API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 16th, 2012
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.90 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-05-15.04 - GEOMARSRV 05/16/2012 7:23.1.1 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.1023.708 [GMT 2:00]
  3. Running from: c:\documents and settings\GEOMARSRV\Desktop\ComboFix.exe
  4. .
  5. .
  6. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  7. .
  8. .
  9. c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
  10. c:\documents and settings\GEOMARSRV\WINDOWS
  11. c:\documents and settings\Marko Server\WINDOWS
  12. c:\windows\_detmp.2
  13. c:\windows\system32\Cache
  14. c:\windows\system32\Cache\0495e88041c82fe9.fb
  15. c:\windows\system32\Cache\1337743a2c02ff02.fb
  16. c:\windows\system32\Cache\272512937d9e61a4.fb
  17. c:\windows\system32\Cache\287204568329e189.fb
  18. c:\windows\system32\Cache\28bc8f716fd76a47.fb
  19. c:\windows\system32\Cache\2c53092c95605355.fb
  20. c:\windows\system32\Cache\3917078cb68ec657.fb
  21. c:\windows\system32\Cache\590ba23ce359fd0c.fb
  22. c:\windows\system32\Cache\610289e025a3ee9a.fb
  23. c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
  24. c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
  25. c:\windows\system32\Cache\a35837d29929759e.fb
  26. c:\windows\system32\Cache\a8556537add6dfc5.fb
  27. c:\windows\system32\Cache\ad10a52aff5e038d.fb
  28. c:\windows\system32\Cache\c072410ac21e54e7.fb
  29. c:\windows\system32\Cache\c4d28dca2e7648be.fb
  30. c:\windows\system32\Cache\d201ef9910cd39de.fb
  31. c:\windows\system32\Cache\d2e94710a5708128.fb
  32. c:\windows\system32\Cache\d79b9dfe81484ec4.fb
  33. c:\windows\system32\Cache\e0de16f883bea794.fb
  34. .
  35. .
  36. ((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
  37. .
  38. .
  39. 2012-05-15 12:42 . 2012-05-15 12:42 -------- d-----w- C:\_OTL
  40. 2012-05-15 06:15 . 2012-05-15 06:15 -------- d-----w- c:\documents and settings\GEOMARSRV\Application Data\Malwarebytes
  41. 2012-05-15 06:03 . 2012-05-15 12:39 -------- d-----w- c:\documents and settings\GEOMARSRV\Application Data\Skype
  42. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\program files\Common Files\Skype
  43. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----r- c:\program files\Skype
  44. 2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
  45. 2012-05-15 05:20 . 2012-05-15 05:20 -------- d-----w- c:\program files\RandyRants.com
  46. 2012-05-14 07:06 . 2012-05-14 07:06 -------- d-----w- c:\documents and settings\GEOMARSRV\Local Settings\Application Data\PDF-TIFF-Tools.com
  47. 2012-05-14 07:06 . 2012-05-14 07:06 -------- d-----w- c:\program files\JPG to PDF Converter
  48. 2012-05-07 05:12 . 2012-05-07 05:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
  49. 2012-05-07 05:12 . 2012-05-07 05:12 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
  50. 2012-05-07 05:12 . 2012-05-07 05:12 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
  51. .
  52. .
  53. .
  54. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  55. .
  56. 2012-05-08 05:10 . 2012-03-29 06:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  57. 2012-05-08 05:10 . 2011-07-04 04:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  58. 2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
  59. 2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
  60. 2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
  61. 2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
  62. 2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
  63. 2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
  64. 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
  65. 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
  66. 2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
  67. 2012-05-07 05:12 . 2011-10-25 05:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  68. .
  69. .
  70. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  71. .
  72. .
  73. *Note* empty entries & legit default entries are not shown
  74. REGEDIT4
  75. .
  76. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  77. "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
  78. "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
  79. .
  80. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  81. "nForce Tray Options"="sstray.exe" [2003-06-17 73728]
  82. .
  83. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  84. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  85. .
  86. c:\documents and settings\Marko Server\Start Menu\Programs\Startup\
  87. OpenOffice.org 1.9.79.lnk - c:\program files\OpenOffice.org 1.9.79\program\quickstart.exe [N/A]
  88. .
  89. c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
  90. EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-7-11 131584]
  91. .
  92. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
  93. 2007-09-28 15:50 111616 ----a-w- c:\windows\system32\ackpbsc.dll
  94. .
  95. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
  96. 2007-06-20 17:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
  97. .
  98. [HKLM\~\startupfolder\C:^Documents and Settings^GEOMARSRV^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
  99. path=c:\documents and settings\GEOMARSRV\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
  100. backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
  101. .
  102. [HKLM\~\startupfolder\C:^Documents and Settings^GEOMARSRV^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
  103. path=c:\documents and settings\GEOMARSRV\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
  104. backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
  105. .
  106. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
  107. 2007-09-21 16:15 294440 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
  108. .
  109. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acsagent]
  110. 2007-06-20 17:08 130864 ----a-w- c:\program files\ActivIdentity\ActivClient\acsagent.exe
  111. .
  112. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
  113. 2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  114. .
  115. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
  116. 2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
  117. .
  118. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
  119. 2004-03-24 10:41 1294446 ------w- c:\program files\Ahead\InCD\InCD.exe
  120. .
  121. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  122. 2006-06-11 08:26 155648 -c--a-w- c:\program files\QuickTime\qttask.exe
  123. .
  124. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
  125. 2005-10-26 16:17 159744 ----a-w- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
  126. .
  127. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  128. 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
  129. .
  130. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
  131. 2008-05-12 05:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  132. .
