Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 11-07-15.01 - pos 07/15/2011 14:31:56.1.2 - x86
- Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -8:00]
- Running from: C:\ComboFix.exe
- AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
- FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
- .
- WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- C:\ipconfig.txt
- .
- .
- ((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
- .
- .
- 2011-07-15 22:25 . 2011-07-15 22:25 388096 ----a-r- c:\documents and settings\pos\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
- 2011-07-15 22:25 . 2011-07-15 22:25 -------- d-----w- c:\program files\HJT
- 2011-07-15 17:35 . 2011-07-15 16:34 1402880 ----a-w- C:\HijackThis.msi
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- .
- ------- Sigcheck -------
- Note: Unsigned files aren't necessarily malware.
- .
- [-] 2010-03-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
- "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
- "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
- "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
- "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
- .
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- "_nltide_3"="advpack.dll" [2010-03-29 128512]
- .
- c:\documents and settings\All Users\Start Menu\Programs\Startup\
- info.lnk - c:\planet\bginfo\info.bat [2010-8-26 45]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "DisableCAD"= 1 (0x1)
- .
- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
- "NoSMMyPictures"= 1 (0x1)
- "NoSMConfigurePrograms"= 1 (0x1)
- .
- [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
- "ForceClassicControlPanel"= 1 (0x1)
- "NoSMMyPictures"= 1 (0x1)
- "NoSMConfigurePrograms"= 1 (0x1)
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
- 2006-04-25 19:01 8704 ----a-w- c:\windows\system32\PCANotify.dll
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
- @="Service"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
- @="Service"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
- @="Service"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
- @="Driver"
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
- "DisableMonitoring"=dword:00000001
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
- "EnableFirewall"= 0 (0x0)
- "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- "%windir%\\system32\\sessmgr.exe"=
- "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
- "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
- "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
- .
- R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [8/27/2010 8:19 AM 14848]
- R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.Sys [8/27/2010 8:19 AM 81408]
- R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2011 1:43 PM 102448]
- S0 cerc6;cerc6; [x]
- S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
- S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/2/2009 3:02 PM 23888]
- S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
- S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
- S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2010 8:51 AM 14336]
- S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
- .
- --- Other Services/Drivers In Memory ---
- .
- *NewlyCreated* - ERASERUTILDRVI11
- *Deregistered* - EraserUtilDrvI11
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
- WINRM REG_MULTI_SZ WINRM
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = about:blank
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
- .
- - - - - ORPHANS REMOVED - - - -
- .
- SafeBoot-Symantec Antvirus
- AddRemove-EloTouchscreen - c:\program files\elotouchsystems\EloSetup
- .
- .
- .
- **************************************************************************
- .
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2011-07-15 14:34
- Windows 5.1.2600 Service Pack 3 NTFS
- .
- scanning hidden processes ...
- .
- scanning hidden autostart entries ...
- .
- scanning hidden files ...
- .
- scan completed successfully
- hidden files: 0
- .
- **************************************************************************
- .
- Completion time: 2011-07-15 14:35:43
- ComboFix-quarantined-files.txt 2011-07-15 22:35
- .
- Pre-Run: 64,817,590,272 bytes free
- Post-Run: 64,886,009,856 bytes free
- .
- - - End Of File - - F4A727952363DDEC705E139E16EBA9C2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement