Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Combo Fix

    Hochgeladen von

    kkei_p
    47 Ansichten5 Seiten

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    47 Ansichten5 Seiten

    Combo Fix

    Hochgeladen von

    kkei_p

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    ComboFix 10-07-24.06 - Administrator 08/02/2010 16:56:13.1.

    2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.3191.2930 [GMT 7:00
    ]
    Running from: C:\ComboFix.exe
    AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4
    CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
    AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {5D0
    68A3E-1004-42E8-82BA-920E7657D4EF}
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))
    ))))))))))))))))))))))))
    .
    2010-08-02 09:47 . 2010-07-27 04:16 3744545 ----a-r- C:\ComboFix.exe
    2010-07-30 01:42 . 2010-07-30 02:52 41145273 ----a-w- C:\TL-WN
    321G_100324.zip
    2010-07-30 01:20 . 2010-07-30 01:20 19760937 ----a-w- C:\TL-WN
    321G_v4_100611.zip
    2010-07-27 09:19 . 2010-07-27 09:21 -------- d-----w- c:\progr
    am files\PhotoRescue Pro
    2010-07-26 03:57 . 2010-07-26 03:57 -------- d-----w- c:\progr
    am files\Loaris
    2010-07-26 03:55 . 2010-07-26 04:17 -------- d-----w- c:\progr
    am files\Trojan Remover
    2010-07-22 10:09 . 2010-07-22 10:20 -------- d-----w- C:\ Root
    2010-07-22 04:18 . 2010-07-22 04:18 -------- d-----w- c:\progr
    am files\E-Book Systems
    2010-07-16 08:59 . 2010-07-16 08:59 -------- d-----w- c:\docum
    ents and settings\4409377\Local Settings\Application Data\Installer1468
    2010-07-13 03:35 . 2010-07-13 03:35 -------- d-----w- c:\docum
    ents and settings\4409377\Application Data\PopCapv1001
    2010-07-10 03:04 . 2010-07-10 03:04 -------- d-----w- c:\docum
    ents and settings\All Users\Application Data\Hewlett-Packard
    2010-07-08 08:59 . 2010-07-08 08:59 -------- d-----w- c:\progr
    am files\MySQL
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2010-07-02 05:21 . 2010-07-02 05:21 -------- d-----w- c:\progr
    am files\NetSupport
    2010-07-02 05:20 . 2010-07-02 05:20 -------- d-----w- c:\docum
    ents and settings\All Users\Application Data\Downloaded Installations
    2010-06-29 08:45 . 2010-03-23 09:37 -------- d-----w- c:\progr
    am files\PDFCreator
    2010-06-28 09:17 . 2010-03-21 05:56 95624 ----a-w- c:\documents and
    settings\4409377\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-28 06:50 . 2010-06-28 06:50 -------- d-----w- c:\docum
    ents and settings\4409377\Application Data\Quest Software
    2010-06-28 06:41 . 2010-06-28 06:25 -------- d-----w- c:\progr
    am files\Quest Software
    2010-06-28 06:28 . 2010-06-28 06:28 -------- d-----w- c:\docum
    ents and settings\4409377\Application Data\Software
    2010-06-28 06:28 . 2010-06-28 06:28 -------- d-----w- c:\progr
    am files\MSXML 4.0
    2010-06-15 01:50 . 2010-03-21 02:49 -------- d-----w- c:\progr
    am files\Trend Micro
    2010-06-11 08:38 . 2009-04-16 04:08 90000 ----a-w- c:\windows\syste
    m32\drivers\tmtdi.sys
    2010-06-11 08:37 . 2010-03-21 02:50 162832 ----a-w- c:\windows\syste
    m32\drivers\tmcomm.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-06-20_02.03.03 )))))))))))))))))
    ))))))))))))))))))))))))
    .
    + 2010-06-28 06:28 . 2010-06-28 06:28 82432 c:\windows\WinSxS\x86
    _Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
    + 2004-08-09 20:44 . 2010-08-02 09:53 57090 c:\windows\system32\p
    erfc009.dat
    - 2004-08-09 20:44 . 2010-06-20 01:48 57090 c:\windows\system32\p
    erfc009.dat
    + 2003-04-18 09:29 . 2003-04-18 09:29 82432 c:\windows\system32\m
    sxml4r.dll
    + 2009-06-25 07:14 . 2009-06-25 07:14 20556 c:\windows\system32\D
    naMsg.dll
    + 2010-03-20 18:18 . 2010-07-10 03:04 32768 c:\windows\system32\c
    onfig\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.da
    t
    - 2010-03-20 18:18 . 2010-03-21 00:41 32768 c:\windows\system32\c
    onfig\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.da
    t
    + 2010-03-20 18:18 . 2010-07-10 03:04 32768 c:\windows\system32\c
    onfig\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2010-03-20 18:18 . 2010-03-21 00:41 32768 c:\windows\system32\c
    onfig\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-07-22 04:18 . 2010-07-22 04:18 45056 c:\windows\Installer\
    {D09A4E8E-1989-4021-A78A-49D3BF4D0C09}\_D1ECD8B07B9F_4648_B0E4_43DE6ED37F5B.exe
