Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Guy Mesika
    34 views6 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views6 pages

    Combo Fix

    Uploaded by

    Guy Mesika

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ComboFix 10-03-12.04 - Administrator 03/13/2010 12:21:50.6.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.2038.1439 [GMT 2:
    00]
    Running from: c:\documents and settings\Administrator\ùåìçï äòáåãä\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-01
    01-4F12-8FB0-D96ACA4F34C0}
    * Resident AV is active
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-3333921794-3576222842-682978740-1000
    .
    ((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))
    ))))))))))))))))))))))))
    .
    2010-03-02 14:43 . 2008-05-29 08:03 37176 ----a-w- c:\documents and
    settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.
    com\bin\airappinstaller\airappinstaller.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2010-03-13 10:26 . 2009-09-09 16:40 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\Skype
    2010-03-13 06:02 . 2009-09-09 16:43 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\skypePM
    2010-03-12 08:44 . 2009-10-13 22:19 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\vlc
    2010-03-11 08:57 . 2001-09-19 12:00 40310 ----a-w- c:\windows\syste
    m32\perfc00d.dat
    2010-03-11 08:57 . 2001-09-19 12:00 248222 ----a-w- c:\windows\syste
    m32\perfh00d.dat
    2010-02-28 10:39 . 2009-10-14 06:08 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\dvdcss
    2010-02-08 04:18 . 2009-10-20 21:43 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\codeblocks
    2010-02-06 21:58 . 2010-02-06 21:58 9843864 ----a-w- c:\documents and
    settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98
    CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
    2010-02-06 21:58 . 2010-02-06 21:58 77824 ----a-w- c:\documents and
    settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98
    CAFE4B4FD93\RLLauncher.exe
    2010-01-28 09:54 . 2010-01-28 09:54 -------- d-----w- c:\progr
    am files\ForeScout SecureConnector
    2010-01-20 10:18 . 2010-01-25 11:30 52224 ----a-w- c:\documents and
    settings\Administrator\Application Data\Mozilla\Firefox\Profiles\abwq8645.defau
    lt\extensions\{f228c6a4-a593-4017-944c-4e7958fb3177}\components\FFExternalAlert.
    dll
    2010-01-20 10:18 . 2010-01-25 11:30 101376 ----a-w- c:\documents and
    settings\Administrator\Application Data\Mozilla\Firefox\Profiles\abwq8645.defau
    lt\extensions\{f228c6a4-a593-4017-944c-4e7958fb3177}\components\RadioWMPCore.dll
    2010-01-17 08:48 . 2010-01-17 08:48 -------- d-----w- c:\progr
    am files\Free WMA to MP3 Converter
    2010-01-16 09:10 . 2010-01-16 09:10 -------- d-----w- c:\progr
    am files\Mp3 Knife
    2010-01-15 21:00 . 2009-09-09 16:49 -------- d-----w- c:\docum
    ents and settings\Administrator\Application Data\uTorrent
    2010-01-14 07:06 . 2009-09-02 18:45 74712 ----a-w- c:\documents and
    settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-14 07:05 . 2010-01-14 07:05 -------- d-----w- c:\docum
    ents and settings\All Users\Application Data\FLEXnet
    2010-01-14 06:40 . 2009-09-02 19:56 -------- d-----w- c:\progr
    am files\Common Files\Adobe
    2010-01-14 06:37 . 2010-01-14 06:37 -------- d-----w- c:\progr
    am files\Adobe Media Player
    2010-01-14 06:31 . 2010-01-14 06:31 -------- d-----w- c:\progr
    am files\Common Files\Adobe AIR
    2010-01-14 06:26 . 2010-01-14 06:26 -------- d-----w- c:\progr
    am files\Common Files\Macrovision Shared
    2009-09-02 20:00 . 2009-09-02 19:57 229376 ----a-w- c:\program files
    \~GLH0005.TMP
    1999-08-02 07:10 . 2009-09-02 19:57 470502 ----a-w- c:\program files
    \STMOpen.bmp
    1996-12-27 12:57 . 2009-09-02 19:57 60112 ----a-w- c:\program files
    \Unwise.exe
    .
    ((((((((((((((((((((((((((((( SnapShot_2010-02-03_19.25.07 )))))))))))))))))
    ))))))))))))))))))))))))
    .
    + 2010-03-11 08:53 . 2010-03-11 08:53 16384 c:\windows\temp\Perfl
    ib_Perfdata_1c4.dat
    + 2001-09-19 12:00 . 2010-03-11 08:57 40326 c:\windows\system32\p
    erfc009.dat
    - 2001-09-19 12:00 . 2010-02-03 13:26 40326 c:\windows\system32\p
    erfc009.dat
    + 2001-09-19 12:00 . 2010-03-11 08:57 311938 c:\windows\system32\
    perfh009.dat
    - 2001-09-19 12:00 . 2010-02-03 13:26 311938 c:\windows\system32\
    perfh009.dat
    + 2010-02-06 07:57 . 2007-05-06 15:10 405504 c:\windows\stsystra.
