wklejto.pl

Dodane przez: ~lubiniani (2008-06-28 18:50) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
ComboFix 08-06-20.4 - XP 2008-06-28 18:51:39.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2700 [GMT 2:00]
Running from: H:\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\help32.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.
 
2008-06-28 18:16 . 2008-06-28 18:16     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-06-28 18:10 . 2008-06-28 18:16     <DIR>   d--------       C:\\Program Files\\Trojan Remover
2008-06-28 18:10 . 2008-06-28 18:10     <DIR>   d--------       C:\\Documents and Settings\\XP\\Dane aplikacji\\Simply Super Software
2008-06-28 18:10 . 2008-06-28 18:10     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Simply Super Software
2008-06-28 18:10 . 2006-05-25 15:52     162,304 --a------       C:\\WINDOWS\\system32\\ztvunrar36.dll
2008-06-28 18:10 . 2003-02-02 20:06     153,088 --a------       C:\\WINDOWS\\system32\\UNRAR3.dll
2008-06-28 18:10 . 2005-08-26 01:50     77,312  --a------       C:\\WINDOWS\\system32\\ztvunace26.dll
2008-06-28 18:10 . 2002-03-06 01:00     75,264  --a------       C:\\WINDOWS\\system32\\unacev2.dll
2008-06-28 18:10 . 2006-06-19 13:01     69,632  --a------       C:\\WINDOWS\\system32\\ztvcabinet.dll
2008-06-28 17:57 . 2008-06-28 17:57     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-06-28 17:54 . 2008-06-28 17:55     <DIR>   d--------       C:\\Program Files\\Spybot - Search & Destroy
2008-06-28 17:54 . 2008-06-28 18:00     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-06-25 12:33 . 2008-06-25 12:33     18,432  --a------       C:\\WINDOWS\\system32\\opus64.dll
2008-06-25 10:25 . 2008-06-25 10:25     18,432  --a------       C:\\WINDOWS\\system32\\opus32.dll
2008-06-25 10:25 . 2008-06-25 10:25     18,432  --a------       C:\\WINDOWS\\system32\\nada64.dll
2008-06-25 10:07 . 2008-06-25 10:07     18,944  --a------       C:\\WINDOWS\\system32\\dop94.dll
2008-06-25 10:02 . 2008-06-25 10:02     18,944  --a------       C:\\WINDOWS\\system32\\ksisys.dll
2008-06-25 09:58 . 2008-06-25 09:58     18,944  --a------       C:\\WINDOWS\\system32\\asc94.dll
2008-06-23 20:35 . 2008-06-23 20:35     18,432  --a------       C:\\WINDOWS\\system32\\sigma64.dll
2008-06-14 15:59 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-14 15:59 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 16:46        ---------       d-----w C:\\Program Files\\DialNet
2008-06-27 07:08        ---------       d-----w C:\\Program Files\\Google
2008-06-25 10:28        ---------       d-----w C:\\Program Files\\FlashGet
2008-05-08 12:14        203,008 ------w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-11-14 12:54 2131392]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-11-06 11:30 8523776]
\"nwiz\"=\"nwiz.exe\" [2007-11-06 11:30 1626112 C:\\WINDOWS\\system32\\nwiz.exe]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-11-06 11:30 81920]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-05-10 12:08 16342528 C:\\WINDOWS\\RTHDCPL.exe]
\"a-winpoet-service\"=\"C:\\Program Files\\DialNet\\winpppoverethernet.exe\" [2007-07-06 09:40 405504]
\"z-WrDialer\"=\"C:\\Program Files\\DialNet\\WrDialer.exe\" [2007-07-11 18:11 561152]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\" [2007-09-25 02:11 132496]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 01:44 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\antispy]
C:\\Program Files\\IEAntiVirus\\ANTIVIR.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Flashget]
C:\\Program Files\\FlashGet\\FlashGet.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Gadu-Gadu]
--a------ 2007-11-14 12:54 2131392 C:\\Program Files\\Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LightScribe Control Panel]
--a------ 2008-02-26 15:08 2289664 C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--------- 2004-10-13 10:21 1694208 C:\\Program Files\\Messenger\\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\\WINDOWS\\system32\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TrojanScanner]
--a------ 2008-06-03 20:33 878672 C:\\Program Files\\Trojan Remover\\Trjscan.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
 
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\\WINDOWS\\system32\\DRIVERS\\WrKPoET2000.sys [2007-07-04 17:27]
R3 FPD;Fine Point Packet Service;C:\\WINDOWS\\system32\\drivers\\fpd.sys [2007-07-04 17:27]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2004-08-04 00:08]
R3 WrKPoET2000;WrKPoET2000;C:\\Program Files\\DialNet\\WrKPoET2000.sys [2007-07-04 17:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\\WINDOWS\\system32\\DRIVERS\\WrKPoETNic2000.sys [2007-07-04 17:27]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\\NTGLM7X.sys []
S3 usbscan;Sterownik skanera USB;C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2004-08-03 23:58]
 
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
\"C:\\Program Files\\Common Files\\LightScribe\\LSRunOnce.exe\"
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 18:53:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\WINDOWS\\system32\\rundll32.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\Program Files\\DialNet\\WrOS.exe
.
**************************************************************************
.
Completion time: 2008-06-28 18:54:48 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-28 16:54:46
 
Pre-Run: 14,715,764,736 bajtów wolnych
Post-Run: 15,428,407,296 bajt˘w wolnych
 
117     --- E O F ---   2008-06-23 13:54:12
 
Wygenerowano w 0.053s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!