API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 28th, 2012
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.32 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-02-25.02 - Tibi 02/28/2012 9:48.1.2 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2558 [GMT 2:00]
  3. Running from: c:\users\Tibi\Downloads\ComboFix.exe
  4. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  5. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. * Created a new restore point
  8. .
  9. .
  10. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. c:\users\Tibi\AppData\Local\assembly\tmp
  14. .
  15. .
  16. ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
  17. .
  18. .
  19. 2012-02-28 07:59 . 2012-02-28 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
  20. 2012-02-27 12:49 . 2012-02-27 12:49 -------- d-----w- c:\program files\Motorola Inc
  21. 2012-02-27 08:12 . 2012-02-28 08:02 -------- d-----w- C:\Temp
  22. 2012-02-27 08:12 . 2012-02-27 08:12 -------- d-----w- c:\users\Tibi\AppData\Roaming\Motorola
  23. 2012-02-27 08:11 . 2012-02-27 08:11 -------- d-----w- c:\program files\Common Files\Motorola Shared
  24. 2012-02-27 08:11 . 2012-02-27 08:11 -------- d-----w- c:\program files (x86)\Motorola
  25. 2012-02-26 12:54 . 2012-02-26 12:54 -------- d-----w- c:\users\Tibi\AppData\Roaming\LibreOffice
  26. 2012-02-26 12:43 . 2012-02-26 12:44 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
  27. 2012-02-26 12:39 . 2012-02-26 12:39 -------- d-----w- c:\program files\7-Zip
  28. 2012-02-26 12:38 . 2012-02-26 12:38 -------- d-----w- c:\users\Tibi\AppData\Roaming\IrfanView
  29. 2012-02-26 12:38 . 2012-02-26 12:38 -------- d-----w- c:\program files (x86)\IrfanView
  30. 2012-02-26 12:27 . 2012-02-26 12:27 -------- d-----w- c:\users\Tibi\AppData\Roaming\SumatraPDF
  31. 2012-02-26 12:27 . 2012-02-26 12:27 -------- d-----w- c:\program files (x86)\SumatraPDF
  32. 2012-02-25 21:14 . 2012-02-25 21:25 -------- d-----w- c:\users\Tibi\AppData\Roaming\ImgBurn
  33. 2012-02-25 21:07 . 2012-02-25 21:07 -------- d-----w- c:\program files (x86)\ImgBurn
  34. 2012-02-24 12:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E429E47-65BD-4119-8BC0-D97A7A2C7CAE}\mpengine.dll
  35. 2012-02-22 17:53 . 2012-02-22 18:12 -------- d-----w- c:\users\Tibi\AppData\Roaming\gDEBugger
  36. 2012-02-22 17:52 . 2012-02-22 17:53 -------- d-----w- c:\programdata\GraphicRemedy
  37. 2012-02-15 12:59 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
  38. 2012-02-15 12:59 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
  39. 2012-02-15 12:59 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
  40. 2012-02-15 12:59 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
  41. 2012-02-15 12:59 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
  42. 2012-02-15 12:59 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
  43. 2012-02-15 12:59 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
  44. 2012-02-15 12:59 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
  45. 2012-02-12 12:20 . 2012-02-12 12:20 -------- d-----w- c:\program files (x86)\Audio Sliders
  46. 2012-02-12 12:10 . 2012-02-12 12:11 -------- d-----w- c:\users\Tibi\AppData\Roaming\TeraCopy
  47. 2012-02-12 12:10 . 2012-02-12 12:10 -------- d-----w- c:\program files\TeraCopy
  48. 2012-02-08 20:01 . 2012-02-08 20:01 -------- d-----w- c:\users\Tibi\AppData\Local\ElevatedDiagnostics
  49. 2012-02-06 13:53 . 2012-02-26 12:18 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
  50. 2012-02-06 13:53 . 2012-02-26 12:18 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
  51. 2012-02-04 13:30 . 2012-02-04 13:30 -------- d-----w- c:\users\Tibi\AppData\Local\SKIDROW
  52. 2012-02-03 20:04 . 2012-02-24 12:31 -------- d-----w- c:\program files (x86)\Common Files\Steam
  53. .
  54. .
  55. .
  56. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  57. .
