wklejto.pl

Dodane przez: ~kavillock (2008-07-02 16:25) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
ComboFix 08-07-01.3 - Domowy 2008-07-02 16:28:37.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.214 [GMT 2:00]
Running from: C:\\\\Documents and Settings\\\\Domowy\\\\Pulpit\\\\ComboFix.exe
Command switches used :: C:\\\\Documents and Settings\\\\Domowy\\\\Pulpit\\\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\\\________
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\\\________
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  )))))))))))))))))))))))))))))))
.
 
2008-06-23 10:33 . 2008-06-23 10:33     <DIR>   d--------       C:\\\\Program Files\\\\directx
2008-06-18 19:27 . 2008-06-18 19:28     <DIR>   d--------       C:\\\\WINDOWS\\\\system32\\\\pl-pl
2008-06-18 19:21 . 2008-06-18 19:28     1,374   --a------       C:\\\\WINDOWS\\\\imsins.BAK
2008-06-18 19:18 . 2008-03-01 15:02     6,066,176       -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\ieframe.dll
2008-06-18 19:18 . 2007-04-17 11:32     2,455,488       -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\ieapfltr.dat
2008-06-18 19:18 . 2007-03-08 07:11     1,036,288       -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\ieframe.dll.mui
2008-06-18 19:18 . 2008-03-01 15:02     459,264 -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\msfeeds.dll
2008-06-18 19:18 . 2008-03-01 15:02     383,488 -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\ieapfltr.dll
2008-06-18 19:18 . 2008-03-01 15:02     267,776 -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\iertutil.dll
2008-06-18 19:18 . 2008-03-01 15:02     63,488  -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\icardie.dll
2008-06-18 19:18 . 2008-03-01 15:02     52,224  -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\msfeedsbs.dll
2008-06-18 19:18 . 2008-02-22 12:00     13,824  -----c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\ieudinit.exe
2008-06-18 19:16 . 2007-08-13 18:54     33,792  --a--c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\custsat.dll
2008-06-18 18:56 . 2008-06-18 18:56     <DIR>   d--------       C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\Office Genuine Advantage
2008-06-18 18:46 . 2006-04-20 13:51     359,808 --a------       C:\\\\WINDOWS\\\\system32\\\\drivers\\\\tcpip.sys.original.orbit
2008-06-18 18:46 . 2006-04-20 13:51     359,808 --a--c---       C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\tcpip.sys.original.orbit
2008-06-18 18:26 . 2008-07-02 10:36     <DIR>   d--------       C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\Orbit
2008-06-17 16:40 . 2008-06-18 10:27     <DIR>   d--------       C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\DNA
2008-06-10 14:14 . 2008-06-10 14:14     <DIR>   d--------       C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\FastStone
2008-06-10 13:38 . 2008-07-01 23:57     24,800  --ah-----       C:\\\\WINDOWS\\\\system32\\\\mlfcache.dat
2008-06-03 20:40 . 2008-06-03 20:40     <DIR>   d--------       C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\.BitTornado
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 13:38        ---------       d-----w C:\\\\Program Files\\\\Common Files\\\\Ahead
2008-07-02 13:11        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\Skype
2008-07-02 11:16        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\skypePM
2008-06-29 15:14        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\MSN6
2008-06-26 09:37        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\AdobeUM
2008-06-18 18:18        ---------       d-----w C:\\\\Program Files\\\\Google
2008-06-18 16:47        359,808 ----a-w C:\\\\WINDOWS\\\\system32\\\\drivers\\\\tcpip.sys
2008-06-18 08:24        ---------       d-----w C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\Apple Computer
2008-06-17 11:32        ---------       d-----w C:\\\\Program Files\\\\DAEMON Tools
2008-06-09 20:42        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\Ahead
2008-05-21 12:54        ---------       d-----w C:\\\\Documents and Settings\\\\Domowy\\\\Dane aplikacji\\\\Winamp
2008-05-21 09:52        ---------       d-----w C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\OrbNetworks
2008-04-28 06:52        2,121,235       ----a-w C:\\\\WINDOWS\\\\system32\\\\x264vfw.dll
2007-12-01 13:57        32      ----a-w C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\ezsid.dat
2001-11-23 04:08        712,704 ----a-r C:\\\\WINDOWS\\\\inf\\\\OTHER\\\\AUDIO3D.DLL
.
 
