Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Combo Fix

    Încărcat de

    trostown
    58 vizualizări5 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    58 vizualizări5 pagini

    Combo Fix

    Încărcat de

    trostown

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    ComboFix 09-06-21.01 - admin 06/22/2009 11:42.

    2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1581 [GMT -4:0
    0]
    Running from: c:\combofix\ComboFix.exe
    AV: Command AntiVirus for Windows *On-access scanning enabled* (Updated) {FEC5E6
    82-ED0A-49C9-8BA8-63374386B103}
    .
    (((((((((((((((((((((((((
    ))))))))))))))))))))))))
    .

    Files Created from 2009-05-22 to 2009-06-22 )))))))

    2009-06-22 14:52 . 2009-06-22 14:52


    10134 ----a-rc:\documents and
    settings\admin\Application Data\Microsoft\Installer\{1F964DFE-950D-49B0-B79D-ED
    4DA86BA7E2}\ARPPRODUCTICON.exe
    2009-06-22 14:52 . 2009-06-22 14:52
    16206 ----a-rc:\documents and
    settings\admin\Application Data\Microsoft\Installer\{FF50C859-D6E3-48D8-8463-AC
    CAD248689A}\ARPPRODUCTICON.exe
    2009-06-22 14:47 . 2009-06-22 14:47
    -------d-----wc:\docum
    ents and settings\admin\Application Data\Citrix
    2009-06-22 14:45 . 2009-06-22 14:45
    -------d-----wc:\progr
    am files\Citrix
    2009-06-22 14:40 . 2009-06-22 14:40
    -------d-----wc:\progr
    am files\QuickTime
    2009-06-22 14:39 . 2009-06-22 14:39
    -------d-----wc:\progr
    am files\Apple Software Update
    2009-06-22 14:39 . 2009-06-22 14:39
    -------d-----wc:\docum
    ents and settings\admin\Local Settings\Application Data\Apple
    2009-06-22 14:38 . 2009-06-22 14:38
    -------d-----wc:\docum
    ents and settings\admin\Application Data\Apple Computer
    2009-06-22 14:37 . 2009-06-22 14:37
    -------d-----wc:\docum
    ents and settings\admin\Local Settings\Application Data\Apple Computer
    2009-06-22 13:55 . 2009-03-06 14:22
    284160 -c----wc:\windows\syste
    m32\dllcache\pdh.dll
    2009-06-22 13:55 . 2009-02-09 12:10
    473600 -c----wc:\windows\syste
    m32\dllcache\fastprox.dll
    2009-06-22 13:55 . 2009-02-09 12:10
    401408 -c----wc:\windows\syste
    m32\dllcache\rpcss.dll
    2009-06-22 13:55 . 2009-02-06 11:11
    110592 -c----wc:\windows\syste
    m32\dllcache\services.exe
    2009-06-22 13:55 . 2009-02-06 10:10
    227840 -c----wc:\windows\syste
    m32\dllcache\wmiprvse.exe
    2009-06-22 13:55 . 2009-02-09 12:10
    729088 -c----wc:\windows\syste
    m32\dllcache\lsasrv.dll
    2009-06-22 13:55 . 2009-02-09 12:10
    714752 -c----wc:\windows\syste
    m32\dllcache\ntdll.dll
    2009-06-22 13:55 . 2009-02-09 12:10
    617472 -c----wc:\windows\syste
    m32\dllcache\advapi32.dll
    2009-06-22 13:55 . 2009-02-09 12:10
    453120 -c----wc:\windows\syste
    m32\dllcache\wmiprvsd.dll
    2009-06-22 13:55 . 2008-05-03 11:55
    2560
    ------wc:\windows\syste
    m32\xpsp4res.dll
    2009-06-22 13:35 . 2009-06-22 14:12
    -------d-----wc:\progr
    am files\Microsoft Works
    2009-06-22 13:35 . 2009-06-22 13:35
    -------d-----wc:\progr
    am files\MSBuild
    2009-06-22 13:30 . 2009-06-22 13:30
    -------d-----wc:\docum
    ents and settings\admin\Local Settings\Application Data\Microsoft Help
    2009-06-22 13:30 . 2009-06-22 14:25
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Microsoft Help