  133. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  134. "%windir%\\system32\\sessmgr.exe"=
  135. "c:\\WINDOWS\\system32\\msiexec.exe"=
  136. "c:\\Program Files\\Hewlett-Packard\\HP Designjet System Maintenance\\hp_dj_sme.exe"=
  137. "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
  138. "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
  139. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  140. "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  141. "d:\\DOWNLOADS\\Xfire\\Xfire.exe"=
  142. "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
  143. "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
  144. "c:\\Program Files\\ZWCAD 2011 Eng\\ZWCAD.EXE"=
  145. "c:\\Program Files\\ZWCAD 2011 Eng\\zwlm_ts.exe"=
  146. "c:\\Program Files\\ZWCAD 2011 Eng\\CrashReportManagement.exe"=
  147. "c:\\Program Files\\ZWCAD 2011 Eng\\ZWErrorDialog.exe"=
  148. "c:\\Program Files\\Synkron\\Synkron.exe"=
  149. "c:\\Program Files\\ZWCAD 2012 Eng\\ZWCAD.EXE"=
  150. "c:\\Program Files\\ZWCAD 2012 Eng\\zwlm_ts.exe"=
  151. "c:\\Program Files\\ZWCAD 2012 Eng\\CrashReportManagement.exe"=
  152. "c:\\Program Files\\ZWCAD 2012 Eng\\ZWErrorDialog.exe"=
  153. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  154. .
  155. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  156. "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  157. "5769:TCP"= 5769:TCP:UPSTCP
  158. .
  159. R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4/21/2005 3:58 AM 9600]
  160. R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [9/28/2007 5:50 PM 188456]
  161. R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\upsman\ServiceDriver.exe [8/22/2011 9:43 AM 225353]
  162. R2 UPSMan;UPSMan;c:\program files\UPS\upsman\upsman.exe [8/22/2011 9:43 AM 4042837]
  163. S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
  164. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 7:55 AM 136176]
  165. S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
  166. S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 2:41 PM 47660]
  167. S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [8/11/2008 9:30 AM 57356]
  168. S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 7:55 AM 136176]
  169. S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
  170. S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
  171. S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 7:12 AM 129976]
  172. S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [6/19/2007 8:51 AM 81832]
  173. S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [6/19/2007 8:51 AM 13864]
  174. S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [6/19/2007 8:51 AM 107304]
  175. S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [6/19/2007 8:51 AM 99112]
  176. S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [6/19/2007 8:51 AM 21928]
  177. S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [6/19/2007 8:51 AM 97320]
  178. S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [6/19/2007 8:51 AM 97704]
  179. .
  180. Contents of the 'Scheduled Tasks' folder
  181. .
  182. 2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  183. - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 05:55]
  184. .
  185. 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  186. - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 05:55]
  187. .
  188. 2012-05-16 c:\windows\Tasks\User_Feed_Synchronization-{ECC3DC8F-3108-47C2-868F-C70316734A3C}.job
  189. - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
  190. .
  191. .
  192. ------- Supplementary Scan -------
  193. .
  194. uStart Page = hxxp://www.tportal.hr/fset.html
  195. uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  196. uInternet Connection Wizard,ShellNext = iexplore
  197. uSearchAssistant = hxxp://www.google.com/ie
  198. uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
  199. TCP: Interfaces\{3C9F0A57-FAF9-41E0-A008-544D3E4AB2FF}: NameServer = 192.168.168.230,195.29.150.3
  200. FF - ProfilePath - c:\documents and settings\GEOMARSRV\Application Data\Mozilla\Firefox\Profiles\0z9afk1o.default\
  201. FF - prefs.js: browser.search.selectedEngine - Google
  202. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
  203. .
  204. .
  205. ------- File Associations -------
  206. .
  207. .scr=AutoCADScriptFile
  208. .
  209. - - - - ORPHANS REMOVED - - - -
  210. .
  211. HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
  212. MSConfigStartUp-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
  213. MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
  214. MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
  215. MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
  216. MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
  217. .
  218. .
  219. .
  220. **************************************************************************
  221. .
  222. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  223. Rootkit scan 2012-05-16 07:28
  224. Windows 5.1.2600 Service Pack 3 NTFS
  225. .
  226. scanning hidden processes ...
  227. .
  228. scanning hidden autostart entries ...
  229. .
  230. scanning hidden files ...
  231. .
  232. scan completed successfully
  233. hidden files: 0
  234. .
  235. **************************************************************************
  236. .
  237. --------------------- DLLs Loaded Under Running Processes ---------------------
  238. .
  239. - - - - - - - > 'winlogon.exe'(748)
  240. c:\windows\system32\ackpbsc.dll
  241. c:\windows\system32\aclog.dll
  242. c:\windows\system32\ACLIBEAY.dll
  243. c:\windows\system32\acevtsub.dll
  244. c:\windows\system32\asphat32.dll
  245. c:\windows\system32\acerrmes.dll
  246. c:\windows\system32\aspcom.dll
  247. c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
  248. c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
  249. c:\windows\system32\msi.dll
  250. c:\program files\ActivIdentity\ActivClient\acunlock.dll
  251. c:\windows\system32\aipingui.dll
  252. c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
  253. c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
  254. c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
  255. .
  256. Completion time: 2012-05-16 07:31:17
  257. ComboFix-quarantined-files.txt 2012-05-16 05:31
  258. .
  259. Pre-Run: 13,778,022,400 bytes free
  260. Post-Run: 13,724,577,792 bytes free
  261. .
  262. WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
  263. [boot loader]
  264. timeout=2
  265. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  266. [operating systems]
  267. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  268. UnsupportedDebug="do not select this" /debug
  269. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
  270. .
  271. - - End Of File - - DB9966A46C5E37D15EB49506EC4B10ED
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!