wklejto.pl

Dodane przez: ~Kuba (2008-07-08 19:07) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
ComboFix 08-07-07.3 - grzesiek 2008-07-08 19:10:04.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.665 [GMT 2:00]
Running from: H:\\Documents and Settings\\grzesiek\\Pulpit\\ComboFix.exe
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
H:\\autorun.inf
I:\\Autorun.inf
J:\\Autorun.inf
K:\\Autorun.inf
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-08 to 2008-07-08  )))))))))))))))))))))))))))))))
.
 
2008-07-08 14:35 . 2008-07-08 14:35     <DIR>   d--------       H:\\Program Files\\Trend Micro
2008-07-08 12:53 . 2008-07-08 13:56     <DIR>   d--------       H:\\Program Files\\THE GODFATHER
2008-07-07 16:24 . 2004-08-04 00:44     159,232 --a------       H:\\WINDOWS\\system32\\ptpusd.dll
2008-07-07 16:24 . 2004-08-03 22:58     15,104  --a------       H:\\WINDOWS\\system32\\drivers\\usbscan.sys
2008-07-07 16:24 . 2004-08-03 22:58     15,104  --a--c---       H:\\WINDOWS\\system32\\dllcache\\usbscan.sys
2008-07-07 16:24 . 2001-10-26 17:29     5,632   --a------       H:\\WINDOWS\\system32\\ptpusb.dll
2008-07-07 12:32 . 2008-07-07 12:32     <DIR>   d--------       H:\\WINDOWS\\Sun
2008-07-07 12:31 . 2008-07-07 12:31     <DIR>   d--------       H:\\Program Files\\ffdshow
2008-07-07 12:31 . 2008-06-08 23:58     60,273  --a------       H:\\WINDOWS\\system32\\pthreadGC2.dll
2008-07-07 12:31 . 2008-06-12 20:36     7,680   --a------       H:\\WINDOWS\\system32\\ff_vfw.dll
2008-07-07 12:31 . 2007-07-10 18:10     547     --a------       H:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2008-07-07 12:30 . 2008-07-07 12:30     <DIR>   d--------       H:\\Program Files\\MarBit
2008-07-07 12:29 . 2008-07-07 12:29     <DIR>   d--------       H:\\Program Files\\Alwil Software
2008-07-07 12:28 . 2008-03-25 02:37     69,632  --a------       H:\\WINDOWS\\system32\\javacpl.cpl
2008-07-07 12:27 . 2008-07-07 12:28     <DIR>   d--------       H:\\Program Files\\Java
2008-07-07 12:15 . 2008-07-07 12:15     <DIR>   d--------       H:\\Program Files\\Common Files\\Java
2008-07-07 11:54 . 2008-07-07 11:54     116,932 -r-hs----       H:\\qxbx9blb.com
2008-07-06 19:42 . 2008-07-06 19:45     <DIR>   d--------       H:\\Program Files\\Xfire
2008-07-06 19:42 . 2008-07-08 14:33     <DIR>   d--------       H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\Xfire
2008-07-06 18:44 . 2008-07-06 18:44     1,316   --a------       H:\\WINDOWS\\system32\\sdbackup.reg
2008-07-06 17:14 . 2008-07-06 17:44     23,352  --a------       H:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys
2008-07-06 17:13 . 2008-07-06 17:13     <DIR>   d--------       H:\\WINDOWS\\system32\\LogFiles
2008-07-06 17:13 . 2008-07-06 17:44     107,832 --a------       H:\\WINDOWS\\system32\\PnkBstrB.exe
2008-07-06 17:13 . 2008-07-06 17:13     66,872  --a------       H:\\WINDOWS\\system32\\PnkBstrA.exe
2008-06-26 22:09 . 2008-06-26 22:09     42,320  --a------       H:\\WINDOWS\\system32\\xfcodec.dll
2008-06-25 20:57 . 2008-06-25 20:57     1,160   --a------       H:\\WINDOWS\\mozver.dat
2008-06-25 20:20 . 2008-06-25 20:20     <DIR>   d--------       H:\\Documents and Settings\\All Users\\Dane aplikacji\\nView_Profiles
2008-06-25 16:21 . 2008-07-08 18:24     <DIR>   d--------       H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\skypePM
2008-06-25 16:21 . 2008-06-25 16:21     56      --ah-----       H:\\WINDOWS\\system32\\ezsidmv.dat
2008-06-25 16:18 . 2008-06-25 16:18     <DIR>   d--------       H:\\Program Files\\Skype
2008-06-25 16:18 . 2008-06-25 16:18     <DIR>   d--------       H:\\Program Files\\Common Files\\Skype
2008-06-25 16:18 . 2008-07-08 18:52     <DIR>   d--------       H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\Skype
2008-06-25 16:18 . 2008-06-25 16:18     <DIR>   d--------       H:\\Documents and Settings\\All Users\\Dane aplikacji\\Skype
2008-06-25 16:15 . 2008-06-25 16:15     20      --a------       H:\\WINDOWS\\naglos.INI
2008-06-25 16:04 . 2008-06-25 16:04     <DIR>   d--------       H:\\Program Files\\Gadu-Gadu
2008-06-25 16:04 . 2008-07-06 16:26     <DIR>   d--------       H:\\Documents and Settings\\grzesiek\\Gadu-Gadu
2008-06-13 20:55 . 2008-06-13 20:55     0       --a------       H:\\WINDOWS\\nsreg.dat
2008-06-13 20:53 . 2008-06-13 20:53     <DIR>   d----c---       H:\\WINDOWS\\system32\\DRVSTORE
2008-06-13 20:53 . 2008-06-13 20:53     <DIR>   d--------       H:\\Program Files\\RALINK
2008-06-13 20:53 . 2007-07-28 16:10     483,968 --a------       H:\\WINDOWS\\system32\\drivers\\rt61.sys
2008-06-13 20:53 . 2008-06-13 20:53     21,419  --a------       H:\\WINDOWS\\system32\\drivers\\AegisP.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 18:53        ---------       d--h--w H:\\Program Files\\InstallShield Installation Information
2008-05-31 09:12        ---------       d-----w H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\Ahead
2008-05-31 01:32        15,600  ----a-w H:\\WINDOWS\\gdrv.sys
