Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Combo Fix

    Загружено:

    faranchand
    33 просмотров4 страницы

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    33 просмотров4 страницы

    Combo Fix

    Загружено:

    faranchand

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    ComboFix 11-04-27.03 - Admin 04/28/2011 21:50:10.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.985.737 [GMT 5.5:30
    ]
    Running from: c:\documents and settings\Admin\Desktop\New Folder\gur fILES\Combo
    Fix.exe
    AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F
    34C0}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\rrt_is.wav
    c:\windows\system32\rrt_tn.wav
    c:\windows\system32\rrt_tv.wav
    c:\windows\system32\rrt_vf.wav
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))
    ))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-03-18 17:53 . 2011-04-28 15:57
    142296 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-01 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-01 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-01 142872]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-0
    2 15872]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072
    ]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
    ader Speed Launcher]
    2008-06-11 21:08
    34672 ----a-wc:\program files\Adobe\Reader 9.
    0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMo
    nitor]
    2006-10-26 19:17
    31016 ----a-wc:\program files\Microsoft Offic

    e\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenge
    r (Yahoo!)]
    2010-06-01 04:47
    5252408 ----a-wc:\program files\Yahoo!\Messenge
    r\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto
    ]
    2011-03-20 08:56
    4857856 ----a-wc:\documents and settings\Admin\
    Desktop\New Folder\clinck softs main\RRT6002.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualC
    loneDrive]
    2009-06-17 11:44
    85160 ----a-wc:\program files\Elaborate Bytes
    \VirtualCloneDrive\VCDDaemon.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\UltraVNC\\vncviewer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "5900:TCP"= 5900:TCP:vnc5900
    "5800:TCP"= 5800:TCP:vnc5800
    .
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 A
    M 33800]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2
    008 11:08 AM 472320]
    R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [4/28/2011 8:2
    8 PM 1737200]
    R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [4/28/2011 8:28 PM 11496]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/24/2001 1
    2:30 AM 3584]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/27/2011 6:40 PM 16
    84736]
    .
    .
    ------- Supplementary Scan ------.
    uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {7DD1CCB5-323E-4D31-9180-DA1959FAD693} = 202.54.6.60,202.54.29.5
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Fire
    fox\Profiles\xfctduhc.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-04-28 21:52
    Windows 5.1.2600 Service Pack 2 NTFS

    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX
    .exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-04-28 21:54:23
    ComboFix-quarantined-files.txt 2011-04-28 16:24
    .
    Pre-Run: 10,270,777,344 bytes free
    Post-Run: 10,242,183,168 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"


    /noexecute=optin /fastdetect
    .
    - - End Of File - - 0484BCBF0C6F5141CF72482D0BAE0B37

    Вам также может понравиться