www.ebank
  153. DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.ebank.nlb.rs/DLL/FSINT.dll
  154. DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://nlbklik.nlb.rs/corporate/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
  155. DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://nlbklik.nlb.rs/corporate/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab
  156. DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://www.ebank.nlb.rs/DLL/FSINT9.dll
  157. DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.ebank.nlb.rs/DLL/SAWZip.dll
  158. DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.ebank.nlb.rs/DLL/EbankingWWW.dll
  159. DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://nlbklik.nlb.rs/corporate/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab
  160. DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://www.ebank.nlb.rs/DLL/EBCSCC2B.dll
  161. DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://www.ebank.nlb.rs/DLL/EBCCDC2.dll
  162. FF - ProfilePath - c:\documents and settings\Dragan\Application Data\Mozilla\Firefox\Profiles\wavrpthw.Novi\
  163. FF - prefs.js: browser.startup.homepage - hxxp://b2b.kemoimpex.com/b2b/login.php
  164. FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
  165. FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
  166. FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
  167. FF - plugin: c:\documents and settings\Dragan\Application Data\Mozilla\Firefox\Profiles\wavrpthw.Novi\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
  168.  
  169. ---- FIREFOX POLICIES ----
  170. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  171. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  172. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  173. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  174. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  175. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
  176. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  177. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  178. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  179. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
  180. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
  181. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
  182. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  183. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  184. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
  185. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
  186. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  187. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  188. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  189. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  190. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  191. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  192. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  193. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  194. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  195. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  196. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  197. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  198. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  199. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  200. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  201. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  202. .
  203.  
  204. **************************************************************************
  205.  
  206. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  207. Rootkit scan 2010-03-05 10:23
  208. Windows 5.1.2600 Service Pack 3 NTFS
  209.  
  210. scanning hidden processes ...
  211.  
  212. c:\windows\system32\zshp1018.exe [2072] 0x833042B0
  213.  
  214. scanning hidden autostart entries ...
  215.  
  216. scanning hidden files ...
  217.  
  218. scan completed successfully
  219. hidden files: 0
  220.  
  221. **************************************************************************
  222. .
  223. --------------------- DLLs Loaded Under Running Processes ---------------------
  224.  
  225. - - - - - - - > 'winlogon.exe'(1012)
  226. c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
  227. c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
  228.  
  229. - - - - - - - > 'lsass.exe'(1068)
  230. c:\windows\system32\imon.dll
  231. c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
  232. c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
  233.  
  234. - - - - - - - > 'csrss.exe'(980)
  235. c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
  236. .
  237. Completion time: 2010-03-05 10:25:58
  238. ComboFix-quarantined-files.txt 2010-03-05 09:25
  239.  
  240. Pre-Run: 31,517,995,008 bytes free
  241. Post-Run: 31,509,626,880 bytes free
  242.  
  243. - - End Of File - - 847D1BEB2804C6D6C38E40EDF9610889
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!