Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 12-04-26.01 - Nensy Fensy 26.04.2012 15:19:12.1.1 - x86
- Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.273 [GMT 2:00]
- Running from: c:\documents and settings\Nensy Fensy\Desktop\ComboFix.exe
- AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\documents and settings\Nensy Fensy\WINDOWS
- c:\windows\system32\urttemp
- c:\windows\system32\urttemp\fusion.dll
- c:\windows\system32\urttemp\mscoree.dll
- c:\windows\system32\urttemp\mscoree.dll.local
- c:\windows\system32\urttemp\mscorsn.dll
- c:\windows\system32\urttemp\mscorwks.dll
- c:\windows\system32\urttemp\msvcr71.dll
- c:\windows\system32\urttemp\regtlib.exe
- .
- .
- ((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
- .
- .
- 2012-04-26 08:57 . 2012-04-26 08:57 -------- d-----w- C:\_OTL
- 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\documents and settings\Nensy Fensy\Application Data\Malwarebytes
- 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
- 2012-04-25 12:22 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
- 2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
- 2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
- 2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
- 2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
- 2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
- 2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
- 2012-03-18 10:59 . 2011-08-17 21:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
- .
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-15 4866048]
- "nwiz"="nwiz.exe" [2004-04-15 323584]
- "00THotkey"="c:\windows\system32\00THotkey.exe" [2004-08-11 253952]
- "000StTHK"="000StTHK.exe" [2001-06-23 24576]
- "TFNF5"="TFNF5.exe" [2011-08-15 73728]
- "SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2011-08-15 86073]
- "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2011-08-15 98304]
- "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-08-15 495616]
- "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
- "AGRSMMSG"="AGRSMMSG.exe" [2011-08-15 88363]
- "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
- "TPSMain"="TPSMain.exe" [2004-06-28 266240]
- "TFncKy"="TFncKy.exe" [BU]
- "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
- "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
- "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
- "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
- "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
- "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
- "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
- "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
- .
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
- "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
- .
- c:\documents and settings\All Users\Start Menu\Programs\Startup\
- RAMASST.lnk - c:\windows\system32\RAMASST.exe [2011-8-16 155648]
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- "%windir%\\system32\\sessmgr.exe"=
- "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
- "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
- "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
- "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
- .
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
- "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
- .
- R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
- R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
- R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
- R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
- R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25.4.2012 14:22 654408]
- R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25.4.2012 14:22 22344]
- S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
- S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
- S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
- S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [1.1.2012 14:56 256512]
- S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [1.1.2012 14:56 398720]
- S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]
- S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
- .
- --- Other Services/Drivers In Memory ---
- .
- *NewlyCreated* - 65849171
- *NewlyCreated* - ASWMBR
- *Deregistered* - 65849171
- *Deregistered* - aswMBR
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
- WINRM REG_MULTI_SZ WINRM
- .
- Contents of the 'Scheduled Tasks' folder
- .
- 2012-04-18 c:\windows\Tasks\Defraggler Volume C Task.job
- - c:\program files\Defraggler\df.exe [2011-07-07 05:40]
- .
- 2012-04-18 c:\windows\Tasks\Defraggler Volume D Task.job
- - c:\program files\Defraggler\df.exe [2011-07-07 05:40]
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = hxxp://www.google.com
- mStart Page = hxxp://www.google.com
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
- TCP: DhcpNameServer = 192.168.1.1
- FF - ProfilePath - c:\documents and settings\Nensy Fensy\Application Data\Mozilla\Firefox\Profiles\z49iwjkv.default\
- FF - prefs.js: browser.search.selectedEngine - Google
- FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
- .
- - - - - ORPHANS REMOVED - - - -
- .
- AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
- AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
- .
- .
- .
- **************************************************************************
- .
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2012-04-26 15:25
- Windows 5.1.2600 Service Pack 3 NTFS
- .
- scanning hidden processes ...
- .
- scanning hidden autostart entries ...
- .
- scanning hidden files ...
- .
- scan completed successfully
- hidden files: 0
- .
- **************************************************************************
- .
- --------------------- DLLs Loaded Under Running Processes ---------------------
- .
- - - - - - - - > 'winlogon.exe'(912)
- c:\windows\system32\netprovcredman.dll
- .
- Completion time: 2012-04-26 15:27:13
- ComboFix-quarantined-files.txt 2012-04-26 13:27
- .
- Pre-Run: 33.486.602.240 bytes free
- Post-Run: 33.432.236.032 bytes free
- .
- WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- [boot loader]
- timeout=2
- default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
- [operating systems]
- c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
- UnsupportedDebug="do not select this" /debug
- multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- .
- - - End Of File - - 2426D2BB8DBDB4E5EDD86B43E08AFA59
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement