wklejto.pl

Dodane przez: ~mgm (2008-07-01 12:04) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
ComboFix 08-06-20.4 - Marta 2008-07-01 11:50:56.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.45 [GMT 2:00]
Running from: C:\\Documents and Settings\\Marta\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Marta\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\Config\\csrss.exe
C:\\WINDOWS\\Downloaded Program Files\\setup.inf
C:\\WINDOWS\\system32\\drivers\\npf.sys
C:\\WINDOWS\\system32\\packet.dll
C:\\WINDOWS\\system32\\sys_dll.dll
C:\\WINDOWS\\system32\\wpcap.dll
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Service_NPF
 
 
(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.
 
2008-06-29 10:45 . 2008-06-29 10:45     <DIR>   d--------       C:\\Program Files\\Common Files\\Download Manager
2008-06-29 10:45 . 2008-06-29 10:51     <DIR>   d--------       C:\\Program Files\\ACE Photo Frame
2008-06-29 10:27 . 2008-06-29 10:31     <DIR>   d--------       C:\\Program Files\\ImageConverter Plus
2008-06-29 10:27 . 2004-04-19 18:53     1,706,800       --a------       C:\\WINDOWS\\system32\\gdiplus.dll
2008-06-29 09:46 . 2008-06-29 09:48     <DIR>   d--------       C:\\Program Files\\Paint.NET
2008-06-29 00:44 . 2008-06-29 00:50     <DIR>   d--------       C:\\WINDOWS\\system32\\XPSViewer
2008-06-29 00:44 . 2008-06-29 00:44     <DIR>   d--------       C:\\Program Files\\Reference Assemblies
2008-06-29 00:41 . 2006-06-29 13:07     14,048  ---------       C:\\WINDOWS\\system32\\spmsg2.dll
2008-06-28 11:49 . 2008-06-28 16:18     <DIR>   d--------       C:\\Program Files\\Free Window Registry Repair
2008-06-28 11:25 . 2008-06-28 11:25     124,688 --a------       C:\\WINDOWS\\system32\\MSWINSCK.OCX
2008-06-25 10:14 . 2008-06-25 19:01     941     --a------       C:\\WINDOWS\\win.tmp
2008-06-25 10:14 . 2008-06-18 18:15     827     --a------       C:\\WINDOWS\\system.tmp
2008-06-25 08:54 . 2008-06-26 08:13     <DIR>   d--------       C:\\Program Files\\Spyware Doctor
2008-06-21 09:52 . 2008-06-21 09:52     <DIR>   d--------       C:\\Program Files\\Sun
2008-06-20 21:07 . 2008-06-20 21:13     <DIR>   d--------       C:\\Program Files\\SkanerOnline
2008-06-20 20:28 . 2008-06-20 20:28     <DIR>   d--------       C:\\WINDOWS\\system32\\pl
2008-06-20 20:28 . 2008-06-20 20:28     <DIR>   d--------       C:\\WINDOWS\\l2schemas
2008-06-20 20:04 . 2008-04-14 19:20     1,306,624       -----c---       C:\\WINDOWS\\system32\\dllcache\\msxml6.dll
2008-06-20 20:03 . 2008-04-14 19:20     651,264 ---------       C:\\WINDOWS\\system32\\dot3ui.dll
2008-06-20 19:12 . 2008-06-20 19:12     <DIR>   d--hs----       C:\\found.000
2008-06-20 18:47 . 2008-06-20 18:47     38      --a------       C:\\WINDOWS\\avisplitter.INI
2008-06-20 18:18 . 2008-04-14 19:20     10,752  ---------       C:\\WINDOWS\\system32\\smtpapi.dll
2008-06-20 18:18 . 2008-04-14 19:20     9,728   ---------       C:\\WINDOWS\\system32\\rwnh.dll
2008-06-20 18:15 . 2004-07-17 11:40     19,528  --a------       C:\\WINDOWS\\[u]0[/u]00001_.tmp
2008-06-18 18:17 . 2008-03-21 22:30     3,596,288       --a------       C:\\WINDOWS\\system32\\qt-dx331.dll
2008-06-18 18:17 . 2008-03-31 23:25     682,496 --a------       C:\\WINDOWS\\system32\\divx.dll
2008-06-18 18:17 . 2006-09-24 17:11     389,120 --a------       C:\\WINDOWS\\system32\\lameACM.acm
2008-06-18 18:17 . 2004-01-25 18:18     217,088 --a------       C:\\WINDOWS\\system32\\yv12vfw.dll
2008-06-18 18:17 . 2008-01-10 14:16     159,839 --a------       C:\\WINDOWS\\system32\\xvidvfw.dll
2008-06-18 18:17 . 2007-09-21 02:52     118,784 --a------       C:\\WINDOWS\\system32\\ac3acm.acm
2008-06-18 18:17 . 2008-03-21 22:28     81,920  --a------       C:\\WINDOWS\\system32\\dpl100.dll
2008-06-18 18:17 . 2007-10-03 17:03     414     --a------       C:\\WINDOWS\\system32\\lame_acm.xml
2008-06-18 18:16 . 2008-03-28 19:41     7,680   --a------       C:\\WINDOWS\\system32\\ff_vfw.dll
2008-06-18 18:16 . 2007-07-10 18:10     547     --a------       C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2008-06-13 20:02 . 2008-06-13 20:02     <DIR>   d--------       C:\\Documents and Settings\\Marta\\Dane aplikacji\\gtk-2.0
2008-06-13 20:02 . 2008-06-13 20:02     <DIR>   d--------       C:\\Documents and Settings\\Marta\\.thumbnails
2008-06-13 19:59 . 2008-06-13 20:06     <DIR>   d--------       C:\\Documents and Settings\\Marta\\.gimp-2.4
2008-06-11 17:16 . 2008-06-18 15:28     848     --ahs----       C:\\Documents and Settings\\All Users\\Dane aplikacji\\KGyGaAvL.sys
2008-06-11 17:16 . 2008-06-18 15:27     88      -r-hs----       C:\\Documents and Settings\\All Users\\Dane aplikacji\\456FBDBD0E.sys
2008-06-11 15:41 . 2008-06-14 19:36     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-06-11 15:41 . 2008-05-08 16:02     203,136 -----c---       C:\\WINDOWS\\system32\\dllcache\\rmcast.sys
2008-06-06 22:56 . 2008-06-06 22:56     <DIR>   d--------       C:\\Documents and Settings\\Marta\\___________
2008-06-04 19:21 . 2008-06-04 19:21     <DIR>   d--------       C:\\Program Files\\MegauploadToolbar
2008-06-04 19:21 . 2008-06-29 01:00     <DIR>   d--------       C:\\Documents and Settings\\Marta\\Dane aplikacji\\MegauploadToolbar
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 10:00        42,512  ----a-w C:\\WINDOWS\\system32\\drivers\\npf.sys
2008-07-01 10:00        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-07-01 10:00        ---------       d-----w C:\\Program Files\\DialNet
2008-06-29 12:18        ---------       d-----w C:\\Program Files\\Google
2008-06-28 22:45        ---------       d-----w C:\\Program Files\\MSBuild
2008-06-21 07:51        ---------       d-----w C:\\Program Files\\Java
2008-06-18 16:15        ---------       d-----w C:\\Program Files\\ACE Mega CoDecS Pack
2008-06-18 16:13        ---------       d-----w C:\\Program Files\\DivX
2008-06-14 17:36        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-04 16:24        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-04 16:22        ---------       d-----w C:\\Program Files\\Windows Live
2008-06-04 16:21        ---------       d-----w C:\\Program Files\\Disney Interactive
2008-06-04 15:31        ---------       d-----w C:\\Program Files\\Frame Maker Pro
2008-05-27 18:08        ---------       d-----w C:\\Documents and Settings\\Marta\\Dane aplikacji\\InstallShield
2008-05-25 17:31        ---------       d-----w C:\\Program Files\\Mirage Interactive
2008-05-14 17:17        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Microsoft Help
2008-05-11 09:08        ---------       d-----w C:\\Documents and Settings\\Marta\\Dane aplikacji\\Folder przesyłania Share-to-Web
2008-05-09 17:16        ---------       d-----w C:\\Program Files\\FrameShow
2008-05-08 14:02        203,136 ----a-w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
2008-05-03 13:25        260     ---ha-w C:\\hpothb07.dat
2008-05-01 08:26        ---------       d-----w C:\\Program Files\\Photo Frame Genius
2008-04-14 17:21        70,144  ----a-w C:\\WINDOWS\\notepad.exe
2008-04-14 17:21        32,866  ------w C:\\WINDOWS\\slrundll.exe
2008-04-14 17:21        285,696 ----a-w C:\\WINDOWS\\winhlp32.exe
2008-04-14 17:21        149,504 ----a-w C:\\WINDOWS\\regedit.exe
2008-04-14 17:21        10,752  ----a-w C:\\WINDOWS\\hh.exe
2008-04-14 17:21        1,035,264       ----a-w C:\\WINDOWS\\explorer.exe
2008-04-14 17:20        50,688  ----a-w C:\\WINDOWS\\twain_32.dll
2008-04-14 17:19        451,072 ----a-w C:\\WINDOWS\\AppPatch\\aclayers.dll
2008-04-14 17:19        39,424  ------w C:\\WINDOWS\\AppPatch\\acadproc.dll
2008-04-14 17:19        245,248 ----a-w C:\\WINDOWS\\AppPatch\\acspecfc.dll
2008-04-14 17:19        141,312 ----a-w C:\\WINDOWS\\AppPatch\\aclua.dll
2008-04-14 17:19        116,224 ----a-w C:\\WINDOWS\\AppPatch\\acxtrnal.dll
2008-04-14 17:19        1,852,928       ----a-w C:\\WINDOWS\\AppPatch\\acgenral.dll
2003-08-22 20:24        24,576  ----a-w C:\\Program Files\\Uninstall.exe
2002-07-09 10:10        98,304  ----a-w C:\\Program Files\\internet explorer\\plugins\\DjVuControl.dll
2007-06-13 13:23        946,176 --sh--r C:\\WINDOWS\\system32\\svrhost.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2008-04-14 19:21 15360]
\"MsnMsgr\"=\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" [2007-10-18 12:34 5724184]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2007-08-27 18:54 68856]
\"SpybotSD TeaTimer\"=\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\" [ ]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 04:28 144784]
\"Cmaudio\"=\"cmicnfg.cpl,CMICtrlWnd\" []
\"CM-SmWizard\"=\"C:\\WINDOWS\\System\\SmWizard.exe\" [2003-08-29 06:02 1454080]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2003-07-18 09:08 4616192]
\"nwiz\"=\"nwiz.exe\" [2003-07-18 09:08 323584 C:\\WINDOWS\\system32\\nwiz.exe]
\"Easy-PrintToolBox\"=\"C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE\" [2004-01-14 13:10 409600]
\"WinampAgent\"=\"C:\\Program Files\\Winamp\\winampa.exe\" [2008-01-16 00:54 37376]
\"PWRISOVM.EXE\"=\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\" [2006-03-18 04:24 184320]
\"GrooveMonitor\"=\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2007-08-24 08:00 33648]
\"Picasa Media Detector\"=\"C:\\Documents and Settings\\Marta\\Moje dokumenty\\Nowy folder\\pikassa\\Picasa2\\PicasaMediaDetector.exe\" [ ]
\"PrevxCSI\"=\"C:\\Program Files\\PrevxCSI\\prevxcsi.exe\" [ ]
\"PCSuiteTrayApplication\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2007-03-23 14:20 227328]
\"Adobe Reader Speed Launcher\"=\"C:\\ADOBE READER\\Reader\\Reader_sl.exe\" [2008-01-11 23:16 39792]
\"zzzHPSETUP\"=\"E:\\Setup.exe\" [ ]
\"Share-to-Web Namespace Daemon\"=\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\" [2002-04-11 04:19 69632]
\"a-winpoet-service\"=\"C:\\Program Files\\DialNet\\winpppoverethernet.exe\" [2007-07-06 08:40 405504]
\"Microsoft Windows Sound\"=\"svrhost.exe\" [2007-06-13 15:23 946176 C:\\WINDOWS\\system32\\svrhost.exe]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]
\"Microsoft Windows Sound\"=\"svrhost.exe\" [2007-06-13 15:23 946176 C:\\WINDOWS\\system32\\svrhost.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\CTFMON.EXE\" [2008-04-14 19:21 15360]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-03-27 16:58 1744896]
 
