API tools faq
paste
Advertisement
Guest User

combofix

a guest
Oct 21st, 2012
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.83 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-10-21.02 - sanja 21.10.2012 17:00:23.1.2 - x86
  2. Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.637 [GMT 2:00]
  3. Running from: c:\users\sanja\Desktop\ComboFix.exe
  4. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  5. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  6. .
  7. .
  8. ((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
  9. .
  10. .
  11. 2012-10-21 15:37 . 2012-10-21 15:37 -------- d-----w- c:\users\sanja\AppData\Local\temp
  12. 2012-10-21 15:37 . 2012-10-21 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp
  13. 2012-10-21 14:37 . 2012-10-21 14:37 -------- d-----w- C:\_OTL
  14. 2012-10-21 13:33 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
  15. 2012-10-21 13:33 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
  16. 2012-10-21 13:33 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
  17. 2012-10-21 13:33 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
  18. 2012-10-21 13:33 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
  19. 2012-10-21 13:33 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
  20. 2012-10-20 20:17 . 2012-10-20 20:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
  21. 2012-10-20 20:17 . 2012-10-20 20:17 -------- d-----w- c:\program files\Tweaking.com
  22. 2012-10-20 19:46 . 2012-10-20 19:46 -------- d-----w- c:\users\sanja\AppData\Roaming\Avira
  23. 2012-10-20 19:44 . 2012-10-20 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  24. 2012-10-20 19:44 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
  25. 2012-10-20 19:40 . 2012-10-01 15:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
  26. 2012-10-20 19:40 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  27. 2012-10-20 19:40 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  28. 2012-10-20 19:40 . 2012-10-20 19:40 -------- d-----w- c:\programdata\Avira
  29. 2012-10-20 19:40 . 2012-10-20 19:40 -------- d-----w- c:\program files\Avira
  30. 2012-10-20 18:59 . 2012-10-20 18:59 -------- d-----w- c:\program files\Windows Portable Devices
  31. 2012-10-20 18:41 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
  32. 2012-10-20 18:41 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
  33. 2012-10-20 18:41 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
  34. 2012-10-20 18:27 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
  35. 2012-10-20 18:27 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
  36. 2012-10-20 18:27 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
  37. 2012-10-20 18:15 . 2012-10-20 18:15 766976 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
  38. 2012-10-20 18:15 . 2012-10-20 18:15 35840 ----a-w- c:\windows\system32\imgutil.dll
  39. 2012-10-20 18:15 . 2012-10-20 18:15 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
  40. 2012-10-20 18:15 . 2012-10-20 18:15 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
  41. 2012-10-20 18:15 . 2012-10-20 18:15 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
  42. 2012-10-20 18:15 . 2012-10-20 18:15 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe
  43. 2012-10-20 18:15 . 2012-10-20 18:15 149504 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll
  44. 2012-10-20 18:15 . 2012-10-20 18:15 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
  45. 2012-10-20 18:13 . 2012-10-20 18:13 369664 ----a-w- c:\windows\system32\WMPhoto.dll
  46. 2012-10-20 18:13 . 2012-10-20 18:13 252928 ----a-w- c:\windows\system32\dxdiag.exe
  47. 2012-10-20 18:13 . 2012-10-20 18:13 195584 ----a-w- c:\windows\system32\dxdiagn.dll
  48. 2012-10-20 18:13 . 2012-10-20 18:13 519680 ----a-w- c:\windows\system32\d3d11.dll
  49. 2012-10-20 18:13 . 2012-10-20 18:13 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
  50. 2012-10-20 18:13 . 2012-10-20 18:13 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
  51. 2012-10-20 18:13 . 2012-10-20 18:13 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
  52. 2012-10-20 17:43 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
  53. 2012-10-20 17:43 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
  54. 2012-10-20 17:43 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
  55. 2012-10-20 17:43 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
  56. 2012-10-20 13:56 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
  57. 2012-10-20 13:56 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
  58. 2012-10-20 13:56 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
  59. 2012-10-20 13:56 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
  60. 2012-10-20 13:56 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
  61. 2012-10-20 13:56 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
  62. 2012-10-20 13:56 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
  63. 2012-10-20 13:54 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
  64. 2012-10-20 13:54 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
  65. 2012-10-20 13:54 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
  66. 2012-10-20 13:54 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
  67. 2012-10-20 13:54 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
  68. 2012-10-20 13:53 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
  69. 2012-10-20 13:53 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
  70. 2012-10-20 13:53 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
  71. 2012-10-20 13:53 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
  72. 2012-10-20 13:53 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
  73. 2012-10-20 13:52 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
