wklejto.pl

Dodane przez: ~babciawga (2008-06-28 16:37) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
ComboFix 08-06-20.4 - Krzysiek 2008-06-28 16:41:08.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.263 [GMT 2:00]
Running from: C:\\Documents and Settings\\Krzysiek\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Krzysiek\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\system32\\cfrkcysj.ini
C:\\WINDOWS\\system32\\cwnuuhwk.ini
C:\\WINDOWS\\system32\\hxpainwm.ini
C:\\WINDOWS\\system32\\txbfritf.ini
C:\\WINDOWS\\system32\\xwqiuabh.ini
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\Krzysiek\\cftmon.exe
C:\\Documents and Settings\\Krzysiek\\ftp34.dll
C:\\Documents and Settings\\LocalService\\cftmon.exe
C:\\Documents and Settings\\LocalService\\ftp34.dll
C:\\WINDOWS\\Downloaded Program Files\\UGDCPL_0001_N122M2012NetInstaller.exe
C:\\WINDOWS\\system32\\cfrkcysj.ini
C:\\WINDOWS\\system32\\cwnuuhwk.ini
C:\\WINDOWS\\system32\\hxpainwm.ini
C:\\WINDOWS\\system32\\txbfritf.ini
C:\\WINDOWS\\system32\\xwqiuabh.ini
 
.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.
 
2008-06-28 16:36 . 2008-06-28 16:36     0       --a------       C:\\WINDOWS\\nsreg.dat
2008-06-27 01:14 . 2008-06-27 01:14     2,615   --a------       C:\\Documents and Settings\\LocalService\\mpr2.dat
2008-06-27 01:14 . 2008-06-27 01:14     2,615   --a------       C:\\Documents and Settings\\LocalService\\mpr.dat
2008-06-20 16:58 . 2002-09-20 18:04     150,528 --a------       C:\\WINDOWS\\system32\\ptpusd.dll
2008-06-20 16:58 . 2002-08-29 01:48     14,208  --a------       C:\\WINDOWS\\system32\\drivers\\usbscan.sys
2008-06-20 16:58 . 2002-08-29 01:48     14,208  --a--c---       C:\\WINDOWS\\system32\\dllcache\\usbscan.sys
2008-06-20 16:58 . 2001-10-26 17:29     5,632   --a------       C:\\WINDOWS\\system32\\ptpusb.dll
2008-06-18 19:43 . 2008-06-18 19:43     <DIR>   d--------       C:\\Program Files\\Sun
2008-06-18 19:43 . 2008-03-25 02:37     69,632  --a------       C:\\WINDOWS\\system32\\javacpl.cpl
2008-06-18 19:42 . 2008-06-18 19:43     <DIR>   d--------       C:\\Program Files\\Java
2008-06-18 19:40 . 2008-06-18 19:40     <DIR>   d--------       C:\\Program Files\\Common Files\\Java
2008-06-17 17:43 . 2008-06-27 01:17     2,615   --a------       C:\\Documents and Settings\\Krzysiek\\mpr2.dat
2008-06-17 17:43 . 2008-06-27 01:17     2,615   --a------       C:\\Documents and Settings\\Krzysiek\\mpr.dat
2008-06-17 17:42 . 2008-06-17 17:42     45,056  --a------       C:\\WINDOWS\\system32\\jzcom32.dll
2008-06-17 17:42 . 2008-06-17 17:42     22,383  --a------       C:\\WINDOWS\\system32\\sklh.dat
2008-06-14 18:19 . 2008-06-14 18:19     <DIR>   d--------       C:\\Program Files\\Opera
2008-06-14 18:10 . 2008-06-14 18:10     <DIR>   d--------       C:\\Program Files\\Gadu-Gadu
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 14:19        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-06-26 23:17        ---------       d-----w C:\\Program Files\\BitComet
2008-04-30 12:13        ---------       d-----w C:\\Program Files\\MadOnion.com
2008-04-30 12:12        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-04-12 05:39        94,208  ----a-w C:\\WINDOWS\\Media\\csrss.exe
.
 
(((((((((((((((((((((((((((((   snapshot@2008-06-28_16.23.47.07   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-30 13:17:33   41,034  ----a-w C:\\WINDOWS\\system32\\perfc009.dat
+ 2008-06-28 14:24:05   41,034  ----a-w C:\\WINDOWS\\system32\\perfc009.dat
- 2008-03-30 13:17:33   50,946  ----a-w C:\\WINDOWS\\system32\\perfc015.dat
+ 2008-06-28 14:24:05   50,946  ----a-w C:\\WINDOWS\\system32\\perfc015.dat
- 2008-03-30 13:17:33   314,706 ----a-w C:\\WINDOWS\\system32\\perfh009.dat
+ 2008-06-28 14:24:05   314,706 ----a-w C:\\WINDOWS\\system32\\perfh009.dat
- 2008-03-30 13:17:33   358,940 ----a-w C:\\WINDOWS\\system32\\perfh015.dat
+ 2008-06-28 14:24:05   358,940 ----a-w C:\\WINDOWS\\system32\\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\ctfmon.exe\" [2002-09-20 18:05 13312]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2008-03-20 12:04 2127296]
\"BitComet\"=\"C:\\Program Files\\BitComet\\BitComet.exe\" [2008-02-01 09:20 2194744]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"HotKeysCmds\"=\"C:\\WINDOWS\\System32\\hkcmd.exe\" [2003-04-07 00:07 114688]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 04:28 144784]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\CTFMON.EXE\" [2002-09-20 18:05 13312]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.ffds\"= ffdshow.ax
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AVPDWIN]
C:\\Program Files\\Panda Software\\Panda Demo\\pandasft.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BitComet]
--a------ 2008-02-01 09:20 2194744 C:\\Program Files\\BitComet\\BitComet.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IgfxTray]
--a------ 2003-04-07 00:19 155648 C:\\WINDOWS\\System32\\igfxtray.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NBKeyScan]
C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NWEReboot]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2006-09-26 16:49 35328 C:\\Program Files\\Winamp\\winampa.exe
 
R3 PRISM;IEEE 802.11 Wireless NIC Driver;C:\\WINDOWS\\System32\\DRIVERS\\EXPRESS.sys [2002-11-15 12:02]
 
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 16:42:01
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-06-28 16:42:38
ComboFix-quarantined-files.txt  2008-06-28 14:42:34
ComboFix2.txt  2008-06-28 14:24:07
 
Pre-Run: 9,702,191,104 bajtów wolnych
Post-Run: 9,692,356,608 bajtów wolnych
 
116
 
Wygenerowano w 0.022s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!