My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Untitled

By: a guest | Mar 20th, 2010 | Syntax: None | Size: 13.17 KB | Hits: 115 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1. ComboFix 10-03-19.08 - mladen 03/20/2010  14:59:07.1.1 - x86
  2. Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.255.96 [GMT 1:00]
  3. Running from: c:\documents and settings\mladen\My Documents\Programi\ComboFix.exe
  4. AV: avast! antivirus 4.8.1368 [VPS 100320-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
  5.  
  6. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  7. .
  8.  
  9. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11.  
  12. c:\windows\system32\d3d10core.dll
  13. c:\windows\system32\kernel32new.dll
  14. c:\windows\system32\msvcrtnew.dll
  15.  
  16. .
  17. (((((((((((((((((((((((((   Files Created from 2010-02-20 to 2010-03-20  )))))))))))))))))))))))))))))))
  18. .
  19.  
  20. 2010-03-14 19:24 . 2010-03-14 19:24     --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
  21. 2010-03-14 19:23 . 2010-03-14 19:23     --------        d-----w-        c:\documents and settings\mladen\Application Data\DAEMON Tools Pro
  22. 2010-03-14 19:23 . 2010-03-14 19:23     717296  ----a-w-        c:\windows\system32\drivers\sptd.sys
  23. 2010-03-14 19:23 . 2010-03-14 19:23     --------        d-----w-        c:\documents and settings\mladen\Application Data\DAEMON Tools
  24. 2010-03-14 13:19 . 2010-03-14 13:22     --------        d-----w-        C:\FM
  25. 2010-03-14 13:09 . 2010-03-14 13:09     7886    ----a-r-        c:\documents and settings\mladen\Application Data\Microsoft\Installer\{C6EB9182-27BD-425B-927B-29DE2A8737B8}\fm2005demo_EC0AB585B2794A778BB564C403E43EE7.exe
  26. 2010-03-14 13:09 . 2010-03-14 13:09     7886    ----a-r-        c:\documents and settings\mladen\Application Data\Microsoft\Installer\{C6EB9182-27BD-425B-927B-29DE2A8737B8}\ARPPRODUCTICON.exe
  27. 2010-03-14 13:08 . 2010-03-14 13:08     --------        d-----w-        c:\program files\Sports Interactive
  28. 2010-03-13 10:26 . 2010-03-13 10:27     --------        d-----w-        c:\program files\8BallClub
  29. 2010-03-09 19:50 . 2010-03-09 19:50     --------        d-----w-        c:\documents and settings\mladen\Local Settings\Application Data\Identities
  30. 2010-03-08 15:14 . 2010-03-08 15:15     --------        d-----w-        c:\documents and settings\mladen\Application Data\Media Player Classic
  31. 2010-03-08 15:14 . 2010-03-08 15:14     --------        d-----w-        c:\program files\MPC HomeCinema
  32. 2010-03-08 15:09 . 2010-03-08 15:10     --------        d-----w-        c:\documents and settings\mladen\Application Data\BSplayer
  33. 2010-03-08 15:09 . 2010-03-08 15:09     --------        d-----w-        c:\documents and settings\mladen\Application Data\BSplayer Pro
  34. 2010-03-08 15:09 . 2010-03-08 15:09     --------        d-----w-        c:\program files\Webteh
  35. 2010-03-08 15:04 . 2010-03-08 15:04     --------        d-----w-        c:\documents and settings\mladen\Application Data\GRETECH
  36. 2010-03-08 15:03 . 2010-03-08 15:03     --------        d-----w-        c:\program files\GRETECH
  37. 2010-03-07 11:17 . 2010-03-07 11:17     --------        d-----w-        c:\documents and settings\mladen\Application Data\AdobeUM
  38. 2010-03-07 11:16 . 2010-03-07 11:17     --------        d-----w-        c:\documents and settings\mladen\Local Settings\Application Data\Adobe
  39. 2010-03-07 11:15 . 2010-03-07 11:16     --------        d-----w-        c:\program files\Common Files\Adobe
  40. 2010-03-07 11:13 . 2010-03-07 11:16     --------        d-----w-        c:\documents and settings\mladen\Local Settings\Application Data\NOS
