wklejto.pl

Dodane przez: ~koston (2008-07-26 17:04) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
ComboFix 08-07-25.7 - Michał 2008-07-26 16:38:46.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1392 [GMT 2:00]
Running from: C:\\Downloads\\ComboFix.exe
Command switches used :: C:\\Downloads\\CFScript.txt
 * Created a new restore point
 * Resident AV is active
 
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
F:\\IEAntiVirus\\ANTIVIR.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINNT\\system32\\AutoRun.inf
C:\\WINNT\\system32\\install.exe
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-26 to 2008-07-26  )))))))))))))))))))))))))))))))
.
 
2008-07-25 20:05 . 2008-07-25 20:05     18,944  --a------       C:\\WINNT\\system32\\sofie.dll
2008-07-25 20:04 . 2008-07-25 20:04     18,944  --a------       C:\\WINNT\\system32\\domiebho.dll
2008-07-25 20:00 . 2008-07-25 20:00     <DIR>   d--------       C:\\Program Files\\SmartSound Software
2008-07-25 20:00 . 2008-07-25 20:00     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\SmartSound Software Inc
2008-07-25 19:59 . 2008-07-25 19:59     <DIR>   d--------       C:\\Program Files\\Windows Media Components
2008-07-25 19:59 . 2008-07-25 19:59     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\InstallShield
2008-07-25 19:38 . 2008-07-25 19:38     43,008  ---------       C:\\WINNT\\system32\\btorrentcli.exe
2008-07-11 00:06 . 2008-07-11 00:09     <DIR>   d--------       C:\\Documents and Settings\\Michał\\Dane aplikacji\\Hamachi
2008-07-11 00:05 . 2008-07-11 00:05     25,280  --a------       C:\\WINNT\\system32\\drivers\\hamachi.sys
2008-07-07 22:23 . 2008-07-07 22:25     <DIR>   d--------       C:\\Program Files\\BitComet
2008-07-07 22:23 . 2008-07-07 22:23     2,560   --a------       C:\\WINNT\\system32\\bitcometres.dll
2008-07-07 22:21 . 2008-07-07 22:21     6,054,320       --a------       C:\\Program Files\\BitComet_1.02_setup.exe
2008-07-01 22:09 . 2008-07-01 22:09     <DIR>   d--------       C:\\Ajt Soft
2008-06-28 00:42 . 2008-06-28 00:42     <DIR>   d--------       C:\\Documents and Settings\\Michał\\Dane aplikacji\\Media Player Classic
2008-06-28 00:42 . 2008-07-25 19:27     69      --a------       C:\\WINNT\\NeroDigital.ini
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 13:51        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-07-25 22:52        6,395,680       --sha-w C:\\WINNT\\system32\\drivers\\fidbox.dat
2008-07-25 22:26        68,384  --sha-w C:\\WINNT\\system32\\drivers\\fidbox2.dat
2008-07-25 18:12        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-25 17:57        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-07-25 17:27        196,608 ----a-w C:\\WINNT\\system32\\drivers\\nStandard.bin
2008-07-24 22:28        7,220   --sha-w C:\\WINNT\\system32\\drivers\\fidbox2.idx
2008-07-24 22:28        49,004  --sha-w C:\\WINNT\\system32\\drivers\\fidbox.idx
2008-07-08 14:15        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\CyberLink
2008-06-20 17:37        246,784 ----a-w C:\\WINNT\\system32\\mswsock.dll
2008-06-20 10:44        360,960 ----a-w C:\\WINNT\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINNT\\system32\\drivers\\afd.sys
2008-06-20 09:32        225,920 ----a-w C:\\WINNT\\system32\\drivers\\tcpip6.sys
2008-06-20 01:00        ---------       d-----w C:\\Program Files\\MSXML 4.0
2008-06-19 15:46        ---------       d-----w C:\\Program Files\\Winamp
2008-06-18 21:43        ---------       d-----w C:\\Documents and Settings\\Michał\\Dane aplikacji\\HP
2008-06-18 21:43        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\WEBREG
2008-06-18 21:41        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Hewlett-Packard
2008-06-18 21:38        ---------       d-----w C:\\Program Files\\HP
2008-06-18 21:38        ---------       d-----w C:\\Documents and Settings\\Michał\\Dane aplikacji\\HPAppData
2008-06-18 21:38        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\HPSSUPPLY
2008-06-18 21:36        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\HP Product Assistant
2008-06-18 21:36        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\HP
2008-06-18 21:35        ---------       d-----w C:\\Program Files\\Common Files\\HP
2008-06-18 21:34        ---------       d-----w C:\\Program Files\\Hewlett-Packard
2008-06-18 21:34        ---------       d-----w C:\\Program Files\\Common Files\\Hewlett-Packard
2008-06-14 18:01        273,024 ------w C:\\WINNT\\system32\\drivers\\bthport.sys
