wklejto.pl

Dodane przez: ~Doody (2008-07-06 17:00) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
ComboFix 08-07-05.1 - Doody 2008-07-06 16:29:13.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.204 [GMT 2:00]
Running from: C:\\Documents and Settings\\Doody\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Doody\\Pulpit\\CFScript.txt
 * Created a new restore point
 * Resident AV is active
 
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Program Files\\AskSBar
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2FFXTBR.JAR
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2FFXTBR.MANIFEST
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2HIGHIN.EXE
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2NTSTBR.JAR
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2NTSTBR.MANIFEST
C:\\Program Files\\AskSBar\\bar\\1.bin\\A2PLUGIN.DLL
C:\\Program Files\\AskSBar\\bar\\1.bin\\ASKSBAR.DLL
C:\\Program Files\\AskSBar\\bar\\1.bin\\NPASKSBR.DLL
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]003F965
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]00402DB
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]0040B76.bin
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]0040D79.bin
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]0040F8D.bin
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]004126B.bin
C:\\Program Files\\AskSBar\\bar\\Cache\\[u]0[/u]0041605.bin
C:\\Program Files\\AskSBar\\bar\\Cache\\files.ini
C:\\Program Files\\AskSBar\\bar\\History\\search2
C:\\Program Files\\AskSBar\\bar\\Settings\\prevcfg2.htm
C:\\Program Files\\AskSBar\\SrchAstt\\1.bin\\A2SRCHAS.DLL
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-06 to 2008-07-06  )))))))))))))))))))))))))))))))
.
 
