API tools faq
paste
Advertisement
kreton

Untitled

kreton
Dec 5th, 2012
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.14 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-12-04.01 - Kreton 2012-12-05 15:29:33.1.4 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8191.6553 [GMT 1:00]
  3. Uruchomiony z: I:\ComboFix.exe
  4. AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
  5. SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
  6. SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. * Utworzono nowy punkt przywracania
  8. .
  9. .
  10. ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. c:\program files (x86)\webserv\webserv.exe
  14. c:\users\Kreton\AppData\Local\Tempals_inst.exe
  15. c:\users\Kreton\AppData\Local\wxpfree\CuSTomsearch.dll
  16. c:\users\Kreton\AppData\Roaming\GoldWaveKeyboard.txt
  17. c:\windows\apppatch\AppLoc.exe
  18. c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
  19. c:\windows\irunin.bmp
  20. c:\windows\irunin.dat
  21. c:\windows\irunin.ini
  22. c:\windows\irunin.lng
  23. c:\windows\IsUn0415.exe
  24. c:\windows\iun6002.exe
  25. c:\windows\My.ini
  26. c:\windows\pkunzip.pif
  27. c:\windows\pkzip.pif
  28. c:\windows\wininit.ini
  29. .
  30. .
  31. ((((((((((((((((((((((((( Pliki utworzone od 2012-11-05 do 2012-12-05 )))))))))))))))))))))))))))))))
  32. .
  33. .
  34. 2012-12-05 14:34 . 2012-12-05 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
  35. 2012-12-04 22:52 . 2012-12-05 13:58 -------- d-----w- C:\nexus
  36. 2012-12-03 13:20 . 2012-12-03 13:21 -------- d-----w- c:\programdata\Grid
  37. 2012-12-03 13:20 . 2012-12-03 13:54 -------- d-----w- c:\program files (x86)\RaySource
  38. 2012-12-03 12:48 . 2012-12-03 12:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
  39. 2012-12-01 18:17 . 2012-12-05 01:45 -------- d-----w- C:\Aneemoo
  40. 2012-11-30 23:22 . 2012-11-30 23:22 -------- d-----w- c:\users\Kreton\AppData\Local\fontconfig
  41. 2012-11-30 23:22 . 2012-11-30 23:22 -------- d-----w- c:\program files\Aegisub
  42. 2012-11-30 23:15 . 2012-11-30 23:24 -------- d-----w- c:\users\Kreton\AppData\Local\Aegisub
  43. 2012-11-23 03:33 . 2012-11-30 18:16 -------- d-----w- C:\Ayayayaya
  44. 2012-11-22 13:50 . 2012-11-22 13:50 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
  45. 2012-11-22 13:41 . 2012-11-22 13:41 2829 ----a-w- c:\windows\DIIUnin.pif
  46. 2012-11-22 13:41 . 2012-11-22 13:41 106496 ----a-w- c:\windows\DIIUnin.exe
  47. 2012-11-20 18:39 . 2012-11-20 18:39 -------- d-----w- c:\users\Kreton\AppData\Roaming\Thinstall
  48. 2012-11-20 18:39 . 2012-11-20 18:39 -------- d-----w- c:\users\Kreton\AppData\Local\Thinstall
  49. 2012-11-19 02:41 . 2012-11-19 02:41 -------- d-----w- c:\program files (x86)\DOSBox-0.74
  50. 2012-11-19 02:40 . 2012-11-19 02:40 1448809 ----a-w- C:\DOSBox0.74-win32-installer.exe
  51. .
  52. .
  53. .
  54. (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
  55. .
  56. 2012-11-28 10:02 . 2012-11-28 10:00 82871953 ----a-w- C:\(C81) [EnHANCE HEART] YAMABUKI (Touhou Project).zip
  57. 2012-11-27 22:08 . 2012-11-27 22:08 2887773 ----a-w- C:\Evangelion Race Queens Cosplay.zip
  58. 2012-11-15 22:40 . 2012-07-04 22:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  59. 2012-11-15 22:40 . 2012-07-04 22:57 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  60. 2012-10-29 17:27 . 2012-10-29 17:26 28203671 ----a-w- C:\(Kouroumu 8) [Rapid Rabbit (Tomokatsu Haruomi)] DEFEATED! (Touhou Project).zip
  61. 2012-09-24 14:32 . 2012-08-08 17:35 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
  62. 2012-09-24 14:32 . 2011-07-23 12:42 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
  63. 2012-09-13 03:26 . 2011-07-02 15:55 64462936 ----a-w- c:\windows\system32\MRT.exe
  64. 2012-09-01 21:04 . 2012-09-01 21:04 139264 ----a-w- c:\program files\DesktopOK.exe
  65. 2012-05-20 22:21 . 2012-05-20 22:21 8089760 ----a-w- c:\program files\flashplayer_11_sa_32bit.exe
  66. 2009-01-09 08:12 . 2011-07-01 11:50 3550064 ----a-w- c:\program files\PROCESS XP.EXE
  67. 2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
  68. 2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
  69. 2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
  70. 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
  71. .
  72. .
  73. ------- Sigcheck -------
  74. Note: Unsigned files aren't necessarily malware.
  75. .
  76. [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
  77. [-] 2010-11-21 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
  78. .
  79. [-] 2011-07-02 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
  80. [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
  81. .
  82. ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
  83. .
  84. .
  85. *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
  86. REGEDIT4
  87. .