  41. 2010-03-06 16:40 . 2010-03-06 16:40     --------        d-----w-        c:\program files\Games
  42. 2010-03-05 22:53 . 2009-12-01 16:39     787     ----a-w-        C:\ma477.bin
  43. 2010-03-05 10:42 . 2004-08-03 22:08     26496   -c--a-w-        c:\windows\system32\dllcache\usbstor.sys
  44. 2010-03-04 21:57 . 2010-03-04 21:57     --------        d-----w-        c:\documents and settings\mladen\Application Data\TypingMaster7
  45. 2010-03-04 21:56 . 2010-03-04 21:56     --------        d-----r-        c:\program files\TypingMaster
  46. 2010-03-04 21:20 . 2010-03-08 18:34     --------        d-----w-        c:\program files\PokerStars
  47. 2010-03-04 20:55 . 2010-03-04 20:55     --------        d-----w-        c:\program files\YouTube Downloader
  48. 2010-03-04 18:55 . 2009-11-24 23:50     114768  ----a-w-        c:\windows\system32\drivers\aswSP.sys
  49. 2010-03-04 18:55 . 2009-11-24 23:50     20560   ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
  50. 2010-03-02 18:48 . 2010-03-02 18:48     --------        d-----w-        C:\Free Chess
  51. 2010-03-02 18:14 . 2010-03-02 18:14     0       ----a-w-        c:\windows\nsreg.dat
  52. 2010-03-02 18:14 . 2010-03-02 18:14     --------        d-----w-        c:\documents and settings\mladen\Local Settings\Application Data\Mozilla
  53. 2010-03-01 22:09 . 2010-03-01 22:09     --------        d-----w-        c:\program files\NJ Soft
  54. 2010-03-01 17:24 . 2010-03-01 17:24     48      ---ha-w-        c:\windows\system32\ezsidmv.dat
  55. 2010-03-01 17:24 . 2010-03-20 08:07     --------        d-----w-        c:\documents and settings\mladen\Application Data\skypePM
  56. 2010-03-01 17:16 . 2010-03-20 13:35     --------        d-----w-        c:\documents and settings\mladen\Application Data\Skype
  57. 2010-03-01 17:16 . 2010-03-01 17:16     --------        d-----w-        c:\program files\Common Files\Skype
  58. 2010-03-01 17:16 . 2010-03-01 17:16     --------        d-----r-        c:\program files\Skype
  59. 2010-03-01 17:16 . 2010-03-01 17:16     --------        d-----w-        c:\documents and settings\All Users\Application Data\Skype
  60.  
  61. .
  62. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  63. .
  64. 2010-03-01 16:53 . 2010-03-01 15:50     86327   ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat
  65. 2010-03-01 16:33 . 2010-03-01 16:33     --------        d-----w-        c:\program files\Alwil Software
  66. 2010-03-01 16:29 . 2010-03-01 16:29     --------        d-----w-        c:\program files\VIA Technologies, Inc
  67. 2010-03-01 16:25 . 2010-03-01 16:25     2923    ----a-w-        c:\windows\system32\unins000.dat
  68. 2010-03-01 16:25 . 2010-03-01 16:25     716153  ----a-w-        c:\windows\system32\unins000.exe
  69. 2010-03-01 16:24 . 2010-03-01 16:21     --------        d-----w-        c:\program files\Common Files\InstallShield
  70. 2010-03-01 16:22 . 2010-03-01 16:21     --------        d-----w-        c:\program files\ATI Technologies
  71. 2010-03-01 16:22 . 2010-03-01 16:21     --------        d--h--w-        c:\program files\InstallShield Installation Information
  72. 2010-03-01 16:14 . 2010-03-01 16:14     --------        d-----w-        c:\program files\Opera
  73. 2010-03-01 15:59 . 2010-03-01 15:59     12328   ----a-w-        c:\documents and settings\mladen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  74. 2010-03-01 15:52 . 2010-03-01 15:52     --------        d-----w-        c:\program files\microsoft frontpage
  75. 2010-03-01 15:47 . 2010-03-01 15:47     21640   ----a-w-        c:\windows\system32\emptyregdb.dat
  76. 2008-03-09 06:25 . 2010-03-01 16:25     236     ----a-w-        c:\program files\Common Files\dx.reg
  77. 2004-08-03 22:56 . 2004-08-03 22:56     165025  --sha-r-        c:\windows\system32\vkgqwr.dll
  78. .
