wklejto.pl

Dodane przez: ~tlx (2008-07-02 16:26) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
ComboFix 08-07-01.3 - Marc(w)el 2008-07-02 16:20:14.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.669 [GMT 2:00]
Running from: C:\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
        /wow section not completed
 
(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  )))))))))))))))))))))))))))))))
.
 
2008-07-02 16:17 . 2008-07-02 16:17     2,168,192       --a------       C:\\ComboFix.exe
2008-07-02 15:34 . 2008-07-02 15:34     <DIR>   d--------       C:\\Program Files\\ReflexiveArcade
2008-07-01 23:15 . 2008-07-02 13:41     7,168   --a------       C:\\WINDOWS\\system32\\braviax.exe
2008-07-01 22:52 . 2008-07-01 23:12     <DIR>   d--------       C:\\Documents and Settings\\Marc(w)el\\Dane aplikacji\\Hamachi
2008-07-01 22:52 . 2008-07-01 22:52     25,280  --a------       C:\\WINDOWS\\system32\\drivers\\hamachi.sys
2008-07-01 14:45 . 2008-07-01 14:45     <DIR>   d--------       C:\\Program Files\\BoontyGames
2008-06-30 14:08 . 2001-10-19 14:40     1,683,792       --a------       C:\\WINDOWS\\system32\\wmvcore2.dll
2008-06-30 14:08 . 2001-10-19 14:40     665,424 --a------       C:\\WINDOWS\\system32\\wmv8dmoe.dll
2008-06-30 14:08 . 2001-10-19 14:39     572,752 --a------       C:\\WINDOWS\\system32\\wmvdmoe.dll
2008-06-30 14:08 . 2001-10-19 14:40     438,608 --a------       C:\\WINDOWS\\system32\\wmv8dmod.dll
2008-06-30 14:08 . 2001-10-19 02:05     285,184 --a------       C:\\WINDOWS\\system32\\wmidx2.ocx
2008-06-30 14:08 . 2008-06-30 14:08     156,910 --a------       C:\\WINDOWS\\WMSysPr8.prx
2008-06-12 23:32 . 2008-06-16 23:31     <DIR>   d--------       C:\\WINDOWS\\system32\\Adobe
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:21        34,039,840      --sha-w C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2008-07-02 14:03        4,274,698       ----a-w C:\\WINDOWS\\Internet Logs\\tvDebug.zip
2008-07-02 14:01        403,772 --sha-w C:\\WINDOWS\\system32\\drivers\\fidbox.idx
2008-07-02 11:34        6,897,152       ----a-w C:\\WINDOWS\\Internet Logs\\xDB1.tmp
2008-07-02 11:34        1,719,808       ----a-w C:\\WINDOWS\\Internet Logs\\xDB2.tmp
2008-07-01 22:30        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Grisoft
2008-07-01 21:19        ---------       d-----w C:\\Documents and Settings\\Marc(w)el\\Dane aplikacji\\AVG7
2008-06-19 21:06        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-13 15:40        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Microsoft Help
2008-05-27 17:49        ---------       d-----w C:\\Documents and Settings\\Marc(w)el\\Dane aplikacji\\DivX
2008-05-26 15:43        ---------       d-----w C:\\Documents and Settings\\Marc(w)el\\Dane aplikacji\\Samsung
2008-05-26 15:34        ---------       d-----w C:\\Program Files\\Samsung
2008-05-24 20:18        ---------       d-----w C:\\Program Files\\Google
2008-05-24 17:05        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\YoGen
2008-05-04 08:40        12,400  ----a-w C:\\WINDOWS\\system32\\drivers\\secdrv.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
\"AlcoholAutomount\"=\"D:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" [2008-02-22 17:58 217544]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 12:50 155648]
\"ZoneAlarm Client\"=\"D:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" [2007-11-14 17:05 919016]
\"GrooveMonitor\"=\"D:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 01:47 31016]
\"AVG7_CC\"=\"D:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" [2008-04-18 07:31 579584]
\"SunJavaUpdateSched\"=\"D:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
\"AVG7_Run\"=\"D:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe\" [2008-04-10 17:06 219136]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
DSLMON.lnk - C:\\Program Files\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe [2008-02-11 19:58:27 1205840]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
\"AppInit_DLLs\"=NVDESK32.DLL
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.ac3filter\"= ac3filter.acm
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\ZoneLabsFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"D:\\\\Program Files\\\\FlashGet\\\\flashget.exe\"=
\"D:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"D:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"D:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"D:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avginet.exe\"=
\"D:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avgamsvr.exe\"=
\"D:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avgcc.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"8782:TCP\"= 8782:TCP:BitComet 8782 TCP
\"8782:UDP\"= 8782:UDP:BitComet 8782 UDP
 
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\\WINDOWS\\system32\\DRIVERS\\e4usbaw.sys [2007-01-04 14:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\\WINDOWS\\system32\\Drivers\\e4ldr.sys [2007-01-04 14:47]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\\WINDOWS\\System32\\DRIVERS\\ASPI32.sys [2002-07-17 08:05]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\\WINDOWS\\system32\\DRIVERS\\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\\WINDOWS\\system32\\DRIVERS\\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\\WINDOWS\\system32\\DRIVERS\\ss_mdm.sys [2007-05-02 11:11]
 
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 16:20:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-02 16:23:10
 
Pre-Run: 4,022,099,968 bajtów wolnych
Post-Run: 4,006,715,392 bajtów wolnych
 
105
 
Wygenerowano w 0.047s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!