API tools faq
paste
Advertisement
Guest User

d33k-combofix

a guest
Aug 2nd, 2011
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.46 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-07-15.01 - pos 07/15/2011 14:31:56.1.2 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -8:00]
  3. Running from: C:\ComboFix.exe
  4. AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
  5. FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
  6. .
  7. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  8. .
  9. .
  10. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. C:\ipconfig.txt
  14. .
  15. .
  16. ((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
  17. .
  18. .
  19. 2011-07-15 22:25 . 2011-07-15 22:25 388096 ----a-r- c:\documents and settings\pos\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  20. 2011-07-15 22:25 . 2011-07-15 22:25 -------- d-----w- c:\program files\HJT
  21. 2011-07-15 17:35 . 2011-07-15 16:34 1402880 ----a-w- C:\HijackThis.msi
  22. .
  23. .
  24. .
  25. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  26. .
  27. .
  28. .
  29. ------- Sigcheck -------
  30. Note: Unsigned files aren't necessarily malware.
  31. .
  32. [-] 2010-03-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
  33. .
  34. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  35. .
  36. .
  37. *Note* empty entries & legit default entries are not shown
  38. REGEDIT4
  39. .
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  41. "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
  42. "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
  43. "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
  44. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
  45. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
  46. .
  47. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  48. "_nltide_3"="advpack.dll" [2010-03-29 128512]
  49. .
  50. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  51. info.lnk - c:\planet\bginfo\info.bat [2010-8-26 45]
  52. .
  53. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  54. "DisableCAD"= 1 (0x1)
  55. .
  56. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  57. "NoSMMyPictures"= 1 (0x1)
  58. "NoSMConfigurePrograms"= 1 (0x1)
  59. .
  60. [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
  61. "ForceClassicControlPanel"= 1 (0x1)
  62. "NoSMMyPictures"= 1 (0x1)
  63. "NoSMConfigurePrograms"= 1 (0x1)
  64. .
  65. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
  66. 2006-04-25 19:01 8704 ----a-w- c:\windows\system32\PCANotify.dll
  67. .
  68. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
  69. @="Service"
  70. .
  71. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
  72. @="Service"
  73. .
  74. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
  75. @="Service"
  76. .
  77. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  78. @="Driver"
  79. .
  80. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  81. "DisableMonitoring"=dword:00000001
  82. .
  83. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  84. "EnableFirewall"= 0 (0x0)
  85. "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
  86. .
  87. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  88. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  89. "%windir%\\system32\\sessmgr.exe"=
  90. "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
  91. "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
  92. "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
  93. .
  94. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  95. "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
  96. .
  97. R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [8/27/2010 8:19 AM 14848]
  98. R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.Sys [8/27/2010 8:19 AM 81408]
  99. R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2011 1:43 PM 102448]
  100. S0 cerc6;cerc6; [x]
  101. S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
  102. S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/2/2009 3:02 PM 23888]
  103. S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
  104. S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
  105. S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2010 8:51 AM 14336]
  106. S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
  107. .
  108. --- Other Services/Drivers In Memory ---
  109. .
  110. *NewlyCreated* - ERASERUTILDRVI11
  111. *Deregistered* - EraserUtilDrvI11
  112. .
  113. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  114. WINRM REG_MULTI_SZ WINRM
  115. .
  116. .
  117. ------- Supplementary Scan -------
  118. .
  119. uStart Page = about:blank
  120. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  121. .
  122. - - - - ORPHANS REMOVED - - - -
  123. .
  124. SafeBoot-Symantec Antvirus
  125. AddRemove-EloTouchscreen - c:\program files\elotouchsystems\EloSetup
  126. .
  127. .
  128. .
  129. **************************************************************************
  130. .
  131. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  132. Rootkit scan 2011-07-15 14:34
  133. Windows 5.1.2600 Service Pack 3 NTFS
  134. .
  135. scanning hidden processes ...
  136. .
  137. scanning hidden autostart entries ...
  138. .
  139. scanning hidden files ...
  140. .
  141. scan completed successfully
  142. hidden files: 0
  143. .
  144. **************************************************************************
  145. .
  146. Completion time: 2011-07-15 14:35:43
  147. ComboFix-quarantined-files.txt 2011-07-15 22:35
  148. .
  149. Pre-Run: 64,817,590,272 bytes free
  150. Post-Run: 64,886,009,856 bytes free
  151. .
  152. - - End Of File - - F4A727952363DDEC705E139E16EBA9C2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!