wklejto.pl

Dodane przez: ~manfred (2008-07-01 11:37) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
ComboFix 08-06-20.4 - Komputer 2008-07-01 11:35:36.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.246 [GMT 2:00]
Running from: C:\\Documents and Settings\\Komputer\\Pulpit\\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
 
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.
 
2008-07-01 11:17 . 2008-07-01 11:24     <DIR>   d--------       C:\\ComboFix(2)
2008-06-16 14:02 . 2008-06-16 14:02     0       --a------       C:\\Debug.QC6
2008-06-11 17:40 . 2008-06-14 19:36     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-06-11 17:40 . 2008-05-08 16:02     203,136 -----c---       C:\\WINDOWS\\system32\\dllcache\\rmcast.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 09:29        ---------       d-----w C:\\Program Files\\Photodex Presenter
2008-07-01 09:29        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\PicturesToExe
2008-07-01 09:28        ---------       d-----w C:\\Program Files\\AutoConnect
2008-06-30 10:23        ---------       d-----w C:\\Program Files\\eMule
2008-06-14 17:36        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-13 14:39        ---------       d-----w C:\\Program Files\\Opera
2008-06-02 05:29        ---------       d-----w C:\\Documents and Settings\\Komputer\\Dane aplikacji\\uTorrent
2008-05-31 17:34        ---------       d-----w C:\\Program Files\\Photodex
2008-05-25 06:42        ---------       d-----w C:\\Program Files\\IEPro
2008-05-24 05:25        ---------       d-----w C:\\Documents and Settings\\Komputer\\Dane aplikacji\\Netscape
2008-05-24 05:23        ---------       d-----w C:\\Documents and Settings\\Komputer\\Dane aplikacji\\Photodex
2008-05-08 14:02        203,136 ----a-w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
2008-05-07 05:12        1,291,776       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-23 07:20        826,368 ----a-w C:\\WINDOWS\\system32\\wininet.dll
2008-04-16 08:14        20,480  ----a-w C:\\WINDOWS\\system32\\ptevideo.dll
2008-04-14 20:51        11,264  ----a-w C:\\WINDOWS\\system32\\spnpinst.exe
2008-04-14 20:50        997,888 ----a-w C:\\WINDOWS\\system32\\setupapi.dll
2008-04-14 20:50        424,960 ----a-w C:\\WINDOWS\\system32\\licdll.dll
2008-04-14 17:46        1,804   ----a-w C:\\WINDOWS\\system32\\dcache.bin
2008-04-14 17:26        332,288 ----a-w C:\\WINDOWS\\system32\\netsetup.exe
2008-04-14 17:22        92,424  ----a-w C:\\WINDOWS\\system32\\rdpdd.dll
2008-04-14 17:22        87,176  ----a-w C:\\WINDOWS\\system32\\rdpwsx.dll
2008-04-14 17:22        12,168  ----a-w C:\\WINDOWS\\system32\\tsddd.dll
2008-04-14 17:20        999,936 ----a-w C:\\WINDOWS\\system32\\syssetup.dll
2008-04-14 17:19        98,304  ----a-w C:\\WINDOWS\\system32\\actxprxy.dll
2008-04-14 17:18        5,632   ----a-w C:\\WINDOWS\\system32\\wmi.dll
2008-04-14 17:18        24,064  ----a-w C:\\WINDOWS\\system32\\pidgen.dll
2008-04-14 17:18        1,449,472       ----a-w C:\\WINDOWS\\system32\\winntbbu.dll
2008-04-14 17:17        57,375  ----a-w C:\\WINDOWS\\system32\\odbcji32.dll
2008-04-14 17:13        4,126   ----a-w C:\\WINDOWS\\system32\\msdxmlc.dll
2008-04-14 17:12        3,584   ----a-w C:\\WINDOWS\\system32\\msafd.dll
2008-04-14 17:06        3,584   ----a-w C:\\WINDOWS\\system32\\icmp.dll
2008-04-14 17:05        9,344   ----a-w C:\\WINDOWS\\system32\\framebuf.dll
2008-04-14 17:05        569,856 ----a-w C:\\WINDOWS\\system32\\gpedit.dll
2008-04-14 17:03        3,072   ----a-w C:\\WINDOWS\\system32\\dpnlobby.dll
2008-04-14 17:03        3,072   ----a-w C:\\WINDOWS\\system32\\dpnaddr.dll
2008-04-14 17:01        16,896  ----a-w C:\\WINDOWS\\system32\\cfgmgr32.dll
2008-04-14 17:00        285,696 ----a-w C:\\WINDOWS\\system32\\atmfd.dll
2008-04-14 16:30        2,190,336       ----a-w C:\\WINDOWS\\system32\\ntoskrnl.exe
2008-04-14 16:29        2,067,200       ----a-w C:\\WINDOWS\\system32\\ntkrnlpa.exe
2008-04-14 16:25        4,096   ----a-w C:\\WINDOWS\\system32\\dsprpres.dll
2008-04-14 16:22        89,600  ------w C:\\WINDOWS\\system32\\msxml6r.dll
2008-04-14 16:20        80,896  ------w C:\\WINDOWS\\system32\\msshavmsg.dll
2008-04-14 16:15        49,664  ----a-w C:\\WINDOWS\\system32\\inetres.dll
2008-04-14 16:15        2,977,792       ----a-w C:\\WINDOWS\\system32\\wmploc.dll
2008-04-14 16:13        563,200 ----a-w C:\\WINDOWS\\system32\\shdoclc.dll