    + 2010-07-02 05:22 . 2010-07-02 05:22 49152 c:\windows\Installer\
    {B6810134-BACE-42C8-A6F9-99CBBB506415}\ARPPRODUCTICON.exe
    + 2010-06-28 06:28 . 2010-06-28 06:28 32768 c:\windows\Installer\
    {716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
    - 2004-08-09 20:44 . 2010-06-20 01:48 394248 c:\windows\system32\
    perfh009.dat
    + 2004-08-09 20:44 . 2010-08-02 09:53 394248 c:\windows\system32\
    perfh009.dat
    + 2010-06-28 06:41 . 2005-05-03 07:39 135168 c:\windows\system32\
    KXproc.dll
    + 2010-06-28 06:41 . 2002-12-17 23:54 378880 c:\windows\system32\
    KXauth.dll
    + 2010-07-02 05:20 . 2009-07-13 11:54 108024 c:\windows\pcirdist.
    tmp\PCIRISVRHelper.exe
    + 2010-07-02 05:20 . 2009-07-13 11:54 198136 c:\windows\pcirdist.
    tmp\pcirisvr.exe
    + 2010-07-22 04:18 . 2010-07-22 04:18 360960 c:\windows\Installer
    \abb24c.msi
    + 2010-07-08 08:59 . 2010-07-08 08:59 193536 c:\windows\Installer
    \1ad39d9.msi
    + 2010-06-28 06:28 . 2010-06-28 06:28 390656 c:\windows\Installer
    \10ac088.msi
    + 2010-06-28 06:28 . 2010-06-28 06:28 1233920 c:\windows\WinSxS\x
    86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
    + 2003-04-18 09:46 . 2003-04-18 09:46 1233920 c:\windows\system32
    \msxml4.dll
    + 2004-08-09 20:40 . 2010-06-28 06:44 1649376 c:\windows\system32
    \FNTCACHE.DAT
    + 2010-07-02 05:22 . 2010-07-02 05:22 1888256 c:\windows\Installe
    r\e4df73.msi
    + 2010-07-16 09:01 . 2010-07-16 09:01 1840640 c:\windows\Installe
    r\1af6af8.msi
    + 2010-07-16 08:59 . 2010-07-16 08:59 1768448 c:\windows\Installe
    r\1af6a96.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360
    ]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455
    168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.
    exe" [2009-09-07 849192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_s
    l.exe" [2007-05-10 40048]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
    \S-1-5-21-694487599-2004244720-1541874228-1061\Scripts\Logon\0\0]
    "Script"=wsus.bat
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
    \S-1-5-21-694487599-2004244720-1541874228-1061\Scripts\Logon\1\0]
    "Script"=USBAllow.cmd
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus
    ]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\NetSupport Manager\\client32.exe"=
    "c:\\Program Files\\NetSupport Manager\\PCICTLUI.EXE"=
    "c:\\Program Files\\NetSupport Manager\\pcideply.exe"=
    "c:\\Program Files\\NetSupport Manager\\PCISA.EXE"=
    "c:\\Program Files\\NetSupport Manager\\pciscrui.exe"=
    "c:\\Program Files\\NetSupport Manager\\runscrip.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    S2 NetSupport DNA Client;NetSupport DNA Client;c:\program files\NetSupport\NetSu
    pport DNA\Client\DNAClient.exe [7/13/2009 6:53 PM 263688]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/18/2010 8:12 AM
    50704]
    S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tm
    xpflt.sys [2/6/2009 4:13 PM 230928]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Cli
    ent\tmpreflt.sys [2/6/2009 4:13 PM 36368]
    S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\BIN\ONR
    SD.EXE [10/19/2000 11:55 AM 411244]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan C
    lient\TmProxy.exe [2/6/2009 4:13 PM 689416]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{a4f369f0-33d2-11df-a1e4-000ffe3c9036}]
    \Shell\AutoRun\command - H:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{a4f369f2-33d2-11df-a1e4-000ffe3c9036}]
    \Shell\AutoRun\command - H:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2010-08-02 c:\windows\Tasks\iexplore.job
    - c:\program files\Internet Explorer\iexplore.exe [2004-08-04 07:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hp.com
    TCP: {22374C67-4579-4909-AAFF-0EAF6E53D090} = 10.236.92.130
    DPF: {F37FF434-58A2-4E48-B8EC-97723E5DDD57} - hxxps://www.truemoney.co.th/cpg/CP
    GWeb/TruePurseAXR.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2010-08-02 16:59
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(1724)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-08-02 17:03:09
    ComboFix-quarantined-files.txt 2010-08-02 10:03
    ComboFix2.txt 2010-07-14 01:23
    ComboFix3.txt 2010-06-20 02:07
    Pre-Run: 61,993,570,304 bytes free
    Post-Run: 64,434,896,896 bytes free
    - - End Of File - - EAD248EB7F14FDBB9A78F48194F37D96

    Das könnte Ihnen auch gefallen