2008-05-31 01:30        315,392 ----a-w H:\\WINDOWS\\HideWin.exe
2008-05-31 01:30        ---------       d-----w H:\\Program Files\\Realtek
2008-05-31 01:09        ---------       d-----w H:\\Program Files\\Yahoo!
2008-05-31 01:03        ---------       d-----w H:\\Program Files\\microsoft frontpage
2008-05-31 01:02        ---------       d-----w H:\\Program Files\\Usługi online
2008-05-30 20:32        ---------       d-----w H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\Creative
2008-05-30 20:29        ---------       d-----w H:\\Documents and Settings\\All Users\\Dane aplikacji\\Creative
2008-05-30 20:24        ---------       d-----w H:\\Program Files\\Creative
2008-05-30 20:20        ---------       d-----w H:\\Program Files\\Common Files\\InstallShield
2008-05-30 20:18        ---------       d-----w H:\\Program Files\\muvee Technologies
2008-05-30 20:18        ---------       d-----w H:\\Program Files\\Common Files\\muvee Technologies
2008-05-30 20:17        ---------       d-----w H:\\Program Files\\SightSpeed
2008-05-30 20:17        ---------       d-----w H:\\Documents and Settings\\grzesiek\\Dane aplikacji\\InstallShield
2008-05-30 20:17        ---------       d-----w H:\\Documents and Settings\\All Users\\Dane aplikacji\\muvee Technologies
2008-05-30 19:57        88,064  ----a-w H:\\WINDOWS\\system32\\AudioExCtl.dll
2008-05-30 19:57        ---------       d-----w H:\\Program Files\\Winamp
2008-05-30 19:57        ---------       d-----w H:\\Program Files\\Mjuice Media Player
2008-05-30 19:56        ---------       d-----w H:\\Program Files\\Common Files\\Adobe
2008-05-30 19:43        ---------       d-----w H:\\Program Files\\Common Files\\Ahead
2008-05-30 19:43        ---------       d-----w H:\\Documents and Settings\\All Users\\Dane aplikacji\\Ahead
2008-05-30 19:42        ---------       d-----w H:\\Program Files\\Nero
2008-05-30 19:42        ---------       d-----w H:\\Documents and Settings\\All Users\\Dane aplikacji\\Nero
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"H:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
\"Creative Live! Cam Manager\"=\"H:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe\" [2007-06-07 14:01 155648]
\"MSMSGS\"=\"H:\\Program Files\\Messenger\\msmsgs.exe\" [2004-08-04 00:55 1667584]
\"Gadu-Gadu\"=\"H:\\Program Files\\Gadu-Gadu\\gg.exe\" [2006-02-17 15:03 2396160]
\"Skype\"=\"H:\\Program Files\\Skype\\Phone\\Skype.exe\" [2008-05-30 16:03 21834536]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"H:\\WINDOWS\\system32\\NvCpl.dll\" [2007-05-11 00:03 8429568]
\"NvMediaCenter\"=\"H:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-05-11 00:03 81920]
\"NeroFilterCheck\"=\"H:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2007-03-01 15:57 153136]
\"SecurDisc\"=\"H:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe\" [2007-05-15 15:55 1628208]
\"InCD\"=\"H:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe\" [2007-05-15 15:55 1057328]
\"WinampAgent\"=\"H:\\Program Files\\Winamp\\Winampa.exe\" [2008-05-30 21:57 24576]
\"SunJavaUpdateSched\"=\"H:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 04:28 144784]
\"avast!\"=\"H:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-05-16 01:19 79224]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-07-05 10:08 16380416 H:\\WINDOWS\\RTHDCPL.exe]
\"SkyTel\"=\"SkyTel.EXE\" [2007-06-15 10:45 1826816 H:\\WINDOWS\\SkyTel.exe]
\"nwiz\"=\"nwiz.exe\" [2007-05-11 00:03 1626112 H:\\WINDOWS\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"H:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
H:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Microsoft Office.lnk - H:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE [2001-02-13 10:01:04 83360]
Ralink Wireless Utility.lnk - H:\\Program Files\\RALINK\\Common\\RaUI.exe [2008-06-13 20:53:39 2297856]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.XFR1\"= xfcodec.dll
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"H:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"H:\\\\Program Files\\\\Xfire\\\\xfire.exe\"=
\"H:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R1 aswSP;avast! Self Protection;H:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;H:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R3 V0420VID;Live! Cam Vista IM (VF0420);H:\\WINDOWS\\system32\\DRIVERS\\V0420Vid.sys [2007-05-31 03:32]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e9a6fbe6-3979-11dd-970e-e11912e149cf}]
\\Shell\\AutoRun\\command - L:\\g83816.com
\\Shell\\explore\\Command - L:\\g83816.com
\\Shell\\open\\Command - L:\\g83816.com
 
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 19:11:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-08 19:11:28
ComboFix-quarantined-files.txt  2008-07-08 17:11:26
 
Pre-Run: 4,865,884,160 bajtów wolnych
Post-Run: 4,891,209,728 bajtów wolnych
 
143
 
Wygenerowano w 0.067s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!