  58. 2012-02-21 17:24 . 2011-12-10 11:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  59. 2012-02-15 14:47 . 2011-12-10 10:53 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
  60. 2012-01-29 03:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
  61. 2012-01-25 16:56 . 2011-12-13 19:13 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
  62. 2012-01-25 11:45 . 2011-12-10 16:57 1556544 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
  63. 2012-01-09 12:35 . 2012-01-09 12:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
  64. 2011-12-27 20:30 . 2011-12-27 20:30 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
  65. 2011-12-27 20:30 . 2011-12-27 20:30 426496 ----a-w- c:\windows\system32\wrap_oal.dll
  66. 2011-12-27 20:30 . 2011-12-27 20:30 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
  67. 2011-12-27 20:30 . 2011-12-27 20:30 116736 ----a-w- c:\windows\system32\OpenAL32.dll
  68. 2011-12-21 18:43 . 2011-12-21 18:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
  69. 2011-12-19 11:45 . 2012-01-12 14:52 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
  70. 2011-12-19 11:45 . 2012-01-12 14:52 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
  71. 2011-12-19 11:45 . 2011-12-19 11:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
  72. 2011-12-19 11:43 . 2011-12-19 11:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
  73. 2011-12-19 11:43 . 2011-12-19 11:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
  74. 2011-12-10 11:26 . 2011-12-10 11:26 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
  75. 2011-12-10 11:04 . 2011-12-10 11:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
  76. 2011-12-10 11:04 . 2011-12-10 11:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
  77. 2011-12-10 11:04 . 2011-12-10 11:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
  78. 2011-12-10 11:04 . 2011-12-10 11:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
  79. 2011-12-10 11:04 . 2011-12-10 11:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
  80. 2011-12-10 11:04 . 2011-12-10 11:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
  81. 2011-12-10 11:04 . 2011-12-10 11:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
  82. 2011-12-10 11:04 . 2011-12-10 11:04 367104 ----a-w- c:\windows\SysWow64\html.iec
  83. 2011-12-10 11:04 . 2011-12-10 11:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
  84. 2011-12-10 11:04 . 2011-12-10 11:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
  85. 2011-12-10 11:04 . 2011-12-10 11:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
  86. 2011-12-10 11:04 . 2011-12-10 11:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
  87. 2011-12-10 11:04 . 2011-12-10 11:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
  88. 2011-12-10 11:04 . 2011-12-10 11:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
  89. 2011-12-10 11:04 . 2011-12-10 11:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
  90. 2011-12-10 11:04 . 2011-12-10 11:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
  91. 2011-12-10 11:04 . 2011-12-10 11:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
  92. 2011-12-10 11:04 . 2011-12-10 11:04 222208 ----a-w- c:\windows\system32\msls31.dll
  93. 2011-12-10 11:04 . 2011-12-10 11:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
  94. 2011-12-10 11:04 . 2011-12-10 11:04 12288 ----a-w- c:\windows\system32\mshta.exe
  95. 2011-12-10 11:04 . 2011-12-10 11:04 114176 ----a-w- c:\windows\system32\admparse.dll
  96. 2011-12-10 11:04 . 2011-12-10 11:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
  97. 2011-12-10 11:04 . 2011-12-10 11:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
  98. 2011-12-10 11:04 . 2011-12-10 11:04 85504 ----a-w- c:\windows\system32\iesetup.dll
  99. 2011-12-10 11:04 . 2011-12-10 11:04 76800 ----a-w- c:\windows\system32\tdc.ocx
  100. 2011-12-10 11:04 . 2011-12-10 11:04 603648 ----a-w- c:\windows\system32\vbscript.dll
  101. 2011-12-10 11:04 . 2011-12-10 11:04 49664 ----a-w- c:\windows\system32\imgutil.dll
  102. 2011-12-10 11:04 . 2011-12-10 11:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
  103. 2011-12-10 11:04 . 2011-12-10 11:04 448512 ----a-w- c:\windows\system32\html.iec
  104. 2011-12-10 11:04 . 2011-12-10 11:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
  105. 2011-12-10 11:04 . 2011-12-10 11:04 165888 ----a-w- c:\windows\system32\iexpress.exe
  106. 2011-12-10 11:04 . 2011-12-10 11:04 160256 ----a-w- c:\windows\system32\wextract.exe
  107. 2011-12-10 11:04 . 2011-12-10 11:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
  108. 2011-12-10 11:04 . 2011-12-10 11:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
  109. 2011-12-10 10:30 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
  110. 2011-12-10 10:30 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
  111. 2011-12-10 10:30 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
  112. 2011-12-10 10:30 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
  113. 2011-12-10 10:30 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
  114. 2011-12-09 10:40 . 2011-12-10 10:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  115. 2011-12-09 10:40 . 2011-12-10 10:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  116. .
  117. .
  118. ------- Sigcheck -------
  119. Note: Unsigned files aren't necessarily malware.
  120. .
  121. [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
  122. [-] 2011-12-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
  123. .
  124. [-] 2011-12-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
  125. [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
  126. .
  127. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  128. .
  129. .
  130. *Note* empty entries & legit default entries are not shown
  131. REGEDIT4
  132. .
  133. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  134. "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
  135. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
  136. .
  137. c:\users\Tibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  138. EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
  139. .
  140. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  141. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  142. "ConsentPromptBehaviorUser"= 3 (0x3)
  143. "EnableUIADesktopToggle"= 0 (0x0)
  144. .
  145. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
  146. @="Service"
  147. .
  148. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  149. @="Driver"
  150. .