C:\\Documents and Settings\\Marta\\Menu Start\\Programy\\Autostart\\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\\Program Files\\Microsoft Office\\Office12\\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"MSACM.MSNAUDIO\"= msnaudio.acm
\"VIDC.YV12\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\BitTornado\\\\btdownloadgui.exe\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"C:\\\\Documents and Settings\\\\Marta\\\\Moje dokumenty\\\\Nowy folder\\\\utorrent.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\rtcshare.exe\"=
\"F:\\\\BEAR SHARE\\\\BearShare.exe\"=
\"C:\\\\Program Files\\\\BearShare Applications\\\\BearShare\\\\BearShare.exe\"=
\"C:\\\\Program Files\\\\Nokia\\\\Nokia Software Updater\\\\nsu_ui_client.exe\"=
\"C:\\\\Program Files\\\\Common Files\\\\Nokia\\\\Service Layer\\\\A\\\\nsl_host_process.exe\"=
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe\"=
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\\WINDOWS\\system32\\DRIVERS\\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\\WINDOWS\\system32\\drivers\\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\\Program Files\\DialNet\\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\\WINDOWS\\system32\\DRIVERS\\WrKPoETNic2000.sys [2007-07-04 16:27]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\\WINDOWS\\system32\\drivers\\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\\WINDOWS\\system32\\drivers\\nmwcdnsuc.sys [2008-02-01 15:17]
S3 NPF;Netgroup Packet Filter;C:\\WINDOWS\\system32\\drivers\\npf.sys [2008-07-01 12:00]
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 11:58:53
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
 
C:\\WINDOWS\\system32\\wpcap.dll 240240 bytes executable
 
scan completed successfully
hidden files: 1
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\WINDOWS\\system32\\Crypserv.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
C:\\Program Files\\DialNet\\WrOS.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-01 12:05:54 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-01 10:05:42
 
Pre-Run: 30,276,706,304 bajtów wolnych
Post-Run: 31,021,658,112 bajt˘w wolnych
 
210     --- E O F ---   2008-06-23 16:59:10
 
Wygenerowano w 0.098s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!