wklejto.pl

Dodane przez: ~kryniczan (2008-07-02 21:13) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
ComboFix 08-07-01.5 - Kryniczan 2008-07-02 20:57:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.1126 [GMT 2:00]
Running from: C:\\Users\\Kryniczan\\Desktop\\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Users\\Kryniczan\\AppData\\Roaming\\inst.exe
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  )))))))))))))))))))))))))))))))
.
 
2008-07-02 20:36 . 2008-07-02 20:48     <DIR>   d--------       C:\\SDFix
2008-07-01 21:14 . 2008-07-01 21:14     96,966  --a------       C:\\Windows\\System32\\drivers\\klin.dat
2008-07-01 21:14 . 2008-07-01 21:14     88,774  --a------       C:\\Windows\\System32\\drivers\\klick.dat
2008-07-01 21:13 . 2008-07-01 23:36     <DIR>   d--------       C:\\Program Files\\Kaspersky Internet Security 2009
2008-07-01 21:13 . 2008-07-02 20:50     4,519,456       --ahs----       C:\\Windows\\System32\\drivers\\fidbox.dat
2008-07-01 21:13 . 2008-07-02 20:50     335,904 --ahs----       C:\\Windows\\System32\\drivers\\fidbox2.dat
2008-07-01 21:13 . 2008-07-02 20:50     40,580  --ahs----       C:\\Windows\\System32\\drivers\\fidbox.idx
2008-07-01 21:13 . 2008-07-02 20:50     3,276   --ahs----       C:\\Windows\\System32\\drivers\\fidbox2.idx
2008-07-01 20:28 . 2008-07-01 20:32     <DIR>   d-a------       C:\\ProgramData\\TEMP
2008-07-01 20:28 . 2008-07-01 20:28     <DIR>   d--------       C:\\Program Files\\Kaspersky Lab
2008-07-01 20:28 . 2008-07-01 20:28     124,688 --a------       C:\\Windows\\System32\\MSWINSCK.OCX
2008-06-25 19:20 . 2008-06-25 19:20     <DIR>   d--------       C:\\Program Files\\NAPI-PROJEKT
2008-06-25 18:28 . 2008-06-25 18:28     <DIR>   d--------       C:\\Program Files\\SubEdit
2008-06-22 09:25 . 2008-04-26 10:02     1,327,104       --a------       C:\\Windows\\System32\\quartz.dll
2008-06-22 09:25 . 2008-04-29 03:42     220,160 --a------       C:\\Windows\\System32\\drivers\\bthport.sys
2008-06-22 09:25 . 2008-04-29 05:50     181,760 --a------       C:\\Windows\\System32\\fsquirt.exe
2008-06-22 09:25 . 2008-04-29 03:42     29,184  --a------       C:\\Windows\\System32\\drivers\\BTHUSB.SYS
2008-06-22 09:25 . 2008-04-29 03:42     19,456  --a------       C:\\Windows\\System32\\drivers\\bthenum.sys
2008-06-20 22:56 . 2008-06-21 19:51     <DIR>   d--------       C:\\Program Files\\Expressivo Demo
2008-06-14 19:14 . 2008-06-14 19:14     <DIR>   d--------       C:\\Users\\Kryniczan\\.VirtualBox
2008-06-14 19:14 . 2007-10-18 09:55     40,928  --a------       C:\\Windows\\System32\\drivers\\VBoxDrv.sys
2008-06-14 19:12 . 2008-06-14 19:19     <DIR>   d----c---       C:\\Windows\\System32\\DRVSTORE
2008-06-14 19:12 . 2007-10-18 09:55     27,776  --a------       C:\\Windows\\System32\\drivers\\VBoxUSBMon.sys
2008-06-14 19:00 . 2008-06-14 18:59     720,896 --a------       C:\\Windows\\iun6002.exe
2008-06-08 08:42 . 2008-06-08 08:42     <DIR>   d--------       C:\\perflogs
2008-06-05 21:03 . 2007-04-09 13:23     28,040  --a------       C:\\Windows\\System32\\mdimon.dll
2008-06-05 21:03 . 2008-06-05 21:03     412     --a------       C:\\Windows\\ODBC.INI
2008-06-05 21:00 . 2008-06-05 21:00     <DIR>   d--------       C:\\Windows\\PCHEALTH
2008-06-05 21:00 . 2008-06-05 21:00     <DIR>   d--------       C:\\Program Files\\Microsoft.NET
2008-06-05 20:57 . 2008-06-05 20:57     <DIR>   dr-h-----       C:\\MSOCache
2008-06-05 20:12 . 2008-06-05 20:12     <DIR>   d--------       C:\\Users\\Kryniczan\\AppData\\Roaming\\Template
2008-06-05 20:12 . 2008-06-05 20:13     116     --a------       C:\\Users\\Kryniczan\\AppData\\Roaming\\wklnhst.dat
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 18:56        ---------       d-----w C:\\ProgramData\\Kaspersky Lab
