ComboFix jelentés elemzés?
ComboFix 12-03-26.04 - xpturbó 012.03.27. 10:45:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.767.443 [GMT 2:00]
Running from: c:\documents and settings\xpturbó\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus System 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-25 16:43 . 2012-03-25 16:43 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2012-03-25 16:43 . 2012-03-25 17:24 -------- d-----w- c:\documents and settings\xpturbó\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2012-03-25 13:14 . 2012-03-25 13:14 -------- d-----w- c:\program files\RAR Password Recovery Magic
2012-03-23 10:39 . 2011-07-01 03:46 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-03-23 10:39 . 2012-03-25 13:08 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-03-21 15:51 . 2004-03-08 23:00 167968 ----a-w- c:\windows\system32\msmask32.ocx
2012-03-21 15:51 . 2012-03-21 15:51 -------- d-----w- c:\program files\XaviWare Software
2012-03-21 07:58 . 2012-03-21 14:10 -------- d-----w- c:\program files\ElcomSoft
2012-03-20 14:48 . 2012-03-20 14:49 -------- d-----w- c:\documents and settings\xpturbó\Local Settings\Application Data\Solid State Networks
2012-03-15 20:44 . 2012-03-15 20:44 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-15 16:26 . 2012-03-15 20:43 -------- d-----w- c:\program files\Need for Speed Most Wanted
2012-03-15 14:03 . 2012-03-15 20:43 -------- d-----w- c:\program files\Kísért a múlt
2012-03-09 13:07 . 2012-03-09 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-03-09 13:01 . 2012-03-09 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-03-09 13:01 . 2012-03-09 13:01 -------- d-----w- c:\program files\Comodo
2012-03-09 13:01 . 2012-03-09 13:01 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-09 11:43 . 2012-03-09 22:13 -------- d-----w- c:\program files\uTorrent
2012-03-09 11:43 . 2012-03-27 07:58 -------- d-----w- c:\documents and settings\xpturbó\Application Data\uTorrent
2012-03-03 14:18 . 2012-03-03 14:18 -------- d-----w- c:\program files\Topos
2012-03-03 14:11 . 2012-03-03 14:11 -------- d-----w- c:\documents and settings\xpturbó\Application Data\uniblue
2012-03-03 14:09 . 2012-03-03 14:09 -------- d-----w- c:\program files\Uniblue
2012-03-03 13:23 . 2012-03-03 13:23 -------- d-----r- C:\AHCache
2012-03-03 12:39 . 2012-03-03 12:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-03-03 11:35 . 2011-12-30 16:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-03 11:12 . 2012-03-03 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-03-03 11:12 . 2012-03-04 08:57 -------- d-----w- c:\documents and settings\xpturbó\Application Data\IObit
2012-03-03 11:11 . 2012-03-03 11:11 -------- d-----w- c:\program files\IObit
2012-03-03 10:59 . 2012-03-04 12:08 -------- d-----w- c:\documents and settings\xpturbó\Application Data\DMCache
2012-03-01 17:54 . 2012-03-01 17:54 -------- d-----w- c:\documents and settings\xpturbó\Local Settings\Application Data\Identities
2012-02-27 09:14 . 2012-02-27 09:14 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-19 17:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-12-19 17:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2012-01-17 20:00 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-19 17:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-19 17:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-19 17:58 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-20 19:29 . 2012-01-29 18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 07:21 . 2012-02-03 07:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 07:21 . 2012-02-03 07:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-13 08:05 . 2011-09-19 15:36 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-13 07:46 . 2012-01-13 07:46 159685 ----a-w- c:\windows\Driver Genius Professional Uninstaller.exe
2012-01-13 06:22 . 2012-01-13 06:23 298104 ----a-w- c:\windows\system32\imon.dll
2012-01-13 06:22 . 2012-01-13 06:23 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2012-01-13 06:22 . 2012-01-13 06:23 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2012-01-12 17:20 . 2008-04-14 06:36 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 06:10 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-02-18 08:50 . 2012-01-15 14:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-19 750456]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2012-01-13 949376]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Check for Updates.lnk]
backup=c:\windows\pss\Check for Updates.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2011-12-29 15:43 620376 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 15:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtXpStack]
2011-09-19 15:48 2186400 ----a-w- c:\program files\Bluetooth XP Suite\BluetoothSuit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 09:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-11-23 10:27 208184 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-11-23 10:27 182584 ----a-w- c:\program files\Comodo\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-13 09:37 136176 ----atw- c:\documents and settings\xpturbó\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 07:02 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-01 08:19 2423752 ----a-w- c:\documents and settings\xpturbó\Asztal\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
2012-03-15 20:46 451704 ----a-w- c:\program files\ESET\UpdateReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-17 19:56 74752 ----a-w- d:\program files\winamp\Winamp\Új mappa\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\winamp\\Winamp\\Új mappa\\Winamp\\winamp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2998:UDP"= 2998:UDP:TCP/IP
"2998:TCP"= 2998:TCP:TCP/IP
"29984:TCP"= 29984:TCP:TCP/U
"29984:UDP"= 29984:UDP:TCP/U
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012.01.17. 22:00 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011.12.19. 19:59 31704]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2012.01.13. 8:23 15424]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012.03.03. 13:11 497496]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [2011.11.23. 12:27 1052472]
R3 WFLR6654;WinFast DV2000 (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2012.01.13. 9:57 433920]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [2009.08.24. 10:14 44544]
S3 BTATHPROT;General Bluetooth Filter;c:\windows\system32\drivers\btathprot.sys [2012.01.13. 10:05 663328]
S3 BTATHUSB;General Bluetooth Device;c:\windows\system32\drivers\btathusb.sys [2012.01.13. 10:05 79008]
S3 btfilter;General Bluetooth Filter ss;c:\windows\system32\drivers\btfilter.sys [2012.01.13. 10:05 244768]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-03-26 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-03-03 17:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.oldalinfo.hu/
uInternet Connection Wizard,ShellNext = iexplore
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 87.229.0.101 212.92.23.135
TCP: Interfaces\{011C5D83-A43A-4FA5-8620-208FE8D4B6B1}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\xpturbó\Application Data\Mozilla\Firefox\Profiles\ilr51apr.default\
FF - prefs.js: browser.startup.homepage - www.oldalinfo.hu
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [link]
Rootkit scan 2012-03-27 10:57
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1192)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(924)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-03-27 11:01:43
ComboFix-quarantined-files.txt 2012-03-27 09:01
ComboFix2.txt 2012-03-27 08:25
.
Pre-Run: 24 144 285 696 bájt szabad
Post-Run: 24 081 186 816 bájt szabad
.
- - End Of File - - 6DB52BF14BE0DF3E7F2E531EB3EB3C01
válasza:Kapcsolódó kérdések:
Minden jog fenntartva © 2024, www.gyakorikerdesek.hu
GYIK | Szabályzat | Jogi nyilatkozat | Adatvédelem | Cookie beállítások | WebMinute Kft. | Facebook | Kapcsolat: info(kukac)gyakorikerdesek.hu
Ha kifogással szeretne élni valamely tartalommal kapcsolatban, kérjük jelezze e-mailes elérhetőségünkön!