wklejto.pl

Dodane przez: ~Alcedo (2008-07-01 07:13) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
ComboFix 08-06-20.4 - użytkownik 2008-07-01  7:17:06.1 - NTFSx86
Running from: C:\\Documents and Settings\\użytkownik\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\użytkownik\\Pulpit\\CFScript.txt
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\system32\\xmlview.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\użytkownik\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Windows Media\\10.0\\WMSDKNSD.XML
C:\\WINDOWS\\system32\\xmlview.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.
 
2008-07-01 00:22 . 2008-07-01 00:22     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-06-30 23:20 . 2008-06-30 23:20     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-06-30 23:20 . 2008-06-30 23:20     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-06-30 20:29 . 2008-06-30 20:31     <DIR>   d--------       C:\\Documents and Settings\\użytkownik\\DoctorWeb
2008-06-30 20:29 . 2008-06-30 20:31     <DIR>   d--------       C:\\Documents and Settings\\użytkownik\\DoctorWeb
2008-06-30 20:27 . 2008-06-30 22:58     <DIR>   d--------       C:\\Program Files\\DrWeb
2008-06-30 20:27 . 2008-06-30 20:33     77,824  --a----t-       C:\\WINDOWS\\system32\\DRWEBSP.DLL
2008-06-30 17:05 . 2008-06-30 17:05     <DIR>   d--------       C:\\Documents and Settings\\użytkownik\\Dane aplikacji\\ACD Systems
2008-06-30 17:04 . 2008-06-30 18:23     <DIR>   d--------       C:\\Program Files\\Common Files\\ACD Systems
2008-06-30 16:31 . 2008-06-30 16:31     54,156  --ah-----       C:\\WINDOWS\\QTFont.qfn
2008-06-30 16:31 . 2008-06-30 16:31     1,409   --a------       C:\\WINDOWS\\QTFont.for
2008-06-30 01:04 . 2008-06-30 01:08     <DIR>   d--------       C:\\Documents and Settings\\użytkownik\\dwhelper
2008-06-30 01:04 . 2008-06-30 01:08     <DIR>   d--------       C:\\Documents and Settings\\użytkownik\\dwhelper
2008-06-29 16:23 . 2008-06-29 16:24     <DIR>   d--------       C:\\Program Files\\NAPI-PROJEKT
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 05:17        ---------       d-----w C:\\Documents and Settings\\użytkownik\\Dane aplikacji\\DNA
2008-06-30 20:58        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-30 18:47        ---------       d-----w C:\\Documents and Settings\\użytkownik\\Dane aplikacji\\gtk-2.0
2008-06-30 16:26        ---------       d-----w C:\\Program Files\\Codec Pack - All In 1
2008-06-15 11:05        ---------       d-----w C:\\Program Files\\Thoosje Sidebar V2.3
2008-06-02 12:27        487     ---ha-w C:\\os678647.bin
2008-05-05 22:48        ---------       d-----w C:\\Program Files\\WinFlip
2008-04-11 20:11        737,280 ----a-w C:\\WINDOWS\\iun6002.exe
2008-02-08 11:39        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
.
 
------- Sigcheck -------
 
2004-08-04 00:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4      C:\\WINDOWS\\system32\\wininet.dll
2004-08-04 00:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4      C:\\WINDOWS\\system32\\dllcache\\wininet.dll
2004-08-04 00:44  658944  d37dafb534ac8343d59a1b501abe852c      C:\\WINDOWS\\VistaMizer\\old\\wininet.dll
 
2004-08-04 00:44  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\system32\\winlogon.exe
2004-08-04 00:44  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\system32\\dllcache\\winlogon.exe
2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0      C:\\WINDOWS\\VistaMizer\\old\\winlogon.exe
 
2004-08-04 00:54  2273792  cec61675ec045c782411f3c8f3b10222     C:\\WINDOWS\\system32\\ntkrnlpa.exe
2004-08-04 00:54  2016768  33fdad88eec315ee4cfb147fb19fd2b6     C:\\WINDOWS\\VistaMizer\\old\\ntkrnlpa.exe
 
2004-08-04 00:38  2406912  2bd0ae86279790504c2d54de8c3029cd     C:\\WINDOWS\\system32\\ntoskrnl.exe
2004-08-04 00:38  2149888  a1b8225d45ef88fa294fe1e371bb594a     C:\\WINDOWS\\VistaMizer\\old\\ntoskrnl.exe
 
2004-08-04 00:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee     C:\\WINDOWS\\explorer.exe
2004-08-04 00:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee     C:\\WINDOWS\\system32\\dllcache\\explorer.exe
2004-08-04 00:44  1033728  379098a96e6c165b659de7e4328010ea     C:\\WINDOWS\\VistaMizer\\old\\explorer.exe
 
