wklejto.pl

Dodane przez: irbar (2008-08-11 07:16) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
ComboFix 08-08-08.07 - irbar 2008-08-11  7:00:52.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1400 [GMT 2:00]
Running from: F:\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\irbar\\Pulpit\\Error Cleaner.url
C:\\Documents and Settings\\irbar\\Pulpit\\Privacy Protector.url
C:\\Documents and Settings\\irbar\\Pulpit\\Spyware&Malware Protection.url
C:\\Documents and Settings\\irbar\\Ulubione\\Error Cleaner.url
C:\\Documents and Settings\\irbar\\Ulubione\\Privacy Protector.url
C:\\Documents and Settings\\irbar\\Ulubione\\Spyware&Malware Protection.url
C:\\WINDOWS\\bgrqfetx.dll
C:\\WINDOWS\\Downloaded Program Files\\setup.inf
C:\\WINDOWS\\eqbn.exe
C:\\WINDOWS\\privacy_danger
C:\\WINDOWS\\privacy_danger\\images\\capt.gif
C:\\WINDOWS\\privacy_danger\\images\\danger.jpg
C:\\WINDOWS\\privacy_danger\\images\\down.gif
C:\\WINDOWS\\privacy_danger\\images\\spacer.gif
C:\\WINDOWS\\privacy_danger\\index.htm
C:\\WINDOWS\\system32\\setup.exe.tmp
C:\\WINDOWS\\system32\\tdssadw.dll
C:\\WINDOWS\\system32\\tdssinit.dll
C:\\WINDOWS\\system32\\tdssl.dll
C:\\WINDOWS\\system32\\tdsslog.dll
C:\\WINDOWS\\system32\\tdssmain.dll
C:\\WINDOWS\\system32\\tdssservers.dat
C:\\WINDOWS\\tfnslopk.dll
C:\\WINDOWS\\wnlmdakqanr.dll
C:\\WINDOWS\\xokvrpwg.dll
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_IPRIP
-------\\Service_Iprip
 
 
(((((((((((((((((((((((((   Files Created from 2008-07-11 to 2008-08-11  )))))))))))))))))))))))))))))))
.
 
2008-08-08 13:33 . 2008-08-08 06:42     86,016  --a------       C:\\WINDOWS\\lnvegaow.exe
2008-07-30 14:25 . 2008-07-30 14:29     <DIR>   d--------       C:\\rms
2008-07-30 14:24 . 2008-08-08 13:45     <DIR>   d--------       C:\\Program Files\\Sjboy Emulator
2008-07-25 07:14 . 2008-07-25 07:14     3,839,419       --a------       C:\\pci_filerecovery4pl.zip
2008-07-25 06:49 . 2008-07-25 06:49     <DIR>   d--------       C:\\Program Files\\PC Inspector File Recovery
2008-07-25 06:49 . 2002-02-18 18:40     6,200   --a------       C:\\WINDOWS\\system32\\INT13EXT.VXD
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 04:47        ---------       d-----w C:\\Program Files\\Common Files\\Symantec Shared
2008-07-25 09:35        ---------       d-----w C:\\Documents and Settings\\irbar\\Dane aplikacji\\XnView
2008-07-25 09:34        ---------       d-----w C:\\Program Files\\XnView
2008-07-25 04:49        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-25 04:48        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-07-22 07:27        ---------       d-----w C:\\Program Files\\Opera
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-14 18:01        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-03-04 08:40        37,416  ----a-w C:\\Documents and Settings\\irbar\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2007-04-11 07:12        139,906 ----a-w C:\\Program Files\\Dragons - Tiger Dragon Yin Yang.jpg
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2006-11-14 11:12 1849032]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SpeedSim\"=\"C:\\Program Files\\Sp\" [X]
\"DLA\"=\"C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE\" [2005-09-28 05:10 122940]
\"ISUSPM Startup\"=\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" [2004-07-27 16:50 221184]
\"ISUSScheduler\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" [2004-07-27 16:50 81920]
\"ATICCC\"=\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" [2006-01-02 17:41 45056]
\"SSBkgdUpdate\"=\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" [2003-10-14 10:22 155648]
\"PaperPort PTD\"=\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\" [2005-01-26 10:36 57393]
\"IndexSearch\"=\"C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe\" [2005-01-26 10:47 40960]
\"StatusClient 2.6\"=\"C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe\" [2005-04-08 18:18 151552]
\"TomcatStartup 2.5\"=\"C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe\" [2004-05-20 18:37 188416]
\"OrderReminder\"=\"C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder\\OrderReminder.exe\" [2006-08-09 12:28 98304]
\"HP Software Update\"=\"C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe\" [2005-02-16 23:11 49152]
\"Acrobat Assistant 7.0\"=\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\" [2004-12-14 12:12 483328]
\"PivotSoftware\"=\"C:\\Program Files\\WinPortrait\\wpctrl.exe\" [2004-09-23 16:04 694008]
\"ccApp\"=\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" [2006-11-21 17:38 52840]
\"vptray\"=\"C:\\PROGRA~1\\SYMANT~2\\SYMANT~2\\VPTray.exe\" [2007-05-16 17:59 126000]
\"Skrót do strony właściwości High Definition Audio\"=\"HDAShCut.exe\" [2005-01-07 17:07 61952 C:\\WINDOWS\\system32\\HdAShCut.exe]
\"NWTRAY\"=\"NWTRAY.EXE\" [2002-03-12 10:37 28672 C:\\WINDOWS\\system32\\nwtray.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 14:00 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Acrobat Speed Launcher.lnk - C:\\WINDOWS\\Installer\\{AC76BA86-1033-C740-7760-100000000002}\\SC_Acrobat.exe [2006-11-23 14:38:38 25214]
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-09-24 07:05:26 29696]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"CompatibleRUPSecurity\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwv1_0
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Hewlett-Packard\\\\Toolbox\\\\jre\\\\bin\\\\javaw.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\APSys\\\\APSys.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"3587:TCP\"= 3587:TCP:Grupowanie sieci równorzędnej Windows
\"3540:UDP\"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\IcmpSettings]
\"AllowInboundEchoRequest\"= 1 (0x1)
 
