Combo Fix

ComboFix 14-03-05.01 - Contab2 07.03.2014 13:23:17.7.
2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1611 [GMT 2:00
]
Running from: d:\kitt\martie6\SilvicaVirushi\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\documents and settings\Contab2\Application Data\Akeph
c:\documents and settings\Contab2\Application Data\Akeph\hyezv.exe
c:\documents and settings\Contab2\Application Data\Apty
c:\documents and settings\Contab2\Application Data\Apty\oxun.exe
c:\documents and settings\Contab2\Application Data\Fyryaf
c:\documents and settings\Contab2\Application Data\Fyryaf\itukt.ohu
c:\documents and settings\Contab2\Application Data\Gewoat
c:\documents and settings\Contab2\Application Data\Gewoat\xaiv.qiv
c:\documents and settings\Contab2\Application Data\Ifnooq
c:\documents and settings\Contab2\Application Data\Ifnooq\ysoq.owe
c:\documents and settings\Contab2\Application Data\Leryq
c:\documents and settings\Contab2\Application Data\Leryq\nyed.gau
c:\documents and settings\Contab2\Application Data\Mayvo
c:\documents and settings\Contab2\Application Data\Mayvo\pury.ylo
c:\documents and settings\Contab2\Application Data\Ohep
c:\documents and settings\Contab2\Application Data\Ohep\odawi.exe
c:\documents and settings\Contab2\Application Data\Ukaxc
c:\documents and settings\Contab2\Application Data\Ukaxc\deufy.exe
c:\documents and settings\Contab2\Application Data\Uzcoub
c:\documents and settings\Contab2\Application Data\Uzcoub\vuyfa.exe
c:\documents and settings\Contab2\Application Data\Zete
c:\documents and settings\Contab2\Application Data\Zete\olra.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-07 to 2014-03-07 )))))))
))))))))))))))))))))))))
.
.
2014-03-07 11:20 . 2014-03-07 11:21
-------d-----wC:\AdwCl
eaner
2014-03-07 11:12 . 2014-03-07 11:12
-------d-----wC:\TDSSK
iller_Quarantine
2014-03-06 19:07 . 2014-03-07 07:29
-------d-----wc:\docum
ents and settings\Contab2\Application Data\Duam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-0
1 5252408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[2011-12-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"ScCertPropUI"="c:\windows\system32\ScCertPropUI.exe" [2010-11-16 20480]
"eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2009
-11-15 230752]
"IDProtect Monitor"="c:\program files\Athena\IDProtect Client\Utils\IDProtect Mo
nitor.exe" [2010-12-02 323664]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-0404 958576]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [201
0-12-17 332288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2013-04-04 21:06
958576 ----a-wc:\program files\Common Files\Ad
obe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenge
r (Yahoo!)]
2010-06-01 07:17
5252408 ----a-wc:\program files\Yahoo!\Messenge
r\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
erCheck]
2001-07-09 09:50
155648 ----a-wc:\windows\system32\NeroCheck.ex
e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAg
ent]
2010-01-13 22:44
37888 ----a-wc:\program files\Winamp\winampa.
exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"?etadpug"=2 (0x2)
"YahooAUService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06.08.2012 7:03 PM 3600
0]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Deskto
p\sched.exe [06.08.2012 7:04 PM 86224]
S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [15.11.
2009 11:45 AM 12640]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbams
cheduler.exe [05.06.2013 9:52 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservi
ce.exe [05.06.2013 9:52 AM 701512]
S2 ppsio2;PPDevice;c:\windows\system32\drivers\PPSIO2.SYS [11.03.2011 3:01 PM 22
400]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spo
ol\drivers\w32x86\3\NetFaxServer.exe [05.03.2012 4:25 PM 175616]
S2 ScanDrv;ScanDrv;c:\windows\system32\drivers\SCANDRV.SYS [11.03.2011 3:58 PM 1
95120]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [14.03.2011 8:36 AM 5120
]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [26.05.2011 2:16 PM 34472]
S3 ASEDRV3;ASEDRV3;c:\windows\system32\drivers\ASEDRV3.sys [26.05.2011 2:17 PM 5
0176]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.08.2009 12:07 PM
89600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05.06.2013
9:52 AM 22856]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd8e0a8e4d86b8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:20]
.
2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:20]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.google.ro/
Trusted Zone: gmail.com\www
Trusted Zone: google.com\www
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - .
Toolbar-Locked - (no file)
HKLM-Run-AS2014 - (no file)
SafeBoot-67436436.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2014-03-07 13:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...

.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602
_168_ActiveX.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2014-03-07 13:26:24
ComboFix-quarantined-files.txt 2014-03-07 11:26
ComboFix2.txt 2013-06-05 07:33

ComboFix3.txt 2013-06-05 07:18
ComboFix4.txt 2012-08-06 16:57
ComboFix5.txt 2014-03-07 11:22
.
Pre-Run: 24,941,572,096 bytes free
Post-Run: 24,951,152,640 bytes free
.
- - End Of File - - C4BBF5523967F2DA18A4BB3B1E47BBD1
8F558EB6672622401DA993E1E865C861

Combo Fix

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Combo Fix

Hochgeladen von

Copyright:

Verfügbare Formate

ComboFix 14-03-05.01 - Contab2 07.03.2014 13:23:17.7.

scanning hidden processes ...

ComboFix2.txt 2013-06-05 07:33

Das könnte Ihnen auch gefallen