  79.  
  80. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  81. .
  82. .
  83. *Note* empty entries & legit default entries are not shown
  84. REGEDIT4
  85.  
  86. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  87. "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
  88.  
  89. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  90. "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 335872]
  91. "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
  92.  
  93. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  94. Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
  95.  
  96. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  97. "AntiVirusOverride"=dword:00000001
  98.  
  99. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  100. "EnableFirewall"= 0 (0x0)
  101.  
  102. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  103. "%windir%\\system32\\sessmgr.exe"=
  104. "c:\\Program Files\\Opera\\opera.exe"=
  105. "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
  106. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  107. "c:\\Program Files\\8BallClub\\GameDirector.exe"=
  108.  
  109. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  110. "9163:TCP"= 9163:TCP:ybayz
  111.  
  112. R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/4/2010 7:55 PM 114768]
  113. R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/4/2010 7:55 PM 20560]
  114. S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2010 8:23 PM 717296]
  115. S2 smdqqzl;jnzezshb;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]
  116. S3 veillct;veillct;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
  117.  
  118. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
  119. smdqqzl
  120. .
  121. .
  122. ------- Supplementary Scan -------
  123. .
  124. uStart Page = hxxp://www.google.rs/
  125. FF - ProfilePath - c:\documents and settings\mladen\Application Data\Mozilla\Firefox\Profiles\xukmwvyp.default\
  126. FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
  127.  
  128. ---- FIREFOX POLICIES ----
  129. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  130. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  131. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  132. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  133. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  134. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
  135. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  136. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  137. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  138. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
  139. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
  140. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
  141. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  142. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  143. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
  144. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
  145. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  146. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  147. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  148. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  149. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  150. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  151. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  152. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  153. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  154. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  155. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  156. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  157. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  158. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  159. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  160. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  161. .
  162.  
  163. **************************************************************************
  164.  
  165. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  166. Rootkit scan 2010-03-20 15:03
  167. Windows 5.1.2600 Service Pack 2 NTFS
  168.  
  169. scanning hidden processes ...  
  170.  
  171. scanning hidden autostart entries ...
  172.  
  173. scanning hidden files ...  
  174.  
  175. scan completed successfully
  176. hidden files: 0
  177.  
  178. **************************************************************************
  179.  
  180. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\veillct]
  181. "ImagePath"="\??\c:\windows\system32\01.tmp"
  182.  
  183. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smdqqzl]
  184. "ServiceDll"="c:\windows\system32\vkgqwr.dll"
  185. .
  186. --------------------- LOCKED REGISTRY KEYS ---------------------
  187.  
  188. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\a67ae326-6297-6599-00a2-d678e65ee27]
  189. @Denied: (Full) (AuthenticatedUsers)
  190. @Denied: (Full) (Administrators)
  191. "1v0mvfsx3he2e"=hex:37,64,62,61,61,36,30,31,2d,33,32,36,33,2d,34,35,63,39,2d,
  192.    61,39,30,31,2d,66,30,37,33,33,64,64,65,39,36,65,37
  193. "1appx772ozi9x"=hex:65,00,00,00,f8,00,00,00,ff,1e,57,4b,6d,6c,61,64,65,6e,39,
  194.    35,73,74,75,62,69,63,61,00,01,a6,ba,7d,63,32,c9,45,a9,01,f0,73,3d,de,96,e7,\
  195. .
  196. Completion time: 2010-03-20  15:05:41
  197. ComboFix-quarantined-files.txt  2010-03-20 14:05
  198.  
  199. Pre-Run: 8,984,768,512 bytes free
  200. Post-Run: 9,007,017,984 bytes free
  201.  
  202. - - End Of File - - 20C55AB538452A9EB093E5E6FE541434
create new paste | create new version of this paste RAW Paste Data