2008-07-02 18:32        ---------       d-----w C:\\Users\\Kryniczan\\AppData\\Roaming\\SiteAdvisor
2008-07-02 05:12        ---------       d-----w C:\\Users\\Kryniczan\\AppData\\Roaming\\uTorrent
2008-07-01 19:14        ---------       d-----w C:\\Program Files\\Mozilla Thunderbird
2008-07-01 19:09        ---------       d-----w C:\\ProgramData\\Kaspersky Lab Setup Files
2008-07-01 19:06        ---------       d-----w C:\\Program Files\\AQQ
2008-06-30 16:12        96,575  ----a-w C:\\Users\\Kryniczan\\AppData\\Roaming\\nvModes.dat
2008-06-27 21:06        ---------       d-----w C:\\Users\\Kryniczan\\AppData\\Roaming\\Skype
2008-06-22 07:34        ---------       d-----w C:\\Program Files\\Windows Mail
2008-06-15 19:05        ---------       d-----w C:\\Program Files\\Opera
2008-06-05 18:45        ---------       d-----w C:\\ProgramData\\Microsoft Help
2008-06-05 18:44        ---------       d-----w C:\\Program Files\\Microsoft Works
2008-06-01 19:43        ---------       d-----w C:\\Program Files\\AIMP2
2008-05-30 18:39        ---------       d-----w C:\\Program Files\\WapSter AQQ 2
2008-05-24 18:12        ---------       d-----w C:\\Program Files\\Canon
2008-05-21 18:27        ---------       d-----w C:\\Users\\Kryniczan\\AppData\\Roaming\\GHISLER
2008-05-10 01:21        113,664 ----a-w C:\\Windows\\system32\\drivers\\rmcast.sys
2008-04-25 04:23        52,736  ----a-w C:\\Windows\\AppPatch\\iebrshim.dll
2008-03-27 11:29        47,360  ----a-w C:\\Users\\Kryniczan\\AppData\\Roaming\\pcouffin.sys
2007-12-10 17:17        174     --sha-w C:\\Program Files\\desktop.ini
2008-03-28 20:51        16,384  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat
2008-03-28 20:51        32,768  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat
2008-03-28 20:51        16,384  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22        62728   --a------       C:\\Program Files\\Kaspersky Internet Security 2009\\ievkbd.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\ADSMOverlayIcon1]
@=\"{A8D448F4-0431-45AC-9F5E-E1B434AB2249}\"
[HKEY_CLASSES_ROOT\\CLSID\\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 03:08        143360  --a------       C:\\Program Files\\ASUS\\ASUS Data Security Manager\\OverlayIconShlExt1.dll
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=\"C:\\Program Files\\Windows Sidebar\\sidebar.exe\" [2008-03-21 20:09 1232896]
\"ehTray.exe\"=\"C:\\Windows\\ehome\\ehTray.exe\" [2006-11-02 14:35 125440]
\"DAEMON Tools\"=\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" [2007-08-16 13:24 167368]
\"WMPNSCFG\"=\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\" [2006-11-02 14:36 201728]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SMSERIAL\"=\"C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe\" [2006-11-22 11:31 630784]
\"NvSvc\"=\"C:\\Windows\\system32\\nvsvc.dll\" [2007-05-22 16:34 86016]
\"NvCplDaemon\"=\"C:\\Windows\\system32\\NvCpl.dll\" [2007-05-22 16:34 8433664]
\"NvMediaCenter\"=\"C:\\Windows\\system32\\NvMcTray.dll\" [2007-05-22 16:34 81920]
\"ATKMEDIA\"=\"C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE\" [2006-11-02 18:27 61440]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-03-01 15:24 857648]
\"ASUS Screen Saver Protector\"=\"C:\\Windows\\ASScrPro.exe\" [2007-12-10 20:20 33136]
\"ASUS Camera ScreenSaver\"=\"C:\\Windows\\ASScrProlog.exe\" [2007-12-10 20:20 37232]
\"NeroFilterCheck\"=\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2007-03-01 16:57 153136]
\"AVP\"=\"C:\\Program Files\\Kaspersky Internet Security 2009\\avp.exe\" [2008-04-25 18:21 201992]
\"RtHDVCpl\"=\"RtHDVCpl.exe\" [2007-09-03 12:39 4702208 C:\\Windows\\RtHDVCpl.exe]
\"Skytel\"=\"Skytel.exe\" [2007-08-03 07:22 1826816 C:\\Windows\\SkyTel.exe]
 