  74. 2012-10-20 13:52 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
  75. 2012-10-20 13:52 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
  76. 2012-10-20 13:52 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
  77. 2012-10-20 13:52 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
  78. 2012-10-20 13:51 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
  79. 2012-10-20 13:51 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
  80. 2012-10-20 13:51 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
  81. 2012-10-20 13:51 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
  82. 2012-10-20 13:51 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
  83. 2012-10-20 13:51 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
  84. 2012-10-20 13:51 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
  85. 2012-10-20 13:51 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
  86. 2012-10-20 13:38 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
  87. 2012-10-20 13:32 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
  88. 2012-10-20 13:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
  89. 2012-10-20 13:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
  90. 2012-10-20 13:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
  91. 2012-10-20 13:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
  92. 2012-10-20 13:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
  93. 2012-10-20 13:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
  94. 2012-10-20 13:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
  95. 2012-10-20 13:16 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
  96. 2012-10-20 13:16 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
  97. 2012-10-20 08:31 . 2012-10-20 08:31 -------- d-----w- c:\users\sanja\AppData\Roaming\redsn0w
  98. 2012-10-20 08:17 . 2012-10-20 08:17 -------- d-----w- c:\users\sanja\.shsh
  99. 2012-10-20 00:14 . 2012-10-20 00:16 -------- d-----w- c:\windows\system32\ca-ES
  100. 2012-10-20 00:14 . 2012-10-20 00:15 -------- d-----w- c:\windows\system32\eu-ES
  101. 2012-10-20 00:14 . 2012-10-20 00:15 -------- d-----w- c:\windows\system32\vi-VN
  102. 2012-10-19 20:22 . 2012-10-19 20:22 -------- d-----w- c:\users\sanja\AppData\Local\Apple Computer
  103. 2012-10-19 20:22 . 2012-10-19 21:09 -------- d-----w- c:\users\sanja\AppData\Roaming\Apple Computer
  104. 2012-10-19 20:21 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
  105. 2012-10-19 20:20 . 2012-10-19 20:20 -------- d-----w- c:\program files\iPod
  106. 2012-10-19 20:20 . 2012-10-19 20:21 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
  107. 2012-10-19 20:20 . 2012-10-19 20:21 -------- d-----w- c:\program files\iTunes
  108. 2012-10-19 20:20 . 2012-10-19 20:20 -------- d-----w- c:\programdata\Apple Computer
  109. 2012-10-19 20:08 . 2012-10-19 20:08 -------- d-----w- c:\users\sanja\AppData\Local\Apple
  110. 2012-10-19 20:08 . 2012-10-19 20:08 -------- d-----w- c:\program files\Apple Software Update
  111. 2012-10-19 20:02 . 2012-10-19 20:02 -------- d-----w- c:\program files\Bonjour
  112. 2012-10-19 20:01 . 2012-10-19 20:20 -------- d-----w- c:\program files\Common Files\Apple
  113. 2012-10-19 20:01 . 2012-10-19 20:07 -------- d-----w- c:\programdata\Apple
  114. 2012-10-16 16:53 . 2012-10-16 16:53 -------- d-----w- c:\windows\system32\EventProviders
  115. 2012-10-16 13:11 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
  116. 2012-10-16 12:25 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
  117. 2012-10-13 17:21 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
  118. 2012-10-13 17:20 . 2009-04-11 06:28 499712 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
  119. 2012-10-13 17:19 . 2009-04-11 06:28 444416 ----a-w- c:\windows\system32\dsound.dll
  120. 2012-10-13 17:18 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
  121. 2012-10-13 17:18 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
  122. 2012-10-13 17:18 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
  123. 2012-10-13 17:03 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
  124. 2012-10-13 17:03 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
  125. 2012-10-13 17:03 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
  126. 2012-10-13 17:03 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
  127. 2012-10-13 17:01 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
  128. 2012-10-13 17:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
  129. 2012-10-13 16:59 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
  130. 2012-10-13 16:59 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
  131. 2012-10-13 16:59 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
  132. 2012-10-13 16:58 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
  133. 2012-10-13 09:37 . 2012-10-13 09:37 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
  134. 2012-10-12 18:48 . 2012-10-12 18:48 -------- d-----w- c:\program files\Synaptics
  135. 2012-10-12 18:24 . 2012-10-12 18:24 -------- d-----w- C:\PerfLogs
  136. .
  137. .
  138. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  139. .
  140. 2012-10-20 18:13 . 2012-10-20 18:13 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
  141. 2012-10-12 18:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
  142. 2012-10-12 18:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
  143. 2012-09-21 14:23 . 2012-09-21 14:23 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{901A6393-3441-421A-B268-40B3BD0E7DCE}\offreg.dll
  144. 2012-09-18 22:59 . 2012-09-21 14:16 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{901A6393-3441-421A-B268-40B3BD0E7DCE}\mpengine.dll
  145. 2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
  146. 2012-10-11 01:05 . 2012-10-12 17:34 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  147. .