2008-07-06 12:17 . 2008-07-06 12:17     <DIR>   d--------       C:\\Documents and Settings\\LocalService\\Dane aplikacji\\Webroot
2008-07-06 12:10 . 2008-07-06 12:10     <DIR>   d--------       C:\\Documents and Settings\\Doody\\Dane aplikacji\\Webroot
2008-07-06 12:10 . 2008-07-06 12:10     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Webroot
2008-07-06 12:10 . 2008-06-10 12:49     1,538,928       --a------       C:\\WINDOWS\\WRSetup.dll
2008-07-06 11:56 . 2008-07-06 11:56     164     --a------       C:\\install.dat
2008-07-06 10:55 . 2008-07-06 10:52     691,545 --a------       C:\\WINDOWS\\unins000.exe
2008-07-06 10:55 . 2008-07-06 10:55     2,540   --a------       C:\\WINDOWS\\unins000.dat
2008-07-05 21:01 . 2008-07-05 21:01     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-07-05 21:00 . 2008-07-05 21:00     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-07-05 20:06 . 2008-07-05 20:06     <DIR>   d--------       C:\\Program Files\\WinFF
2008-07-05 20:06 . 2008-07-05 20:16     <DIR>   d--------       C:\\Documents and Settings\\Doody\\Dane aplikacji\\WinFF
2008-07-05 19:54 . 2008-07-05 19:56     <DIR>   d--------       C:\\Program Files\\Winamp
2008-07-05 19:47 . 2008-07-05 19:47     <DIR>   d--------       C:\\Program Files\\GSpot
2008-07-05 19:18 . 2008-07-05 19:18     <DIR>   d--------       C:\\Program Files\\Codec
2008-06-21 19:34 . 2008-06-21 19:34     <DIR>   d--------       C:\\Program Files\\Techland
2008-06-10 00:17 . 2008-06-10 00:17     166,512 --a------       C:\\WINDOWS\\system32\\drivers\\ssidrv.sys
2008-06-10 00:17 . 2008-06-10 00:17     29,808  --a------       C:\\WINDOWS\\system32\\drivers\\ssfs0bbc.sys
2008-06-10 00:17 . 2008-06-10 00:17     23,152  --a------       C:\\WINDOWS\\system32\\drivers\\sshrmd.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 10:10        ---------       d-----w C:\\Program Files\\Webroot
2008-07-06 09:53        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-07-06 08:52        ---------       d-----w C:\\Program Files\\Spybot - Search & Destroy
2008-07-05 18:51        ---------       d---a-w C:\\Program Files\\BearShare Applications
2008-07-05 17:05        ---------       d-----w C:\\Program Files\\VideoLAN
2008-07-05 17:04        ---------       d-----w C:\\Program Files\\MarBit
2008-07-05 16:15        ---------       d-----w C:\\Program Files\\CyberLink
2008-07-05 16:06        ---------       d-----w C:\\Program Files\\UltraISO
2008-07-05 16:03        ---------       d-----w C:\\Program Files\\DivX
2008-07-05 15:57        ---------       d-----w C:\\Program Files\\Gabest
2008-07-05 15:53        ---------       d-----w C:\\Program Files\\AviSynth 2.5
2008-07-05 15:43        ---------       d-----w C:\\Program Files\\PhonerLite
2008-07-05 07:02        ---------       d-----w C:\\Program Files\\Diablo II
2008-07-02 08:40        ---------       d-----w C:\\Documents and Settings\\Doody\\Dane aplikacji\\BearShare
2008-06-24 13:34        43,520  ----a-w C:\\WINDOWS\\system32\\CmdLineExt03.dll
2008-06-04 08:01        102,280 ----a-w C:\\WINDOWS\\system32\\drivers\\pwipf6.sys
2008-06-04 08:00        173,448 ----a-w C:\\WINDOWS\\system32\\wdfproc.dll
2008-06-02 11:41        21,840  ----atw C:\\WINDOWS\\system32\\SIntfNT.dll
2008-06-02 11:41        17,212  ----atw C:\\WINDOWS\\system32\\SIntf32.dll
2008-06-02 11:41        12,067  ----atw C:\\WINDOWS\\system32\\SIntf16.dll
2008-06-02 11:01        2,829   ----a-w C:\\WINDOWS\\DIIUnin.pif
2008-06-02 11:01        106,496 ----a-w C:\\WINDOWS\\DIIUnin.exe
2008-05-30 22:22        683,520 ----a-w C:\\WINDOWS\\system32\\divx.dll
2008-05-24 09:34        ---------       d-----w C:\\Program Files\\Avast4
2008-05-24 09:24        98,304  ----a-w C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-05-24 09:13        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-05-23 21:38        ---------       d-----w C:\\Program Files\\FunnySoft
2008-05-22 21:22        524,288 ----a-w C:\\WINDOWS\\system32\\divxsm.exe
2008-05-22 21:22        3,596,288       ----a-w C:\\WINDOWS\\system32\\qt-dx331.dll
2008-05-22 21:19        81,920  ----a-w C:\\WINDOWS\\system32\\dpl100.dll
2008-05-16 19:03        30,601  ----a-w C:\\WINDOWS\\java\\x.exe
2008-05-16 19:02        ---------       d-----w C:\\Program Files\\eMule
2008-05-16 19:01        ---------       d-----w C:\\Program Files\\AudioCommander
2008-05-10 13:58        ---------       d--h--w C:\\Program Files\\Zero G Registry
2008-04-27 08:35        180,224 ----a-w C:\\WINDOWS\\system32\\xvidvfw.dll
2008-04-27 08:33        765,952 ----a-w C:\\WINDOWS\\system32\\xvidcore.dll
2006-08-27 09:35        22,432  ----a-w C:\\Documents and Settings\\Doody\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2007-01-25 09:23        5       --sha-w C:\\WINDOWS\\system32\\fbffdda6_s.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2007-07-21 01:31 68856]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"S3Trayp\"=\"C:\\WINDOWS\\SYSTEM32\\S3Trayp.exe\" [2005-08-08 13:02 163840]
\"DAEMON Tools-1033\"=\"C:\\Program Files\\D-Tools\\daemon.exe\" [2004-08-22 17:05 81920]
\"avast!\"=\"C:\\PROGRA~1\\Avast4\\ashDisp.exe\" [2008-05-16 01:19 79224]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\qttask.exe\" [2006-09-01 15:57 282624]
\"Webroot Desktop Firewall\"=\"C:\\Program Files\\Webroot\\Webroot Desktop Firewall\\WDF.exe\" [2008-06-04 10:00 2180488]
\"SpySweeper\"=\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" [2008-06-10 12:49 5414256]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
BlueSoleil.lnk - C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe [2006-08-09 20:56:34 1044480]
Enable Labtec Wireless Desktop.lnk - C:\\Program Files\\Labtec Wireless Desktop\\MagicKey.exe [2006-08-09 20:54:40 258048]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.vp31\"= vp31vfw.dll
\"aux\"= ctwdm32.dll
\"msacm.ac3filter\"= ac3filter.acm
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
\"DisableNotifications\"= 1 (0x1)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\IVT Corporation\\\\BlueSoleil\\\\BlueSoleil.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\DC++\\\\DCPlusPlus.exe\"=
\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Cerberus\\\\Cerberus.exe\"=
\"C:\\\\Program Files\\\\Diablo II\\\\Diablo II.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"3389:TCP\"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
\"21:TCP\"= 21:TCP:21
\"20:TCP\"= 20:TCP:20
\"6112:TCP\"= 6112:TCP:Diablo
\"6112:UDP\"= 6112:UDP:Diablo udp
\"135:TCP\"= 135:TCP:DCOM(135)
 
