Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Scribd Scribdx
    12 views4 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views4 pages

    Combo Fix

    Uploaded by

    Scribd Scribdx

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    ComboFix 08-03-04.2 - Administrator 2008-03-04 11:23:12.

    1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1543 [GMT 1:00]
    Running from: F:\ComboFix.exe
    * Created a new restore point
    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
    !![/b][/color]
    .
    (((((((((((((((((((((((((
    ))))))))))))))))))))))))
    .

    Files Created from 2008-02-04 to 2008-03-04 )))))))

    2008-03-04 09:25 . 2007-06-05 10:56


    44,928
    m32\drivers\SDTHOOK.SYS
    2008-03-04 09:25 . 2007-06-08 09:44
    8,576
    m32\drivers\kprojbkbwqsg.sys
    2008-02-18 11:25 . 2008-03-04 11:09
    <DIR>
    \mIRC
    2008-02-18 11:25 . 2008-03-04 11:10
    <DIR>
    Settings\Administrator\Application Data\mIRC
    2008-02-12 23:41 . 2008-02-12 23:41
    <DIR>
    Settings\All Users\Application Data\FLEXnet
    2008-02-12 23:08 . 2008-03-04 09:35
    <DIR>
    \Bonjour
    2008-02-12 23:01 . 2008-02-12 23:01
    <DIR>
    \Common Files\Macrovision Shared
    2008-02-12 00:46 . 2008-02-12 00:46
    <DIR>
    \FLVPlayer

    --a------

    C:\WINDOWS\syste

    --a------

    C:\WINDOWS\syste

    d--------

    C:\Program Files

    d--------

    C:\Documents and

    d--------

    C:\Documents and

    d--------

    C:\Program Files

    d--------

    C:\Program Files

    d--------

    C:\Program Files

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2008-03-04 08:43
    --------d-----w C:\Program Files\Winamp Toolbar
    2008-03-04 08:42
    --------d-----w C:\Program Files\MUSHclient
    2008-03-04 08:38
    --------d-----w C:\Program Files\Google
    2008-03-04 08:38
    --------d-----w C:\Program Files\Gadu-Gadu
    2008-03-04 08:38
    --------d-----w C:\Program Files\Common Files\Sy
    mantec Shared
    2008-03-04 08:38
    --------d-----w C:\Program Files\Common Files\So
    nic Shared
    2008-03-04 08:37
    --------d-----w C:\Program Files\Common Files\Li
    ghtScribe
    2008-02-25 08:51
    --------d-----w C:\Program Files\Burn4Free
    2008-02-20 07:45
    --------d-----w C:\Program Files\Symantec
    2008-02-20 07:45
    --------d-----w C:\Documents and Settings\All Us
    ers\Application Data\Symantec
    2008-02-12 22:08
    --------d-----w C:\Program Files\Common Files\Ad
    obe
    2008-02-06 14:06
    --------d-----w C:\Documents and Settings\Admini
    strator\Application Data\Winamp
    2008-02-03 17:00
    --------d-----w C:\Program Files\Norton Security
    Scan
    2008-02-02 11:56
    --------d-----w C:\Program Files\Norton Ghost
    2008-01-24 07:59
    --------d-----w C:\Documents and Settings\All Us
    ers\Application Data\Lavasoft
    2008-01-24 07:58
    9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-01-24 07:58
    8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2008-01-24 07:58
    12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

    2008-01-24 07:50
    --------ers\Application Data\Kaspersky Lab
    2008-01-21 16:07
    229,728 ----a-w
    _9375.exe
    2008-01-11 08:58
    --------nstallation Information
    2008-01-11 08:58
    --------2008-01-06 17:55
    --------.

    d-----w C:\Documents and Settings\All Us


    C:\WINDOWS\Burn4Free_Toolbar_Uninstaller
    d--h--w C:\Program Files\InstallShield I
    d-----w C:\Program Files\Sony
    d-----w C:\Program Files\MoorHunt

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points


    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    )))))))))))))))))))

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C


    20}]
    2007-10-04 21:06
    1135968 --a-----C:\Program Files\Winamp Toolbar\
    winamptb.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    {55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamp
    tb.dll [2007-10-04 21:06 1135968]
    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 01:07
    61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 12:26 13924864 C:\WINDOWS\RTHDCPL.EXE]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2
    005-03-09 09:29 139264]
    "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2
    005-07-27 02:52 184408]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 20:38 7204864]
    "nwiz"="nwiz.exe" [2005-11-04 20:38 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-04 20:38 86016]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-02-25 14:33 127037]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28
    01:50 221184]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01

    :04 84640]
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2007-04
    -10 12:01 1537640]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-0
    9-25 01:11 132496]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDes
    ktop.exe" [2007-05-17 07:56 1831936]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_s
    l.exe" [2007-10-10 19:51 39792]
    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
    Shortcut to Welcome.lnk - C:\Welcome\welcome.exe [2005-09-27 12:08:54 436224]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\C
    ineTray.exe [2005-03-30 11:22:00 114688]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
    rus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewa
    ll]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 11:00]
    R2 Harmonogram automatycznej uslugi LiveUpdate;Harmonogram automatycznej uslugi
    LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-1
    3 14:54]
    S3 hpdat;hpdat;C:\WINDOWS\system32\DRIVERS\hpdat.sys [2005-07-06 07:42]
    S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
    [2001-08-17 12:53]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{06c67930-a135-11dc-bede-0018fe6a417e}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_
    RunDLL Recycled\ctfmon.exe
    \Shell\Open(&0)\command - Recycled\ctfmon.exe
    .

    **************************************************************************
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2008-03-04 11:24:00
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-03-04 11:24:18
    .
    2008-01-23 15:42:29
    --- E O F ---

    You might also like