C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
Canon LBP5000 Status Window.lnk - C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\CNAC4LAK.EXE [2008-05-24 20:09:10 50848]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.divxa32\"= divxa32.acm
 
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk
backup=C:\\Windows\\pss\\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk
backup=C:\\Windows\\pss\\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PowerForPhone]
--a------ 2007-06-26 20:10 778240 C:\\Program Files\\PowerForPhone\\PowerForPhone.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"UacDisableNotify\"=dword:00000001
\"InternetSettingsDisableNotify\"=dword:00000001
\"AutoUpdateDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\DomainProfile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\FirewallRules]
\"{3D8FD5AF-B687-4FCB-BE3C-BE8282B792FD}\"= UDP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Civilization4.exe:Sid Meier\'s Civilization 4 Complete
\"{069F48CF-8767-49FC-9ECC-A2818E87F412}\"= TCP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Civilization4.exe:Sid Meier\'s Civilization 4 Complete
\"{1A247175-66C2-4962-AE33-47EEBA248C0F}\"= UDP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Warlords\\Civ4Warlords.exe:Sid Meier\'s Civilization 4: Warlords
\"{B954C56F-8328-418D-BC01-2194286A73DE}\"= TCP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Warlords\\Civ4Warlords.exe:Sid Meier\'s Civilization 4: Warlords
\"{6F04DDC0-272D-4593-9FEC-5449ECAF02EB}\"= UDP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe:Sid Meier\'s Civilization 4: Beyond the Sword
\"{1C9D54A6-DE84-478C-80E2-599B9A43A7F9}\"= TCP:C:\\Gry\\Sid Meier\'s Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe:Sid Meier\'s Civilization 4: Beyond the Sword
\"{3EF98A12-FA49-4B32-B7E7-D9475F4705DC}\"= UDP:C:\\Program Files\\uTorrent\\uTorrent.exe:µTorrent
\"{609A77FF-B90F-4C70-A452-8EB12F464939}\"= TCP:C:\\Program Files\\uTorrent\\uTorrent.exe:µTorrent
\"{503CD7CD-2E6C-41D9-814D-E614A3C938A7}\"= UDP:C:\\Program Files\\uTorrent\\uTorrent.exe:µTorrent
\"{C3E95113-F24B-4632-B2BC-C7414528614A}\"= TCP:C:\\Program Files\\uTorrent\\uTorrent.exe:µTorrent
\"{51F3C297-D5A9-448E-9552-789BA3416853}\"= Disabled:UDP:C:\\Program Files\\Skype\\Phone\\Skype.exe:Skype
\"{712B8BDE-0364-485D-B28D-52270E37F4B7}\"= Disabled:TCP:C:\\Program Files\\Skype\\Phone\\Skype.exe:Skype
\"{6DAA90ED-1A93-4EE3-81EE-33DD3296246A}\"= UDP:C:\\Windows\\System32\\CNAC4RPK.EXE:Canon LBP5000 RPC Server Process
\"{07E4DF28-A87B-4F9E-811E-DCB21C79A8A9}\"= TCP:C:\\Windows\\System32\\CNAC4RPK.EXE:Canon LBP5000 RPC Server Process
\"TCP Query User{BC624F53-EA3E-4471-9148-1CDA470B9FE6}C:\\\\program files\\\\wapster aqq 2\\\\aqq.exe\"= UDP:C:\\program files\\wapster aqq 2\\aqq.exe:AQQ
\"UDP Query User{75275335-307A-448B-82D4-51686FD146AD}C:\\\\program files\\\\wapster aqq 2\\\\aqq.exe\"= TCP:C:\\program files\\wapster aqq 2\\aqq.exe:AQQ
\"TCP Query User{1BC2413D-9E96-44BA-9B4A-A3B71846E434}C:\\\\programdata\\\\kaspersky lab setup files\\\\kaspersky internet security 2009\\\\polish\\\\setup.exe\"= UDP:C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe:Kaspersky Internet Security 2009 Setup
\"UDP Query User{F449AA85-F554-400C-95C3-96559BE51502}C:\\\\programdata\\\\kaspersky lab setup files\\\\kaspersky internet security 2009\\\\polish\\\\setup.exe\"= TCP:C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe:Kaspersky Internet Security 2009 Setup
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\PublicProfile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\RestrictedServices\\Static\\System]
\"DFSR-1\"= RPort=5722|UDP:%SystemRoot%\\system32\\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\StandardProfile]
\"EnableFirewall\"= 0 (0x0)
 