R0 ssfs0bbc;ssfs0bbc;C:\\WINDOWS\\system32\\DRIVERS\\ssfs0bbc.sys [2008-06-10 00:17]
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R1 kbfilter;Keyboard Filter Driver;C:\\WINDOWS\\system32\\drivers\\kbfilter.sys [2003-03-27 13:55]
R1 pwipf6;pwipf6;C:\\WINDOWS\\system32\\drivers\\pwipf6.sys [2008-06-04 10:01]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 ithsgt;ithsgt;C:\\WINDOWS\\system32\\DRIVERS\\ithsgt.sys [2007-02-07 22:18]
R2 lilsgt;lilsgt;C:\\WINDOWS\\system32\\DRIVERS\\lilsgt.sys [2007-02-07 22:18]
R2 WDFNet;Webroot Desktop Firewall network service;C:\\Program Files\\Webroot\\Webroot Desktop Firewall\\wdfsvc.exe [2008-06-04 10:00]
R3 S3G700;S3G700;C:\\WINDOWS\\system32\\DRIVERS\\S3G700m.sys [2005-08-22 02:42]
R3 usbstor;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2004-08-03 23:08]
S3 ids00026;ids00026;C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Anti-Virus Personal\\5.0\\bases\\ids00026.sys []
S3 ids00118;ids00118;C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Anti-Virus Personal\\5.0\\bases\\ids00118.sys []
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\\WINDOWS\\system32\\DRIVERS\\SkyNET.SYS [2007-10-01 20:54]
S3 usbscan;Sterownik skanera USB;C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2004-08-03 22:58]
S3 V0010bVd;Creative WebCam Vista #2;C:\\WINDOWS\\system32\\DRIVERS\\V0010bVd.sys [2003-04-21 09:19]
S4 SandBox;Outpost Firewall Sandbox Driver;C:\\Program Files\\Agnitum\\Outpost Firewall\\kernel\\Sandbox.SYS []
 
*Newly Created Service* - CATCHME
.
Contents of the \'Scheduled Tasks\' folder
\"2008-07-06 10:11:35 C:\\WINDOWS\\Tasks\\wrSpySweeperFullSweep.job\"
- C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe%/ScheduleSweep=wrSpySweeperFullSweep
- C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.ex
- C:\\
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 16:52:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-06 17:00:17
ComboFix-quarantined-files.txt  2008-07-06 14:59:52
ComboFix2.txt  2008-07-06 13:18:09
 
Pre-Run: 3,589,910,528 bajtów wolnych
Post-Run: 3,586,310,144 bajtów wolnych
 
176
 
Wygenerowano w 0.082s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!