wklejto.pl

Dodane przez: ~Stary (2008-06-29 14:07) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
ComboFix 08-06-20.4 - Administrator 2008-06-29 14:01:54.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.647 [GMT 2:00]
Running from: C:\\Documents and Settings\\Administrator\\Pulpit\\ComboFix.exe
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Program Files\\IEAntiVirus
C:\\Program Files\\IEAntiVirus\\antivir.exe
C:\\Program Files\\IEAntiVirus\\ieav.db2
C:\\Program Files\\IEAntiVirus\\ieav.db3
C:\\Program Files\\IEAntiVirus\\ieav.db4
C:\\Program Files\\IEAntiVirus\\license.txt
C:\\Program Files\\IEAntiVirus\\uninst.exe
C:\\Program Files\\myglobalsearch
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9PLUGIN.DLL
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\MGSBAR.DLL
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\NPMYGLSH.DLL
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0838B4B
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0839ABC.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0839CFE.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0839E75.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\files.ini
C:\\Program Files\\myglobalsearch\\bar\\History\\search
C:\\Program Files\\myglobalsearch\\bar\\Settings\\prevcfg.htm
C:\\WINDOWS\\system32\\kdlsc.exe
C:\\WINDOWS\\system32\\tapdfan.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-29  )))))))))))))))))))))))))))))))
.
 
2008-06-29 13:15 . 2008-06-29 13:15     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-06-29 13:15 . 2008-06-29 13:15     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-06-29 12:51 . 2008-06-29 14:03     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Ustawienia lokalne
2008-06-29 12:51 . 2008-06-29 12:54     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Ulubione
2008-06-29 12:51 . 2008-01-28 17:56     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Szablony
2008-06-29 12:51 . 2008-06-29 14:01     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Pulpit
2008-06-29 12:51 . 2008-01-28 18:51     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Moje dokumenty
2008-06-29 12:51 . 2008-01-28 18:51     <DIR>   dr-------       C:\\Documents and Settings\\Administrator\\Menu Start
2008-06-29 12:51 . 2008-06-29 13:31     <DIR>   dr-h-----       C:\\Documents and Settings\\Administrator\\Dane aplikacji
2008-06-29 12:51 . 2008-06-29 12:51     <DIR>   d--------       C:\\Documents and Settings\\Administrator
2008-06-21 10:34 . 2008-06-21 10:34     13,312  --a------       C:\\WINDOWS\\system32\\pupdfan.dll
2008-06-21 10:24 . 2008-06-21 10:24     13,312  --a------       C:\\WINDOWS\\system32\\topdfo.dll
2008-06-21 10:24 . 2008-06-21 10:24     13,312  --a------       C:\\WINDOWS\\system32\\taplsim.dll
2008-06-21 10:24 . 2008-06-21 10:24     13,312  --a------       C:\\WINDOWS\\system32\\papdfim.dll
2008-06-21 10:23 . 2008-06-21 10:23     13,312  --a------       C:\\WINDOWS\\system32\\tupdfan.dll
2008-06-21 10:23 . 2008-06-21 10:23     13,312  --a------       C:\\WINDOWS\\system32\\taplso.dll
2008-06-21 10:23 . 2008-06-21 10:23     13,312  --a------       C:\\WINDOWS\\system32\\popdfo.dll
2008-06-21 10:23 . 2008-06-21 10:23     13,312  --a------       C:\\WINDOWS\\system32\\paplso.dll
2008-06-05 13:28 . 2008-06-05 20:58     <DIR>   d--h-----       C:\\Documents and Settings\\Abc\\Ustawienia lokalne
2008-06-05 13:24 . 2008-06-05 13:24     <DIR>   d--hs----       C:\\found.000
2008-06-04 17:36 . 2008-06-04 17:36     <DIR>   d--------       C:\\Program Files\\PWN
2008-06-04 17:36 . 2001-04-04 14:00     245,760 ---------       C:\\WINDOWS\\system32\\DECO_32.DLL
2008-06-04 17:34 . 1998-11-13 14:10     307,200 --a------       C:\\WINDOWS\\IsUn0415.exe
2008-05-31 08:15 . 2008-05-31 08:19     <DIR>   d--------       C:\\Program Files\\Bandoo
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:05        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-06-29 12:05        ---------       d-----w C:\\Program Files\\PC Tools AntiVirus
2008-05-29 14:59        ---------       d-----w C:\\Program Files\\BearShare Applications
2008-05-01 17:29        ---------       d-----w C:\\Program Files\\Gadu-Gadu
2008-03-12 12:31        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2008-02-08 23:38 68856]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
\"Start WingMan Profiler\"=\"\" []
\"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\"=\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" [ ]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2006-10-31 08:35 7634944]
\"nwiz\"=\"nwiz.exe\" [2006-10-31 08:35 1622016 C:\\WINDOWS\\system32\\nwiz.exe]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2006-10-31 08:35 86016]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-07-05 10:08 16380416 C:\\WINDOWS\\RTHDCPL.exe]
\"SkyTel\"=\"SkyTel.EXE\" [2007-06-15 10:45 1826816 C:\\WINDOWS\\SkyTel.exe]
\"PCTAVApp\"=\"C:\\Program Files\\PC Tools AntiVirus\\PCTAV.exe\" [2008-04-06 16:51 1238928]
\"GrooveMonitor\"=\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 01:47 31016]
\"NBKeyScan\"=\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\" [ ]
\"BearShare\"=\"C:\\Program Files\\BearShare\\BearShare.exe\" [ ]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-11-07 18:35 1294336]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Games\\\\Zoo Tycoon 2\\\\zt.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 14:05:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\Program Files\\PC Tools AntiVirus\\PCTAVSvc.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
C:\\WINDOWS\\system32\\WgaTray.exe
C:\\WINDOWS\\system32\\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-29 14:07:15 - machine was rebooted [Abc]
ComboFix-quarantined-files.txt  2008-06-29 12:07:11
 
Pre-Run: 47,268,077,568 bajtów wolnych
Post-Run: 47,219,662,848 bajt˘w wolnych
 
128
 
Wygenerowano w 0.053s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!