2008-06-13 14:13        96,966  ----a-w C:\\WINNT\\system32\\drivers\\klin.dat
2008-06-13 14:13        88,774  ----a-w C:\\WINNT\\system32\\drivers\\klick.dat
2008-06-13 14:13        112,144 ----a-w C:\\WINNT\\system32\\drivers\\kl1.sys
2008-06-12 15:08        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files
2008-06-11 20:37        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-11 20:34        ---------       d-----w C:\\Program Files\\Common Files\\Adobe Systems Shared
2008-06-11 20:34        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Adobe Systems
2008-06-11 19:39        ---------       d-----w C:\\Program Files\\D-Tools
2008-06-03 18:16        ---------       d-----w C:\\Program Files\\Kaspersky Lab
2008-06-03 18:14        ---------       d-----w C:\\Documents and Settings\\Michał\\Dane aplikacji\\CyberLink
2008-06-03 18:12        ---------       d-----w C:\\Program Files\\CyberLink
2008-06-03 17:54        ---------       d-----w C:\\Documents and Settings\\Michał\\Dane aplikacji\\Ahead
2008-06-03 17:53        ---------       d-----w C:\\Program Files\\Nero
2008-06-03 17:53        ---------       d-----w C:\\Program Files\\Common Files\\Ahead
2008-06-03 17:50        ---------       d-----w C:\\Program Files\\DAEMON Tools Lite
2008-06-03 17:48        717,296 ----a-w C:\\WINNT\\system32\\drivers\\sptd.sys
2008-06-03 17:48        ---------       d-----w C:\\Documents and Settings\\Michał\\Dane aplikacji\\DAEMON Tools
2008-06-03 17:47        155,995 ----a-w C:\\WINNT\\java\\Packages\\F7JT39BL.ZIP
2008-06-03 17:44        ---------       d-----w C:\\Program Files\\IrfanView
2008-06-03 17:34        ---------       d-----w C:\\Program Files\\Windows Media Connect 2
2008-06-03 17:31        ---------       d-----w C:\\Program Files\\Real Alternative
2008-06-03 17:30        ---------       d-----w C:\\Program Files\\QuickTime Alternative
2008-06-03 17:30        ---------       d-----w C:\\Program Files\\Media Player Classic
2008-06-03 17:30        ---------       d-----w C:\\Program Files\\Ligos
2008-06-03 17:30        ---------       d-----w C:\\Program Files\\K-Lite Codec Pack
2008-06-03 17:30        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple Computer
2008-06-03 17:28        ---------       d-----w C:\\Program Files\\eMule
2008-06-03 17:27        ---------       d-----w C:\\Program Files\\MarBit
2008-06-03 16:32        ---------       d-----w C:\\Program Files\\D-Link AirPlus
2008-06-03 16:29        ---------       d-----w C:\\Program Files\\Realtek Sound Manager
2008-06-03 16:29        ---------       d-----w C:\\Program Files\\AvRack
2008-06-03 16:27        ---------       d-----w C:\\Program Files\\AMD
2008-06-03 16:26        ---------       d-----w C:\\Program Files\\ULI5289
2008-06-03 16:23        ---------       d-----w C:\\Program Files\\My Company Name
2008-06-03 16:20        ---------       d-----w C:\\Program Files\\ASUS
2008-06-03 16:03        ---------       d-----w C:\\Program Files\\Usługi online
2008-05-07 05:03        1,291,776       ----a-w C:\\WINNT\\system32\\quartz.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{9873E994-669E-4044-BA64-E5D9AD534A55}]
2008-07-25 20:05        18944   --a------       C:\\WINNT\\system32\\sofie.dll
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"E:\\Gadu-Gadu\\gg.exe\" [2006-11-10 22:30 1853128]
\"ctfmon.exe\"=\"C:\\WINNT\\system32\\ctfmon.exe\" [2004-08-04 02:44 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINNT\\system32\\NvCpl.dll\" [2007-04-19 07:26 7700480]
\"NvMediaCenter\"=\"C:\\WINNT\\system32\\NvMcTray.dll\" [2007-04-19 07:26 86016]
\"GamerOSD\"=\"C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe\" [2007-02-14 09:42 380928]
\"ALi5289\"=\"C:\\Program Files\\ULI5289\\ALi5289.exe\" [2005-03-10 08:56 405504]
\"NeroFilterCheck\"=\"C:\\WINNT\\system32\\NeroCheck.exe\" [2001-07-09 11:50 155648]
\"RemoteControl\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2007-01-08 22:26 68640]
\"LanguageShortcut\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\" [2007-01-08 22:17 52256]
\"DAEMON Tools-1033\"=\"C:\\Program Files\\D-Tools\\daemon.exe\" [2004-08-22 17:05 81920]
\"HP Software Update\"=\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2007-03-11 21:34 49152]
\"nwiz\"=\"nwiz.exe\" [2007-04-19 07:26 1626112 C:\\WINNT\\system32\\nwiz.exe]
\"SoundMan\"=\"SOUNDMAN.EXE\" [2004-12-22 11:09 77824 C:\\WINNT\\SOUNDMAN.EXE]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINNT\\system32\\CTFMON.EXE\" [2004-08-04 02:44 15360]
 