  88. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  89. "NetMeter"="c:\program files\NetMeter\NetMeter114beta_4.exe" [2009-09-04 296960]
  90. "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
  91. "Akamai NetSession Interface"="c:\users\Kreton\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
  92. "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-08-31 438272]
  93. "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
  94. .
  95. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  96. "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
  97. "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
  98. "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
  99. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
  100. "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
  101. "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
  102. "Resume copy"="copyfstq.exe" [2002-03-24 46080]
  103. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
  104. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
  105. .
  106. c:\users\Kreton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  107. BreadCrumbKiller.lnk - c:\program files (x86)\BreadCrumKiller\BreadCrumbKiller.exe [2012-5-14 57856]
  108. Miranda IM.lnk - c:\program files\Miranda\miranda32.exe [2012-10-25 828500]
  109. Total Commander.lnk - c:\program files\Total Commander 7.02a\TOTALCMD.EXE [2011-7-5 3707808]
  110. .
  111. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  112. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  113. "ConsentPromptBehaviorUser"= 3 (0x3)
  114. "EnableLUA"= 0 (0x0)
  115. "EnableUIADesktopToggle"= 0 (0x0)
  116. "PromptOnSecureDesktop"= 0 (0x0)
  117. .
  118. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  119. "TaskbarNoThumbnail"= 0 (0x0)
  120. .
  121. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
  122. "aux1"=wdmaud.drv
  123. .
  124. R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
  125. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  126. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
  127. R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
  128. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
  129. R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
  130. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
  131. R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
  132. R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
  133. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
  134. R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
  135. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
  136. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
  137. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
  138. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  139. R3 X6va005;X6va005;c:\users\Kreton\AppData\Local\Temp\005463.tmp [x]
  140. S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
  141. S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-10 871408]
  142. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-03 254528]
  143. S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
  144. S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
  145. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 204288]
  146. S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
  147. S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-06-14 1288104]
  148. S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-06-14 138232]
  149. S2 gearsec;gearsec;c:\windows\SysWOW64\gearsec.exe [2005-11-30 58952]
  150. S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
  151. S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
  152. S3 RTL8023x64;Sterownik Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
  153. S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
  154. .
  155. .
  156. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  157. Akamai REG_MULTI_SZ Akamai
  158. .
  159. Zawartość folderu 'Zaplanowane zadania'
  160. .
  161. 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-865024264-3167692282-923975406-1000Core.job
  162. - c:\users\Kreton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 00:21]
  163. .
  164. 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-865024264-3167692282-923975406-1000UA.job
  165. - c:\users\Kreton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 00:21]
  166. .
  167. .
  168. --------- X64 Entries -----------
  169. .
  170. .
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  172. "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
  173. "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-14 5634800]
  174. .
  175. ------- Skan uzupełniający -------
  176. .
  177. uLocal Page = c:\windows\system32\blank.htm
  178. mLocal Page = c:\windows\SysWOW64\blank.htm
  179. uInternet Settings,ProxyOverride = <local>
  180. TCP: DhcpNameServer = 192.168.1.1
  181. .
  182. - - - - USUNIĘTO PUSTE WPISY - - - -
  183. .
  184. BHO-{E2ED2BAD-5A88-4835-A887-AE28A318A55B} - c:\users\Kreton\AppData\Local\wxpfree\CustomSearch.dll
  185. HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
  186. AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
  187. AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
  188. AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
  189. AddRemove-dBpoweramp Ogg Vorbis aoTuV Encoder - c:\windows\system32\SpoonUninstall.exe
  190. AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
  191. AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe
  192. AddRemove-Metal Knights - d:\n\D\Smieci\Temp\Metal Knights\UnInstall
  193. AddRemove-Sengoku Rance English_is1 - d:\games\?????\Sengoku Rance English\unins000.exe
  194. AddRemove-TotalCopy_1.2_(Luki_Edition)_English - c:\windows\iun6002.exe
  195. AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - d:\games\Touhou\Touhou Hisoutensoku\th123\unins000.exe
  196. AddRemove-{BEF22C6C-C603-44D1-AE86-F300A40249A6}_is1 - d:\dynamarisa 3d\dynamarisa\unins000.exe
  197. .
  198. .
  199. .
  200. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
  201. "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
  202. .
  203. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
  204. "ImagePath"="\??\c:\users\Kreton\AppData\Local\Temp\005463.tmp"
  205. .
  206. --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
  207. .
  208. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
  209. "Version"=hex:bf,ef,84,a5,79,0c,3e,63,37,10,c9,a3,fe,8c,c4,da,32,d3,7c,71,c9,
  210. d5,be,a0,fd,2a,8a,eb,37,c9,da,96,76,a1,3e,ba,bd,3b,76,ce,ea,05,e5,1c,c2,0b,\
  211. .
  212. [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
  213. "Version"=hex:bf,ef,84,a5,79,0c,3e,63,37,10,c9,a3,fe,8c,c4,da,32,d3,7c,71,c9,
  214. d5,be,a0,fd,2a,8a,eb,37,c9,da,96,76,a1,3e,ba,bd,3b,76,ce,ea,05,e5,1c,c2,0b,\
  215. .
  216. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  217. @Denied: (Full) (Everyone)
  218. .
  219. Czas ukończenia: 2012-12-05 15:36:44
  220. ComboFix-quarantined-files.txt 2012-12-05 14:36
  221. .
  222. Przed: 1 188 618 240 bajtów wolnych
  223. Po: 1 438 236 672 bajtów wolnych
  224. .
  225. - - End Of File - - 95C7C4BD29ADCEC4D7A0A9C381BEF71D
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!