2008-04-14 16:09        190,976 ----a-w C:\\WINDOWS\\system32\\wmerror.dll
2008-04-14 16:07        10,240  ----a-w C:\\WINDOWS\\system32\\gpkrsrc.dll
2008-04-14 16:05        67,584  ----a-w C:\\WINDOWS\\system32\\browselc.dll
2008-04-14 16:05        1,845,888       ----a-w C:\\WINDOWS\\system32\\win32k.sys
2008-04-14 15:59        8,192   ----a-w C:\\WINDOWS\\system32\\asferror.dll
2008-04-13 18:44        17,664  ----a-w C:\\WINDOWS\\system32\\watchdog.sys
2008-04-13 18:43        9,728   ------w C:\\WINDOWS\\system32\\comsdupd.exe
2008-04-13 18:43        12,800  ----a-w C:\\WINDOWS\\system32\\spiisupd.exe
2008-04-13 18:40        427,008 ----a-w C:\\WINDOWS\\system32\\xpob2res.dll
2008-04-13 18:37        2,953,216       ----a-w C:\\WINDOWS\\system32\\xpsp2res.dll
2008-04-13 18:35        194,560 ----a-w C:\\WINDOWS\\system32\\xpsp1res.dll
2008-04-13 18:31        7,424   ----a-w C:\\WINDOWS\\system32\\kd1394.dll
2008-04-13 18:30        61,440  ----a-w C:\\WINDOWS\\system32\\msvcrt40.dll
2008-04-13 17:37        208,384 ----a-w C:\\WINDOWS\\system32\\rsaenh.dll
2008-04-13 17:37        138,752 ----a-w C:\\WINDOWS\\system32\\dssenh.dll
2008-04-13 17:26        12,288  ----a-w C:\\WINDOWS\\system32\\odbcp32r.dll
2008-04-13 17:26        12,288  ----a-w C:\\WINDOWS\\system32\\mscpx32r.dll
2008-04-13 17:21        733,696 ----a-w C:\\WINDOWS\\system32\\qedwipes.dll
2008-04-13 16:48        1,647,616       ----a-w C:\\WINDOWS\\system32\\winbrand.dll
2008-04-13 16:45        216,064 ----a-w C:\\WINDOWS\\system32\\moricons.dll
2008-04-13 16:23        48,128  ----a-w C:\\WINDOWS\\system32\\msprivs.dll
2008-04-13 15:39        884,736 ----a-w C:\\WINDOWS\\system32\\msimsg.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2008-04-14 19:21 15360]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-11-14 12:54 2131392]
\"SpybotSD TeaTimer\"=\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\" [2008-01-28 12:43 2097488]
\"AutoConnect\"=\"C:\\Program Files\\AutoConnect\\AutoConnect.exe\" [2006-12-03 01:14 310784]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SoundMan\"=\"SOUNDMAN.EXE\" [2002-09-11 04:57 46592 C:\\WINDOWS\\SOUNDMAN.EXE]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 12:50 155648]
\"egui\"=\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" [2007-11-23 22:51 1410304]
\"WinampAgent\"=\"C:\\Program Files\\Winamp\\winampa.exe\" [2008-01-16 00:54 37376]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\" [2007-09-25 02:11 132496]
\"GrooveMonitor\"=\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 01:47 31016]
\"SpeedTouch USB Diagnostics\"=\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" [2004-01-26 12:38 866816]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2008-04-14 19:21 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.l3fhg\"= mp3fhg.acm
\"msacm.divxa32\"= divxa32.acm
\"VIDC.YV12\"= yv12vfw.dll
\"vidc.ptev\"= ptevideo.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\eMule\\\\emule.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"C:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\"=
\"C:\\\\Program Files\\\\IEPro\\\\MiniDM.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"C:\\\\Program Files\\\\Opera\\\\Opera.exe\"=
 
R1 epfwtdir;epfwtdir;C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2007-11-23 22:52]
S2 P1C1394;Phase One 1394 Camera Driver;C:\\WINDOWS\\system32\\Drivers\\p1c1394.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\\WINDOWS\\system32\\DRIVERS\\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\\WINDOWS\\system32\\DRIVERS\\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\\WINDOWS\\system32\\DRIVERS\\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\\WINDOWS\\system32\\DRIVERS\\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\\WINDOWS\\system32\\DRIVERS\\s115obex.sys [2007-04-23 15:54]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 20:45]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{5a81e6a3-d3f2-11dc-bf6a-806d6172696f}]
\\Shell\\AutoRun\\command - E:\\setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{6385443e-3553-11dd-8b69-000e5024aeb7}]
\\Shell\\AutoRun\\command - G:\\LaunchU3.exe -a
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 11:39:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
scanning hidden processes ... 
 
 
Wygenerowano w 0.063s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!