    exe
    - 2010-01-10 22:13 . 2007-05-06 15:10 405504 c:\windows\stsystra.
    exe
    + 2010-02-06 07:57 . 2007-04-10 16:02 1601536 c:\windows\system32
    \stlang.dll
    - 2010-01-10 22:13 . 2007-04-10 16:02 1601536 c:\windows\system32
    \stlang.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D81274
    40}]
    2009-09-02 12:56 1175944 ----a-w- c:\program files\Ask.com\Generic
    AskToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2009-09-02 1175944]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2009-09-02 1175944]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072
    ]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220
    032]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^úôøéè äúçìä^úåëðéåú^äôòìä^All
    path=c:\documents and settings\Administrator\úôøéè äúçìä\úåëðéåú\äôòìä\Alliance background
    backup=c:\windows\pss\Alliance background mode.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^úôøéè äúçìä^úåëðéåú^äôòìä^Adobe R
    path=c:\documents and settings\All Users\úôøéè äúçìä\úåëðéåú\äôòìä\Adobe Reader Speed Launc
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^úôøéè äúçìä^úåëðéåú^äôòìä^Bluetoo
    path=c:\documents and settings\All Users\úôøéè äúçìä\úåëðéåú\äôòìä\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4
    ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Ad
    obe\CS4ServiceManager\CS4ServiceManager.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
    erCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.ex
    e
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sigmatel
    SysTrayApp]
    2007-05-06 15:10 405504 ----a-w- c:\windows\stsystra.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
    pdateSched]
    2009-11-04 18:17 149280 ----a-w- c:\program files\Java\jre6\bin\j
    usched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-09-09 16:40 39408 ----a-w- c:\program files\Google\GoogleTo
    olbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
    ]
    2009-09-23 09:26 288560 ----a-w- c:\program files\uTorrent\uTorre
    nt.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\v8220\\DMVSMultiView\\VSMultiView.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.ex
    e"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 16:52
    33800]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13/03/
    2008 16:49 472320]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/09/2001
    14:00 3584]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-03-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2009-09-02 12:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &éöà ì- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
    ToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\b
    tsendto_ie_ctx.htm
    Trusted Zone: buy-internet-security10.com
    Trusted Zone: buy-internetsecurity10.com
    Trusted Zone: is-soft-download.com
    Trusted Zone: is-software-download.com
    Trusted Zone: is-software-download25.com
    Trusted Zone: buy-internet-security10.com
    Trusted Zone: buy-internetsecurity10.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozi
    lla\Firefox\Profiles\abwq8645.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
    aspx?ctid=CT1425416&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.link4u.co.il/
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla
    \Firefox\Profiles\abwq8645.default\extensions\{f228c6a4-a593-4017-944c-4e7958fb3
    177}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla
    \Firefox\Profiles\abwq8645.default\extensions\{f228c6a4-a593-4017-944c-4e7958fb3
    177}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dl
    l
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.d
    ll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2010-03-13 12:25
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1177238915-2025429265-725345543-500\Software\Microsoft\  M*i*
    c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "File1"="c:\\WINDOWS\\system32\\devmgmt.msc"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(952)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-03-13 12:27:34
    ComboFix-quarantined-files.txt 2010-03-13 10:27
    ComboFix2.txt 2010-02-03 19:26
    ComboFix3.txt 2010-01-10 23:01
    ComboFix4.txt 2009-11-14 08:35
    ComboFix5.txt 2010-03-13 10:20
    Pre-Run: 38,232,137,728 bytes free
    Post-Run: 38,705,131,520 bytes free
    - - End Of File - - 603CEFADF57300EE3E1C7C9D91407AE6

    You might also like