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\\Windows\\system32\\drivers\\klbg.sys [2008-01-29 18:29]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\\Windows\\system32\\DRIVERS\\klim6.sys [2008-03-26 13:10]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\\Windows\\system32\\DRIVERS\\l160x86.sys [2007-08-29 18:38]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\\Windows\\system32\\DRIVERS\\klfltdev.sys [2008-03-13 19:02]
R3 Ltn_hyd7700pc;TV tuner device ;C:\\Windows\\system32\\Drivers\\Ltn_hyd7700pc.sys [2007-05-18 07:50]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\\Windows\\system32\\Drivers\\e4ldr.sys [2007-01-04 13:47]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\\Windows\\system32\\DRIVERS\\e4usbaw.sys [2007-01-04 13:48]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
bthsvcs REG_MULTI_SZ    BthServ
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{69734781-f770-11dc-9655-001de0485def}]
\\shell\\AutoRun\\command - I:\\autorun.exe
 
*Newly Created Service* - CATCHME
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
\"C:\\Program Files\\Common Files\\LightScribe\\LSRunOnce.exe\"
.
Contents of the \'Scheduled Tasks\' folder
\"2008-07-01 18:49:40 C:\\Windows\\Tasks\\User_Feed_Synchronization-{42270C47-B895-4376-8F2D-3717573FF4EB}.job\"
- C:\\Windows\\system32\\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
 
MSConfigStartUp-WinampAgent - C:\\Program Files\\Winamp\\winampa.exe
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 21:15:28
Windows 6.0.6000  NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-02 21:16:48
ComboFix-quarantined-files.txt  2008-07-02 19:16:45
 
Pre-Run: 59,594,162,176 bajtów wolnych
Post-Run: 60,381,503,488 bajtów wolnych
 
188     --- E O F ---   2008-06-24 15:39:28
 
Wygenerowano w 0.097s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!