------- Sigcheck -------
 
2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4      C:\\\\WINDOWS\\\\$hf_mig$\\\\KB917953\\\\SP2QFE\\\\tcpip.sys
2002-08-29 01:58  332928  244a2f9816bc9b593957281ef577d976      C:\\\\WINDOWS\\\\$NtServicePackUninstall$\\\\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c      C:\\\\WINDOWS\\\\$NtUninstallKB917953$\\\\tcpip.sys
2008-06-18 18:47  359040  28f288e08a098df3c0eb6aa813bb41fd      C:\\\\WINDOWS\\\\ServicePackFiles\\\\i386\\\\tcpip.sys
2008-06-18 18:47  359808  ea754d7c4824cc93ec0758aac70e4b07      C:\\\\WINDOWS\\\\system32\\\\dllcache\\\\tcpip.sys
2008-06-18 18:47  359808  ea754d7c4824cc93ec0758aac70e4b07      C:\\\\WINDOWS\\\\system32\\\\drivers\\\\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]
\\\"CTFMON.EXE\\\"=\\\"C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe\\\" [2004-08-04 01:44 15360]
\\\"Gadu-Gadu\\\"=\\\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\\\" [2008-06-18 10:08 2131392]
\\\"Skype\\\"=\\\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\\\" [2007-12-07 16:08 21686568]
 
[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]
\\\"ATIPTA\\\"=\\\"C:\\\\Program Files\\\\ATI Technologies\\\\ATI Control Panel\\\\atiptaxx.exe\\\" [2004-08-25 13:52 339968]
\\\"CnxDslTaskBar\\\"=\\\"C:\\\\Program Files\\\\ZTE Corporation\\\\ZXDSL852\\\\CnxDslTb.exe\\\" [2005-07-21 22:52 278528]
\\\"DAEMON Tools\\\"=\\\"C:\\\\Program Files\\\\DAEMON Tools\\\\daemon.exe\\\" [2005-11-09 00:00 128920]
\\\"avast!\\\"=\\\"C:\\\\PROGRA~1\\\\ALWILS~1\\\\Avast4\\\\ashDisp.exe\\\" [2008-05-16 01:19 79224]
 
[HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]
\\\"CTFMON.EXE\\\"=\\\"C:\\\\WINDOWS\\\\System32\\\\CTFMON.EXE\\\" [2004-08-04 01:44 15360]
 
[HKEY_LOCAL_MACHINE\\\\software\\\\microsoft\\\\windows nt\\\\currentversion\\\\drivers32]
\\\"msacm.l3fhg\\\"= mp3fhg.acm
\\\"msacm.divxa32\\\"= divxa32.acm
\\\"VIDC.X264\\\"= x264vfw.dll
\\\"VIDC.HFYU\\\"= huffyuv.dll
\\\"vidc.i263\\\"= i263_32.drv
\\\"VIDC.YV12\\\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\\\software\\\\microsoft\\\\security center]
\\\"UpdatesDisableNotify\\\"=dword:00000001
 
[HKLM\\\\~\\\\services\\\\sharedaccess\\\\parameters\\\\firewallpolicy\\\\standardprofile\\\\AuthorizedApplications\\\\List]
\\\"C:\\\\\\\\Program Files\\\\\\\\Gadu-Gadu\\\\\\\\gg.exe\\\"=
\\\"C:\\\\\\\\Program Files\\\\\\\\Skype\\\\\\\\Phone\\\\\\\\Skype.exe\\\"=
 
R1 aswSP;avast! Self Protection;C:\\\\WINDOWS\\\\system32\\\\drivers\\\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\aswFsBlk.sys [2008-05-16 01:16]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\CnxEtP.sys [2005-05-20 20:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\CnxEtU.sys [2005-05-20 20:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\CnxTgNW.sys [2005-05-20 20:28]
 
*Newly Created Service* - CATCHME
.
Contents of the \\\'Scheduled Tasks\\\' folder
\\\"2008-06-28 11:19:01 C:\\\\WINDOWS\\\\Tasks\\\\AppleSoftwareUpdate.job\\\"
- C:\\\\Program Files\\\\Apple Software Update\\\\SoftwareUpdate.exe
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 16:29:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\\\\WINDOWS\\\\system32\\\\winlogon.exe
-> C:\\\\WINDOWS\\\\system32\\\\Ati2evxx.dll
.
Completion time: 2008-07-02 16:31:19
ComboFix-quarantined-files.txt  2008-07-02 14:31:07
ComboFix2.txt  2008-07-02 14:04:38
 
Pre-Run: 536,215,552 bajtów wolnych
Post-Run: 525,148,160 bajtów wolnych
 
122     --- E O F ---   2007-12-31 13:09:35
Wygenerowano w 0.058s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!