Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 10-02-10.04 - Anica 11.02.2010 12:49:36.2.1 - x86
- Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.494.235 [GMT 1:00]
- Running from: c:\documents and settings\Anica\Desktop\ComboFix.exe
- Command switches used :: c:\documents and settings\Anica\Desktop\CFScript.txt
- AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
- FILE ::
- "c:\windows\005417_.tmp"
- "c:\windows\is-MKJ0D.exe"
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- c:\windows\005417_.tmp
- c:\windows\is-MKJ0D.exe
- .
- ((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
- .
- 2010-02-10 18:40 . 2010-02-10 18:40 -------- d-----w- c:\windows\system32\en
- 2010-02-10 18:40 . 2010-02-10 18:40 -------- d-----w- c:\windows\system32\bits
- 2010-02-10 18:26 . 2010-02-10 18:26 -------- d-----w- c:\windows\EHome
- 2010-02-10 17:41 . 2008-04-14 01:12 3901 ------w- c:\windows\system32\drivers\siint5.dll
- 2010-02-10 17:40 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
- 2010-02-10 17:39 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll
- 2010-02-09 19:55 . 2010-02-09 19:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
- 2010-02-09 19:50 . 2010-02-09 19:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
- 2010-01-29 15:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2010-02-11 08:58 . 2005-07-15 12:16 -------- d-----w- c:\program files\Lx_cats
- 2010-02-10 19:02 . 2009-07-11 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
- 2010-02-10 17:22 . 2009-08-01 19:16 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
- 2010-02-09 19:50 . 2009-08-01 20:00 -------- d-----w- c:\program files\Google
- 2010-02-06 08:42 . 2008-01-04 09:43 -------- d-----w- c:\program files\RisNetClient
- 2010-01-07 15:07 . 2009-07-11 08:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-01-07 15:07 . 2009-07-11 08:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2009-12-31 16:50 . 2004-10-18 18:01 353792 ----a-w- c:\windows\system32\drivers\srv.sys
- 2009-12-21 19:14 . 2004-10-18 18:01 916480 ------w- c:\windows\system32\wininet.dll
- 2009-12-16 18:43 . 2009-03-28 14:08 343040 ----a-w- c:\windows\system32\mspaint.exe
- 2009-12-14 11:30 . 2009-07-11 08:03 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
- 2009-12-14 07:08 . 2004-10-18 18:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
- 2009-12-08 19:27 . 2004-10-18 18:01 2189184 ------w- c:\windows\system32\ntoskrnl.exe
- 2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
- 2009-12-04 18:22 . 2004-10-18 18:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
- 2009-11-27 17:11 . 2004-10-18 18:01 1291776 ----a-w- c:\windows\system32\quartz.dll
- 2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
- 2009-11-27 16:07 . 2004-10-18 18:01 28672 ----a-w- c:\windows\system32\msvidc32.dll
- 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
- 2009-11-27 16:07 . 2004-10-18 18:01 11264 ----a-w- c:\windows\system32\msrle32.dll
- 2009-11-27 16:07 . 2004-10-18 18:01 84992 ----a-w- c:\windows\system32\avifil32.dll
- 2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
- 2009-11-21 15:51 . 2004-10-18 18:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 88267]
- "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-12 110592]
- "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-12 618496]
- "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
- "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
- "batterymiser"="c:\program files\Battery miser\batterymiser.exe" [2004-08-27 274432]
- "KeybdUtility"="c:\program files\On Screen Display\Hotkey.exe" [2004-08-27 73728]
- "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
- "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
- "LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 69632]
- "lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
- "FaxCenterServer4_in_1"="c:\program files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 286720]
- "EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
- "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
- "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
- "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
- "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
- "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-01 122368]
- "IPOperator"="c:\program files\IP Operator\IPOperator.exe" [2004-08-26 32768]
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
- "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
- c:\documents and settings\All Users\Start Menu\Programs\Startup\
- Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
- "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2004-10-20 73728]
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\system32\\sessmgr.exe"=
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
- "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
- "AllowInboundEchoRequest"= 1 (0x1)
- R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/11/2009 9:03 AM 108289]
- S2 gupdate;Usluga Google a�uriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2010 8:50 PM 135664]
- S3 LGeNDIS;LGeNDIS;c:\program files\IP Operator\LGeNDIS.sys [10/18/2004 9:15 PM 7552]
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
- p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
- .
- Contents of the 'Scheduled Tasks' folder
- 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 19:50]
- 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 19:50]
- 2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{AF1818AE-FF8F-46FE-BAF9-4668C086A23D}.job
- - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = hxxp://www.net.hr/
- IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
- .
- **************************************************************************
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2010-02-11 12:55
- Windows 5.1.2600 Service Pack 3 NTFS
- scanning hidden processes ...
- scanning hidden autostart entries ...
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
- scanning hidden files ...
- scan completed successfully
- hidden files: 0
- **************************************************************************
- .
- --------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - - > 'explorer.exe'(2680)
- c:\windows\system32\WININET.dll
- c:\windows\system32\ieframe.dll
- c:\windows\system32\webcheck.dll
- .
- ------------------------ Other Running Processes ------------------------
- .
- c:\windows\system32\S24EvMon.exe
- c:\program files\Avira\AntiVir Desktop\avguard.exe
- c:\windows\system32\RegSrvc.exe
- c:\windows\system32\tcpsvcs.exe
- c:\windows\system32\wdfmgr.exe
- c:\windows\AGRSMMSG.exe
- c:\windows\system32\lxbxcoms.exe
- c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\update.exe
- .
- **************************************************************************
- .
- Completion time: 2010-02-11 13:05:34 - machine was rebooted
- ComboFix-quarantined-files.txt 2010-02-11 12:05
- ComboFix2.txt 2010-02-11 11:21
- Pre-Run: 30.657.355.776 bytes free
- Post-Run: 30.604.931.072 bytes free
- - - End Of File - - 70AE66DCBC3D97197982829E7F8A5DD3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement