API tools faq
paste
Advertisement
Guest User

skoch

a guest
Feb 11th, 2010
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.54 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-02-10.04 - Anica 11.02.2010 12:49:36.2.1 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.494.235 [GMT 1:00]
  3. Running from: c:\documents and settings\Anica\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\Anica\Desktop\CFScript.txt
  5. AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
  6.  
  7. FILE ::
  8. "c:\windows\005417_.tmp"
  9. "c:\windows\is-MKJ0D.exe"
  10. .
  11.  
  12. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  13. .
  14.  
  15. c:\windows\005417_.tmp
  16. c:\windows\is-MKJ0D.exe
  17.  
  18. .
  19. ((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
  20. .
  21.  
  22. 2010-02-10 18:40 . 2010-02-10 18:40 -------- d-----w- c:\windows\system32\en
  23. 2010-02-10 18:40 . 2010-02-10 18:40 -------- d-----w- c:\windows\system32\bits
  24. 2010-02-10 18:26 . 2010-02-10 18:26 -------- d-----w- c:\windows\EHome
  25. 2010-02-10 17:41 . 2008-04-14 01:12 3901 ------w- c:\windows\system32\drivers\siint5.dll
  26. 2010-02-10 17:40 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
  27. 2010-02-10 17:39 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll
  28. 2010-02-09 19:55 . 2010-02-09 19:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
  29. 2010-02-09 19:50 . 2010-02-09 19:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
  30. 2010-01-29 15:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
  31.  
  32. .
  33. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  34. .
  35. 2010-02-11 08:58 . 2005-07-15 12:16 -------- d-----w- c:\program files\Lx_cats
  36. 2010-02-10 19:02 . 2009-07-11 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  37. 2010-02-10 17:22 . 2009-08-01 19:16 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
  38. 2010-02-09 19:50 . 2009-08-01 20:00 -------- d-----w- c:\program files\Google
  39. 2010-02-06 08:42 . 2008-01-04 09:43 -------- d-----w- c:\program files\RisNetClient
  40. 2010-01-07 15:07 . 2009-07-11 08:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  41. 2010-01-07 15:07 . 2009-07-11 08:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
  42. 2009-12-31 16:50 . 2004-10-18 18:01 353792 ----a-w- c:\windows\system32\drivers\srv.sys
  43. 2009-12-21 19:14 . 2004-10-18 18:01 916480 ------w- c:\windows\system32\wininet.dll
  44. 2009-12-16 18:43 . 2009-03-28 14:08 343040 ----a-w- c:\windows\system32\mspaint.exe
  45. 2009-12-14 11:30 . 2009-07-11 08:03 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  46. 2009-12-14 07:08 . 2004-10-18 18:01 33280 ----a-w- c:\windows\system32\csrsrv.dll
  47. 2009-12-08 19:27 . 2004-10-18 18:01 2189184 ------w- c:\windows\system32\ntoskrnl.exe
  48. 2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
  49. 2009-12-04 18:22 . 2004-10-18 18:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
  50. 2009-11-27 17:11 . 2004-10-18 18:01 1291776 ----a-w- c:\windows\system32\quartz.dll
  51. 2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
  52. 2009-11-27 16:07 . 2004-10-18 18:01 28672 ----a-w- c:\windows\system32\msvidc32.dll
  53. 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
  54. 2009-11-27 16:07 . 2004-10-18 18:01 11264 ----a-w- c:\windows\system32\msrle32.dll
  55. 2009-11-27 16:07 . 2004-10-18 18:01 84992 ----a-w- c:\windows\system32\avifil32.dll
  56. 2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
  57. 2009-11-21 15:51 . 2004-10-18 18:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
  58. .
  59.  
  60. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  61. .
  62. .
  63. *Note* empty entries & legit default entries are not shown
  64. REGEDIT4
  65.  
  66. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  67. "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
  68.  
  69. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  70. "AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 88267]
  71. "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-12 110592]
  72. "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-12 618496]
  73. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
  74. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
  75. "batterymiser"="c:\program files\Battery miser\batterymiser.exe" [2004-08-27 274432]
  76. "KeybdUtility"="c:\program files\On Screen Display\Hotkey.exe" [2004-08-27 73728]
  77. "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
  78. "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
  79. "LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 69632]
  80. "lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
  81. "FaxCenterServer4_in_1"="c:\program files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 286720]
  82. "EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
  83. "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
  84. "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
  85. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
  86. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
  87. "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-01 122368]
  88. "IPOperator"="c:\program files\IP Operator\IPOperator.exe" [2004-08-26 32768]
  89.  
  90. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  91. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  92.  
  93. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  94. Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
  95.  
  96. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  97. "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2004-10-20 73728]
  98.  
  99. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  100. "%windir%\\system32\\sessmgr.exe"=
  101. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  102.  
  103. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  104. "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
  105. "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
  106.  
  107. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
  108. "AllowInboundEchoRequest"= 1 (0x1)
  109.  
  110. R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/11/2009 9:03 AM 108289]
  111. S2 gupdate;Usluga Google a�uriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2010 8:50 PM 135664]
  112. S3 LGeNDIS;LGeNDIS;c:\program files\IP Operator\LGeNDIS.sys [10/18/2004 9:15 PM 7552]
  113.  
  114. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  115. p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
  116. .
  117. Contents of the 'Scheduled Tasks' folder
  118.  
  119. 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  120. - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 19:50]
  121.  
  122. 2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  123. - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 19:50]
  124.  
  125. 2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{AF1818AE-FF8F-46FE-BAF9-4668C086A23D}.job
  126. - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
  127. .
  128. .
  129. ------- Supplementary Scan -------
  130. .
  131. uStart Page = hxxp://www.net.hr/
  132. IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  133. .
  134.  
  135. **************************************************************************
  136.  
  137. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  138. Rootkit scan 2010-02-11 12:55
  139. Windows 5.1.2600 Service Pack 3 NTFS
  140.  
  141. scanning hidden processes ...
  142.  
  143. scanning hidden autostart entries ...
  144.  
  145. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  146. LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
  147.  
  148. scanning hidden files ...
  149.  
  150. scan completed successfully
  151. hidden files: 0
  152.  
  153. **************************************************************************
  154. .
  155. --------------------- DLLs Loaded Under Running Processes ---------------------
  156.  
  157. - - - - - - - > 'explorer.exe'(2680)
  158. c:\windows\system32\WININET.dll
  159. c:\windows\system32\ieframe.dll
  160. c:\windows\system32\webcheck.dll
  161. .
  162. ------------------------ Other Running Processes ------------------------
  163. .
  164. c:\windows\system32\S24EvMon.exe
  165. c:\program files\Avira\AntiVir Desktop\avguard.exe
  166. c:\windows\system32\RegSrvc.exe
  167. c:\windows\system32\tcpsvcs.exe
  168. c:\windows\system32\wdfmgr.exe
  169. c:\windows\AGRSMMSG.exe
  170. c:\windows\system32\lxbxcoms.exe
  171. c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\update.exe
  172. .
  173. **************************************************************************
  174. .
  175. Completion time: 2010-02-11 13:05:34 - machine was rebooted
  176. ComboFix-quarantined-files.txt 2010-02-11 12:05
  177. ComboFix2.txt 2010-02-11 11:21
  178.  
  179. Pre-Run: 30.657.355.776 bytes free
  180. Post-Run: 30.604.931.072 bytes free
  181.  
  182. - - End Of File - - 70AE66DCBC3D97197982829E7F8A5DD3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!