C:\\Documents and Settings\\Michaˆ\\Menu Start\\Programy\\Autostart\\
Adobe Gamma.lnk - C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-09-23 22:05:26 29696]
D-Link AirPlus.lnk - C:\\Program Files\\D-Link AirPlus\\AirPlus.exe [2008-06-03 18:32:22 262144]
HP Digital Imaging Monitor.lnk - C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE [2003-03-16 13:56:02 83360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"DisableCAD\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"NoWelcomeScreen\"= 1 (0x1)
\"NoSMHelp\"= 1 (0x1)
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"ForceClassicControlPanel\"= 1 (0x1)
\"NoInstrumentation\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\eMule\\\\eMule.exe\"=
\"E:\\\\Gadu-Gadu\\\\gg.exe\"=
\"F:\\\\CS\\\\hl.exe\"=
\"C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
\"E:\\\\swiadectwa\\\\Swiadectwa 6\\\\swiadectwa.exe\"=
\"G:\\\\Quake3\\\\Quake3\\\\quake3.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"27142:TCP\"= 27142:TCP:BitComet 27142 TCP
\"27142:UDP\"= 27142:UDP:BitComet 27142 UDP
\"21820:TCP\"= 21820:TCP:BitComet 21820 TCP
\"21820:UDP\"= 21820:UDP:BitComet 21820 UDP
 
R0 m5289;m5289;C:\\WINNT\\system32\\DRIVERS\\m5289.sys [2004-12-01 04:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\\WINNT\\system32\\DRIVERS\\agpkx.sys [2005-05-03 11:31]
R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\\WINNT\\system32\\drivers\\asusgsb32.sys [2005-10-20 16:25]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\\WINNT\\system32\\DRIVERS\\klim5.sys [2007-04-04 14:58]
R3 Video3D;ASUS Video3D Service;C:\\WINNT\\system32\\Drivers\\Video3D32.sys [2006-09-29 10:06]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
 
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-NWEReboot - (no file)
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 17:06:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-26 17:08:16
ComboFix-quarantined-files.txt  2008-07-26 15:08:11
 
Pre-Run: 4,762,882,048 bajtów wolnych
Post-Run: 4,663,910,400 bajtów wolnych
 
187     --- E O F ---   2008-07-09 01:00:36
 
Wygenerowano w 0.084s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!