2004-08-04 00:44  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\system32\\ctfmon.exe
2004-08-04 00:44  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\system32\\dllcache\\ctfmon.exe
2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436       C:\\WINDOWS\\VistaMizer\\old\\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"VisualTaskTips\"=\"C:\\Program Files\\VisualTaskTips\\VisualTaskTips.exe\" [2007-09-05 19:20 36352]
\"BitTorrent DNA\"=\"C:\\Program Files\\DNA\\btdna.exe\" [2008-06-28 11:15 289088]
\"TrueTransparency\"=\"C:\\Program Files\\TrueTransparency\\TrueTransparency.exe\" [2007-10-28 17:44 133120]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"IgfxTray\"=\"C:\\WINDOWS\\system32\\igfxtray.exe\" [2007-04-16 13:51 135168]
\"HotKeysCmds\"=\"C:\\WINDOWS\\system32\\hkcmd.exe\" [2007-04-16 13:51 155648]
\"Persistence\"=\"C:\\WINDOWS\\system32\\igfxpers.exe\" [2007-04-16 13:51 131072]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-09-11 17:54 16844800 C:\\WINDOWS\\RTHDCPL.exe]
\"MGSysCtrl\"=\"C:\\Program Files\\System Control Manager\\MGSysCtrl.exe\" [2007-06-20 12:11 180736]
\"BluetoothAuthenticationAgent\"=\"bthprops.cpl,,BluetoothAuthenticationAgent\" []
\"avast!\"=\"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-05-16 01:19 79224]
\"DrvIcon\"=\"C:\\Program Files\\VistaDriveIcon\\DrvIcon.exe\" [2007-07-04 21:59 45056]
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\QTTask.exe\" [2007-12-11 11:56 286720]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"TkBellExe\"=\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" [2008-04-24 22:32 185896]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 25088]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"nltide_3\"=\"advpack.dll\" [2004-08-04 00:43 100864 C:\\WINDOWS\\system32\\advpack.dll]
 
C:\\Documents and Settings\\uľytkownik\\Menu Start\\Programy\\Autostart\\
Thoosje Vista Sidebar.lnk - C:\\Program Files\\Thoosje Sidebar V2.3\\Thoosje Vista Sidebar.exe [2007-10-22 02:26:52 524288]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.I420\"= i420vfw.dll
\"vidc.yv12\"= yv12vfw.dll
\"VIDC.X264\"= x264vfw.dll
\"VIDC.HFYU\"= huffyuv.dll
\"vidc.i263\"= i263_32.drv
\"msacm.l3fhg\"= mp3fhg.acm
\"msacm.divxa32\"= divxa32.acm
\"msacm.imc\"= imc32.acm
\"VIDC.FFDS\"= C:\\PROGRA~1\\COMBIN~1\\Filters\\FFDShow\\ff_vfw.dll
\"VIDC.ACDV\"= ACDV.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\DNA\\\\btdna.exe\"=
\"C:\\\\Program Files\\\\Konnekt\\\\konnekt.exe\"=
\"C:\\\\Program Files\\\\Ares\\\\Ares.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Gry\\\\Warcraft III\\\\Warcraft III.exe\"=
 
R0 O2MDRDR;O2MDRDR;C:\\WINDOWS\\system32\\DRIVERS\\o2media.sys [2007-04-03 11:04]
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 NishService;SCM Driver Daemon;C:\\Program Files\\System Control Manager\\edd.exe [2006-03-22 12:07]
R3 MGHwCtrl;MGHwCtrl;C:\\WINDOWS\\system32\\drivers\\MGHwCtrl.sys [2006-07-03 11:31]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{10e4948a-d641-11dc-9103-0015af6213e2}]
\\Shell\\AutoRun\\command - ntde1ect.com
\\Shell\\explore\\Command - ntde1ect.com
\\Shell\\open\\Command - ntde1ect.com
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{171629c4-07f9-11dd-91f9-0015af6213e2}]
\\Shell\\AutoRun\\command - C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{1ce38a03-1615-11dd-9236-0015af6213e2}]
\\Shell\\AutoRun\\command - E:\\jfvkcsy.bat
\\Shell\\explore\\Command - E:\\jfvkcsy.bat
\\Shell\\open\\Command - E:\\jfvkcsy.bat
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{20883f52-a367-11dc-a61f-806d6172696f}]
\\Shell\\AutoRun\\command - E:\\cdsetup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c8e3c60c-d5cc-11dc-9100-0015af6213e2}]
\\Shell\\AutoRun\\command - ntde1ect.com
\\Shell\\explore\\Command - ntde1ect.com
\\Shell\\open\\Command - ntde1ect.com
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{d20e7772-2367-11dd-9265-0015af6213e2}]
\\Shell\\AutoRun\\command - C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
 
*Newly Created Service* - CATCHME
.
Contents of the \'Scheduled Tasks\' folder
\"2008-02-07 20:40:40 C:\\WINDOWS\\Tasks\\Critical Battery Alarm Program.job\"
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 07:18:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-01  7:19:24
ComboFix-quarantined-files.txt  2008-07-01 05:19:12
 
Pre-Run: 12,427,722,752 bajtów wolnych
Post-Run: 13,895,819,264 bajtów wolnych
 
150
 
Wygenerowano w 0.073s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!