  151. R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
  152. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  153. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  154. R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
  155. R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
  156. R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
  157. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
  158. R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
  159. R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
  160. R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
  161. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
  162. R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
  163. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  164. R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
  165. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  166. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
  167. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  168. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  169. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
  170. R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2992512]
  171. S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
  172. S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [x]
  173. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
  174. S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
  175. S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
  176. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
  177. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  178. S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
  179. S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2011-06-10 2044688]
  180. S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
  181. S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
  182. S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
  183. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
  184. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
  185. S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
  186. S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
  187. S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
  188. S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
  189. S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
  190. S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
  191. S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
  192. S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
  193. .
  194. .
  195. --- Other Services/Drivers In Memory ---
  196. .
  197. *NewlyCreated* - WS2IFSL
  198. .
  199. Contents of the 'Scheduled Tasks' folder
  200. .
  201. 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  202. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 12:53]
  203. .
  204. 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  205. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 12:53]
  206. .
  207. .
  208. --------- x86-64 -----------
  209. .
  210. .
  211. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  212. "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
  213. "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
  214. .
  215. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  216. "LoadAppInit_DLLs"=0x0
  217. .
  218. ------- Supplementary Scan -------
  219. .
  220. uLocal Page = c:\windows\system32\blank.htm
  221. uStart Page = hxxp://www.google.com/
  222. IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
  223. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
  224. IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
  225. TCP: DhcpNameServer = 192.168.42.129
  226. FF - ProfilePath - c:\users\Tibi\AppData\Roaming\Mozilla\Firefox\Profiles\fqj3aajy.default\
  227. FF - prefs.js: browser.search.selectedEngine - Google
  228. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
  229. FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
  230. FF - user.js: network.http.max-persistent-connections-per-server - 4
  231. FF - user.js: nglayout.initialpaint.delay - 600
  232. FF - user.js: content.notify.interval - 600000
  233. FF - user.js: content.max.tokenizing.time - 1800000
  234. FF - user.js: content.switch.threshold - 600000
  235. FF - user.js: browser.blink_allowed - false
  236. .
  237. .
  238. --------------------- LOCKED REGISTRY KEYS ---------------------
  239. .
  240. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  241. @Denied: (A 2) (Everyone)
  242. @="FlashBroker"
  243. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
  244. .
  245. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  246. "Enabled"=dword:00000001
  247. .
  248. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  249. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
  250. .
  251. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  252. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  253. .
  254. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  255. @Denied: (A 2) (Everyone)
  256. @="Shockwave Flash Object"
  257. .
  258. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  259. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
  260. "ThreadingModel"="Apartment"
  261. .
  262. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  263. @="0"
  264. .
  265. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  266. @="ShockwaveFlash.ShockwaveFlash.10"
  267. .
  268. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  269. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
  270. .
  271. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  272. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  273. .
  274. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  275. @="1.0"
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  278. @="ShockwaveFlash.ShockwaveFlash"
  279. .
  280. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  281. @Denied: (A 2) (Everyone)
  282. @="Macromedia Flash Factory Object"
  283. .
  284. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  285. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
  286. "ThreadingModel"="Apartment"
  287. .
  288. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  289. @="FlashFactory.FlashFactory.1"
  290. .
  291. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  292. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
  293. .
  294. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  295. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  296. .
  297. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  298. @="1.0"
  299. .
  300. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  301. @="FlashFactory.FlashFactory"
  302. .
  303. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  304. @Denied: (A 2) (Everyone)
  305. @="IFlashBroker3"
  306. .
  307. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  308. @="{00020424-0000-0000-C000-000000000046}"
  309. .
  310. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  311. @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
  312. "Version"="1.0"
  313. .
  314. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
  315. @Denied: (A 2) (Everyone)
  316. @="IFlashBroker"
  317. .
  318. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
  319. @="{00020424-0000-0000-C000-000000000046}"
  320. .
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
  322. @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
  323. "Version"="1.0"
  324. .
  325. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
  326. @Denied: (A 2) (Everyone)
  327. @="IFlashBroker2"
  328. .
  329. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
  330. @="{00020424-0000-0000-C000-000000000046}"
  331. .
  332. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
  333. @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
  334. "Version"="1.0"
  335. .
  336. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  337. @Denied: (A 2) (Everyone)
  338. @="IFlashBroker4"
  339. .
  340. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  341. @="{00020424-0000-0000-C000-000000000046}"
  342. .
  343. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  344. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  345. "Version"="1.0"
  346. .
  347. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  348. @Denied: (A) (Users)
  349. @Denied: (A) (Everyone)
  350. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  351. "BlindDial"=dword:00000000
  352. .
  353. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  354. @Denied: (Full) (Everyone)
  355. .
  356. ------------------------ Other Running Processes ------------------------
  357. .
  358. c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
  359. c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
  360. c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
  361. .
  362. **************************************************************************
  363. .
  364. Completion time: 2012-02-28 10:17:55 - machine was rebooted
  365. ComboFix-quarantined-files.txt 2012-02-28 08:17
  366. .
  367. Pre-Run: 70,910,386,176 bytes free
  368. Post-Run: 71,115,952,128 bytes free
  369. .
  370. - - End Of File - - F0EE459183852161469E2F7AF12E6B01
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!