  148. .
  149. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  150. .
  151. .
  152. *Note* empty entries & legit default entries are not shown
  153. REGEDIT4
  154. .
  155. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  156. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
  157. "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
  158. "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
  159. "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
  160. .
  161. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  162. "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
  163. "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
  164. "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
  165. "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
  166. "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
  167. "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
  168. "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
  169. "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
  170. "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
  171. "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
  172. "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
  173. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
  174. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
  175. "Skytel"="Skytel.exe" [2007-04-13 1822720]
  176. "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
  177. "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
  178. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
  179. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
  180. .
  181. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  182. Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]
  183. .
  184. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  185. "EnableUIADesktopToggle"= 0 (0x0)
  186. .
  187. [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
  188. path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
  189. backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
  190. backupExtension=.CommonStartup
  191. .
  192. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  193. 2012-04-17 17:35 116648 ----atw- c:\users\sanja\AppData\Local\Google\Update\GoogleUpdate.exe
  194. .
  195. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
  196. 2007-12-13 18:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  197. .
  198. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
  199. 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
  200. .
  201. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
  202. 2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
  203. .
  204. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  205. 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
  206. .
  207. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
  208. 2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
  209. .
  210. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  211. "DisableMonitoring"=dword:00000001
  212. .
  213. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  214. "DisableMonitoring"=dword:00000001
  215. .
  216. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  217. "DisableMonitoring"=dword:00000001
  218. .
  219. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-418618262-1034689965-338263685-1000]
  220. "EnableNotificationsRef"=dword:00000001
  221. .
  222. S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
  223. .
  224. .
  225. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  226. LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
  227. .
  228. Contents of the 'Scheduled Tasks' folder
  229. .
  230. 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  231. - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-10 13:34]
  232. .
  233. 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  234. - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-10 13:34]
  235. .
  236. 2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-418618262-1034689965-338263685-1000Core.job
  237. - c:\users\sanja\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 17:35]
  238. .
  239. 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-418618262-1034689965-338263685-1000UA.job
  240. - c:\users\sanja\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 17:35]
  241. .
  242. .
  243. ------- Supplementary Scan -------
  244. .
  245. uStart Page =
  246. uDefault_Search_URL =
  247. uInternet Settings,ProxyOverride = *.local
  248. uSearchAssistant =
  249. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  250. IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
  251. TCP: DhcpNameServer = 192.168.1.254
  252. FF - ProfilePath -
  253. .
  254. - - - - ORPHANS REMOVED - - - -
  255. .
  256. MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
  257. .
  258. .
  259. .
  260. **************************************************************************
  261. .
  262. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  263. Rootkit scan 2012-10-21 17:37
  264. Windows 6.0.6002 Service Pack 2 NTFS
  265. .
  266. scanning hidden processes ...
  267. .
  268. scanning hidden autostart entries ...
  269. .
  270. scanning hidden files ...
  271. .
  272. .
  273. c:\users\sanja\AppData\Local\Temp\catchme.dll 53248 bytes executable
  274. .
  275. scan completed successfully
  276. hidden files: 1
  277. .
  278. **************************************************************************
  279. .
  280. --------------------- LOCKED REGISTRY KEYS ---------------------
  281. .
  282. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  283. @Denied: (A) (Users)
  284. @Denied: (A) (Everyone)
  285. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  286. "BlindDial"=dword:00000000
  287. "MSCurrentCountry"=dword:000000b5
  288. .
  289. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  290. @Denied: (A) (Users)
  291. @Denied: (A) (Everyone)
  292. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  293. "BlindDial"=dword:00000000
  294. .
  295. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  296. @Denied: (A) (Users)
  297. @Denied: (A) (Everyone)
  298. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  299. "BlindDial"=dword:00000000
  300. .
  301. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  302. @Denied: (A) (Users)
  303. @Denied: (A) (Everyone)
  304. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  305. "BlindDial"=dword:00000000
  306. .
  307. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
  308. @Denied: (A) (Users)
  309. @Denied: (A) (Everyone)
  310. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  311. "BlindDial"=dword:00000000
  312. .
  313. Completion time: 2012-10-21 17:40:15
  314. ComboFix-quarantined-files.txt 2012-10-21 15:40
  315. .
  316. Pre-Run: 24.448.126.976 bytes free
  317. Post-Run: 28.581.134.336 bytes free
  318. .
  319. - - End Of File - - 87499780EF8921536755A67FB9A0F2CF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!