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2009-06-22 14:53 . 2008-12-16 13:49
    -------d-----wc:\progr
    am files\Common Files\Adobe
    2009-06-22 14:49 . 2007-08-28 11:21
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Research Machines
    2009-06-22 14:40 . 2007-06-11 12:31
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Apple Computer
    2009-06-22 14:29 . 2007-06-11 12:34
    -------d-----wc:\progr
    am files\Spybot - Search & Destroy
    2009-06-22 14:29 . 2007-06-11 12:34
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-22 14:17 . 2008-12-15 16:48
    -------d-----wc:\progr
    am files\Microsoft Silverlight
    2009-05-07 15:32 . 2003-03-31 12:00
    345600 ----a-wc:\windows\syste
    m32\localspl.dll
    2009-04-29 04:56 . 2006-06-23 15:33
    827392 ----a-wc:\windows\syste
    m32\wininet.dll
    2009-04-29 04:55 . 2004-08-04 07:56
    78336 ----a-wc:\windows\syste
    m32\ieencode.dll
    2009-04-17 12:26 . 2003-03-31 12:00
    1847168 ----a-wc:\windows\syste
    m32\win32k.sys
    2009-04-15 14:51 . 2004-03-06 02:16
    585216 ----a-wc:\windows\syste
    m32\rpcrt4.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    13624 ----a-wc:\program files
    \mozilla firefox\plugins\cgpcfg.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    87360 ----a-wc:\program files
    \mozilla firefox\plugins\CgpCore.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    91448 ----a-wc:\program files
    \mozilla firefox\plugins\confmgr.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    21824 ----a-wc:\program files
    \mozilla firefox\plugins\ctxlogging.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    206136 ----a-wc:\program files
    \mozilla firefox\plugins\ctxmui.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    31544 ----a-wc:\program files
    \mozilla firefox\plugins\icafile.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    40248 ----a-wc:\program files
    \mozilla firefox\plugins\icalogon.dll
    2007-03-16 21:27 . 2007-03-16 21:27
    479232 ----a-wc:\program files
    \mozilla firefox\plugins\msvcm80.dll
    2007-03-16 21:27 . 2007-03-16 21:27
    548864 ----a-wc:\program files
    \mozilla firefox\plugins\msvcp80.dll
    2007-03-16 21:27 . 2007-03-16 21:27
    626688 ----a-wc:\program files
    \mozilla firefox\plugins\msvcr80.dll
    2007-07-20 16:47 . 2007-07-20 16:47
    981170 ----a-wc:\program files
    \mozilla firefox\plugins\sslsdk_b.dll
    2008-02-08 01:46 . 2008-02-08 01:46
    24384 ----a-wc:\program files
    \mozilla firefox\plugins\TcpPServ.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-06-22_15.34.09 )))))))))))))))))
    ))))))))))))))))))))))))
    .
    + 2009-06-22 15:44 . 2009-06-22 15:44 53248
    c:\windows\temp\catch
    me.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))

    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe"
    [2007-03-05 159744]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
    "NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
    "iPrint Tray"="c:\windows\system32\iprntctl.exe" [2006-10-18 40960]
    "iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2006-10-18 45056]
    "NAL"="c:\program files\Novell\ZENworks\NALWIN32.EXE" [2006-06-13 7168]
    "ident"="c:\windows\identd.exe" [1998-11-04 8704]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 87
    2448]
    "avtray"="c:\progra~1\AUTHEN~1\COMMAN~1\avtray.exe" [2008-06-01 144688]
    "untray"="c:\progra~1\AUTHEN~1\COMMAN~1\untray.exe" [2008-06-01 140592]
    "dvprpt"="c:\progra~1\AUTHEN~1\COMMAN~1\dvprpt.exe" [2008-06-01 206128]
    "CSAV_CheckViruses"="c:\progra~1\AUTHEN~1\COMMAN~1\vchk.exe" [2008-06-01 75056]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
    "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_s
    l.exe" [2007-05-11 40048]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    PolyVision driver.lnk - c:\program files\PolyVision\PolyVision driver\PolyVision
    Driver.exe [2009-4-10 3946296]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
    uteHooks]
    "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalS
    hell.dll" [2006-06-28 446464]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \NetIdentity Notification]
    2006-05-02 14:17
    24576 ----a-wc:\windows\system32\Novell\xtnot
    ify.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ
    msv1_0 nwv1_0
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"= c:\\NOVELL\\GroupWise\\grpwise.exe
    "c:\\Novell\\GroupWise\\notify.exe"= c:\\NOVELL\\GroupWise\\notify.exe
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt
    .sys [8/23/2007 11:33 AM 34671]
    R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 3:47 PM
    6899]
    R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program fi
    les\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 11:59 AM 167
    936]
    R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [5
    /2/2006 10:17 AM 61440]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 7:13 PM 36608
    ]
    S3 DCamUSBAverMedia;USB Video Camera for AverVision Digital Presenter;c:\windows
    \system32\drivers\AVerCam.sys [3/20/2007 3:40 PM 12672]
    S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sy
    s [8/29/2007 8:30 AM 34639]
    S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [6/8
    /2007 2:15 PM 33024]
    S3 USBW9684;AVerVision Camera;c:\windows\system32\drivers\2KW9684.SYS [3/20/2007
    3:40 PM 94080]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.brandon.k12.mi.us/
    uInternet Settings,ProxyServer = 10.254.4.20:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {C865CB58-5314-49FD-851D-BB7CE40DF69D} = 10.10.1.104
    DPF: {0249ED44-B640-45BD-8066-17F81BFDC050} - hxxp://10.100.1.2/STREAMPLAYER1.ca
    b
    DPF: {5459BAF4-09A9-422A-AB5C-5F114A7287B5} - hxxp://10.100.1.2/VBPLAYER.cab
    DPF: {85887165-031A-4297-BC4E-6B246C120B9C} - hxxp://10.100.1.2/STREAMPLAYER4.ca
    b
    DPF: {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} - hxxp://10.100.1.2/STREAMPLAYER2.ca
    b
    FF - ProfilePath .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2009-06-22 11:44
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    scan completed successfully


    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - > 'winlogon.exe'(916)
    c:\windows\system32\NETWIN32.DLL
    c:\program files\Novell\ZENworks\ZENPOL32.DLL
    c:\windows\system32\xmlparse.dll
    c:\windows\system32\ZenMup.dll
    c:\program files\Novell\ZENworks\WMNTAPI.DLL
    c:\windows\System32\wbem\fastprox.dll
    - - - - - - - > 'Explorer.exe'(3904)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-06-22 11:45
    ComboFix-quarantined-files.txt 2009-06-22 15:45
    ComboFix2.txt 2009-06-22 15:35
    Pre-Run: 66,694,725,632 bytes free
    Post-Run: 66,681,245,696 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /fastdetect /NoExecute=OptIn
    170

    --- E O F ---

    2007-09-24 16:55

    S-ar putea să vă placă și