R0 aar81xx;aar81xx;C:\\WINDOWS\\system32\\drivers\\aar81xx.sys [2006-06-08 22:51]
R1 pivot;pivot;C:\\WINDOWS\\system32\\drivers\\pivot.sys [2004-09-23 16:03]
R2 APServ;APServ;C:\\WINDOWS\\System32\\APSys\\APServ.exe [2006-09-22 14:31]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\\WINDOWS\\system32\\drivers\\pivotmou.sys [2004-09-23 16:03]
R3 scsiscan;Sterownik skanera SCSI;C:\\WINDOWS\\system32\\DRIVERS\\scsiscan.sys [2001-08-17 21:53]
S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\\WINDOWS\\system32\\svchost.exe [2004-08-04 14:00]
S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\\WINDOWS\\system32\\svchost.exe [2004-08-04 14:00]
S3 p2psvc;Sieć równorzędna;C:\\WINDOWS\\system32\\svchost.exe [2004-08-04 14:00]
S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\\WINDOWS\\system32\\svchost.exe [2004-08-04 14:00]
S3 Slnt7554;USB Soft Modem Driver;C:\\WINDOWS\\system32\\DRIVERS\\slnt7554.sys [2004-08-03 23:41]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
p2psvc  REG_MULTI_SZ    p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -
 
Toolbar-{968232F5-0910-483D-B059-4C6AB5C785DC} - C:\\WINDOWS\\bgrqfetx.dll
 
 
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\\Documents and Settings\\irbar\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\5vo1ps36.default\\
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 07:16:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\WINDOWS\\system32\\ati2evxx.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccProxy.exe
C:\\Program Files\\Symantec Client Security\\Symantec Client Firewall\\ISSVC.exe
C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe
C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe
C:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\DefWatch.exe
C:\\WINDOWS\\system32\\APSys\\apsys.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SavRoam.exe
C:\\WINDOWS\\system32\\tcpsvcs.exe
C:\\Program Files\\Symantec Client Security\\Symantec Client Firewall\\SymSPort.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
C:\\WINDOWS\\system32\\ati2evxx.exe
C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe
C:\\Program Files\\WinPortrait\\floater.exe
C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-08-11  7:18:46 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-11 05:18:42
 
Pre-Run: 20,806,344,704 bajtów wolnych
Post-Run: 21,387,575,296 bajt˘w wolnych
 
175     --- E O F ---   2008-07-25 06:02:03
 
Wygenerowano w 0.073s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!