scan Combo

N

Natan

Użytkownik
Dołączył
Marzec 27, 2013
Posty
5
Witam.

Czy ktoś może spojrzeć czy jest w tym raporcie coś niepokojącego?
Dziękuję.

ComboFix 13-04-27.04 - ja 2013-04-28 21:49:49.1.2 - x86
[GMT 2:00]
Uruchomiony z: F:\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\TZLog.log
c:\windows\ydi.log
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-03-28 do 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-26 14:15 . 2013-04-28 10:11 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 10:03 . 2013-02-28 19:13 44432 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-25 10:03 . 2012-08-13 14:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-02-28 19:13 . 2013-02-28 19:13 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-02-28 19:13 . 2013-02-28 19:13 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-03-27 02:17 . 2013-04-23 15:14 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-15 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2009-04-23 18:17 122880 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-07-24 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-10-21 704512]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2009-04-23 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2009-04-23 3200512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1024000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-28 356376]
"Plus Internet"="c:\program files\Plus Internet\PlusInternetChecker.exe" [2012-03-13 497016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-01-15 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2013-4-23 92280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-11-11 13:33 184320 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-03-14 42608]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2011-01-15 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2011-01-15 210736]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-02-28 44432]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-08-13 145040]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-11-11 151552]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2013-04-23 732160]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-06-27 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-02-28 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-02-28 24920]
R3 NETwLx32; Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2013-04-23 6609920]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2013-04-23 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2008-07-24 6912]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_LTE.sys [2013-04-27 15896]
S3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\drivers\zgdcat.sys [2013-04-27 114456]
S3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\drivers\zgdcdiag.sys [2013-04-27 114456]
S3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\drivers\zgdcmdm.sys [2013-04-27 114456]
S3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\drivers\zgdcnet.sys [2013-04-27 144408]
S3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\drivers\zgdcnmea.sys [2013-04-27 114456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-27 17:36 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-27 17:31]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-27 17:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\r152d4gu.default\
FF - ExtSQL: 2013-04-24 12:42; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-04-24 12:42; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-04-24 12:42; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-04-24 12:42; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-04-24 12:42; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-28 21:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1552)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2013-04-28 22:04:00
ComboFix-quarantined-files.txt 2013-04-28 20:03
.
Przed: 109*752*496*128 bajtów wolnych
Po: 109*756*792*832 bajtów wolnych
.
- - End Of File - - 805DA1AE3A20FF418123EAEF91A017C7
 
You must log in or register to reply here.
Do góry Bottom