Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Combo Fix

    Încărcat de

    seifer7894
    14 vizualizări6 pagini
    comb

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    comb

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    14 vizualizări6 pagini

    Combo Fix

    Încărcat de

    seifer7894
    comb

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 6

    ComboFix 11-10-10.02 - Brendan 10/10/2011 19:31:33.1.

    2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2045.752 [GMT 1:00]
    Running from: c:\users\Brendan\Downloads\Programs\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496
    150D6A06}
    AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB
    1284F42AB2}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D
    }
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE4
    6E8A20BB}
    SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\users\Brendan\AppData\Roaming\1DA95376414E541DA95376.exe
    c:\users\Brendan\AppData\Roaming\22DF.exe
    c:\users\Brendan\AppData\Roaming\28E9.exe
    c:\users\Brendan\AppData\Roaming\2C31.tmp
    c:\users\Brendan\AppData\Roaming\31D0.exe
    c:\users\Brendan\AppData\Roaming\37A3.exe
    c:\users\Brendan\AppData\Roaming\4A88.exe
    c:\users\Brendan\AppData\Roaming\526B.exe
    c:\users\Brendan\AppData\Roaming\5CD7.exe
    c:\users\Brendan\AppData\Roaming\6428.exe
    c:\users\Brendan\AppData\Roaming\9EC0.tmp
    c:\users\Brendan\AppData\Roaming\A3CF.tmp
    c:\users\Brendan\AppData\Roaming\Aqisis.exe
    c:\users\Brendan\AppData\Roaming\brone.exe
    c:\users\Brendan\AppData\Roaming\CBD8.tmp
    c:\users\Brendan\AppData\Roaming\CE69.exe
    c:\users\Brendan\AppData\Roaming\E1A7.exe
    c:\users\Brendan\AppData\Roaming\E687.exe
    c:\users\Brendan\AppData\Roaming\explorer_cache12112.tmp
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\install.js
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\install.rdf
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
    c:\users\Brendan\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
    c:\users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1
    DA95376414E541DA95376.LNK
    c:\users\Brendan\AppData\Roaming\spwin.exe
    .

    .
    ((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))
    ))))))))))))))))))))))))
    .
    .
    2011-10-10 18:43 . 2011-10-10 18:43
    -------d-----wc:\users
    \Default\AppData\Local\temp
    2011-10-10 17:07 . 2011-10-10 18:09
    -------d-----wc:\progr
    amdata\Spybot - Search & Destroy
    2011-10-10 17:07 . 2011-10-10 17:07
    -------d-----wc:\progr
    am files\Spybot - Search & Destroy
    2011-10-03 23:45 . 2011-10-03 23:45
    -------d-----wc:\progr
    amdata\Lavasoft
    2011-10-03 23:45 . 2011-10-03 23:45
    -------d-----wc:\progr
    am files\Lavasoft
    2011-09-18 21:25 . 2011-09-18 21:25
    -------d-----wc:\users
    \Brendan\AppData\Local\Activision
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-07-22 04:56 . 2011-08-10 13:40
    1638912 ----a-wc:\windows\syste
    m32\mshtml.tlb
    2011-07-16 04:37 . 2011-08-10 13:40
    169984 ----a-wc:\windows\syste
    m32\winsrv.dll
    2011-07-16 04:34 . 2011-08-10 13:40
    290816 ----a-wc:\windows\syste
    m32\KernelBase.dll
    2011-07-16 04:31 . 2011-08-10 13:40
    271360 ----a-wc:\windows\syste
    m32\conhost.exe
    2011-07-16 04:19 . 2011-08-10 13:40
    5120
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4608
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4096
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4096
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4096
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4096
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    4096
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste

    m32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 13:40
    6144
    ---ha-wc:\windows\syste
    m32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 13:40
    4608
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 13:40
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 13:40
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-util-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-01-25 10:40
    67680 ----a-wc:\program files\Internet Downlo
    ad Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-02-01 32659
    44]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2
    009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
    "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07
    108496]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_
    sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-1110 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

    [2011-06-14 352976]
    .
    c:\users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-7-12 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SS
    Scheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KA
    SPER~1\kloehk.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice
    ]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
    irus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
    :\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
    Update.exe [2011-02-20 136176]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search
    & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\Goog
    leUpdate.exe [2011-02-20 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program
    files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\W
    atAdminSvc.exe [2011-02-06 1343400]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 23916
    8]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 3
    38880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.s
    ys [2010-07-16 656320]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-12 697328]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sy
    s [2010-04-22 22104]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program fi
    les\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pc
    tsAuxs.exe [2010-03-15 366840]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA
    Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [200
    9-11-02 19984]
    .
    .
    Contents of the 'Scheduled Tasks' folder

    .
    2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:18]
    .
    2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:18]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://facebook.com
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Secur
    ity 2011\ie_banner_deny.htm
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEG
    etAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Man
    ager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Free YouTube Download - c:\users\Brendan\AppData\Roaming\DVDVideoSoftIEHelpe
    rs\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Brendan\AppData\Roaming\DVDVideoSof
    tIEHelpers\freeyoutubetomp3converter.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 62.231.32.10 62.231.32.11
    FF - ProfilePath - c:\users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\vg8
    1mzm0.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Fir
    efox\extensions\KavAntiBanner@Kaspersky.ru
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozi
    lla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program f
    iles\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Moz
    illa Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E
    31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\
    program files\PC Tools Security\BDT\Firefox
    .
    - - - - ORPHANS REMOVED - - - .
    HKCU-Run-Tqisil - c:\users\Brendan\AppData\Roaming\Tqisil.exe
    HKCU-Run-1DA95376414E541DA95376 - c:\users\Brendan\AppData\Roaming\1DA95376414E5
    41DA95376.exe
    HKCU-Run-Driver Control Manager v1.1 - c:\users\Brendan\AppData\Roaming\brone.ex
    e
    HKCU-Run-Aqisis - c:\users\Brendan\AppData\Roaming\Aqisis.exe
    .
    .
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
    .net
    Windows 6.1.7600 Disk: WDC_WD16 rev.05.0 -> Harddisk0\DR0 -> \Device\0000005b
    .

    device: opened successfully


    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 312499998 (+255): user != kernel
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_USERS\S-1-5-21-3300789065-1087687249-667641779-1000_Classes\CLSID\{7B8E916
    4-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):f1,d9,bd,fd,33,5f,62,f1,7b,96,9f,55,8c,26,9d,cc,94,09,f9,c7,3c,
    bb,fd,ce,3b,f1,6f,11,07,8d,ac,00,f7,ed,12,73,e9,3f,e8,e9,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3300789065-1087687249-667641779-1000_Classes\CLSID\{ac325ee
    d-f899-4fd0-9fe2-0a0670ff1466}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000009d
    "Therad"=dword:0000001c
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-10-10 19:48:30
    ComboFix-quarantined-files.txt 2011-10-10 18:48
    .
    Pre-Run: 67,559,309,312 bytes free
    Post-Run: 67,429,601,280 bytes free
    .
    - - End Of File - - DF0B01BA3263F6E847760583541C16D3

    S-ar putea să vă placă și