wklejto.pl

Dodane przez: ~matikaka1 (2008-07-06 19:37) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
ComboFix 08-07-05.1 - Ola 2008-07-06 19:41:20.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1591 [GMT 2:00]
Running from: C:\\Documents and Settings\\Ola\\Pulpit\\Combo-Fix.exe
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-06 to 2008-07-06  )))))))))))))))))))))))))))))))
.
 
2008-07-06 19:37 . 2008-07-06 19:37     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-07-06 19:30 . 2008-07-06 19:30     <DIR>   d--------       C:\\Program Files\\Driver Cleaner
2008-07-06 12:22 . 2008-07-06 14:03     <DIR>   d--------       C:\\Program Files\\Unlocker
2008-07-06 12:22 . 2008-07-06 12:22     <DIR>   d--------       C:\\Documents and Settings\\Ola\\Dane aplikacji\\Desktopicon
2008-07-06 12:19 . 2008-07-06 12:19     <DIR>   d--------       C:\\Documents and Settings\\Ola\\Dane aplikacji\\Lavasoft
2008-07-06 12:18 . 2008-07-06 12:18     <DIR>   d--------       C:\\Program Files\\Lavasoft
2008-07-06 11:41 . 2008-07-06 11:41     <DIR>   d--------       C:\\Documents and Settings\\Ola\\Dane aplikacji\\Grisoft
2008-07-06 11:41 . 2007-05-30 14:10     10,872  --a------       C:\\WINDOWS\\system32\\drivers\\AvgAsCln.sys
2008-07-05 10:46 . 2008-07-05 10:46     <DIR>   d--------       C:\\Program Files\\PokerStars
2008-07-01 11:27 . 2008-07-01 11:27     <DIR>   d--------       C:\\Program Files\\Opera
2008-06-30 11:26 . 2008-06-30 11:26     <DIR>   d--------       C:\\Program Files\\Casino
2008-06-30 11:14 . 2008-06-30 11:14     <DIR>   d--------       C:\\Program Files\\Ashampoo
2008-06-14 12:47 . 2008-06-14 12:47     <DIR>   d--------       C:\\Documents and Settings\\Ola\\Dane aplikacji\\LGSync
2008-06-14 12:46 . 2008-06-14 12:46     <DIR>   d--------       C:\\Program Files\\LG Electronics
2008-06-14 12:46 . 2005-06-24 18:36     39,036  --a------       C:\\WINDOWS\\system32\\drivers\\lgusbmodem.sys
2008-06-14 12:46 . 2005-05-26 11:01     21,344  --a------       C:\\WINDOWS\\system32\\drivers\\lgusbbus.sys
2008-06-14 12:45 . 2008-06-14 12:45     <DIR>   d--------       C:\\Program Files\\LGE GSM PC Sync
2008-06-14 12:45 . 2004-09-16 11:31     1,703,936       --a------       C:\\WINDOWS\\system32\\gdiplus.dll
2008-06-14 12:45 . 2005-07-22 10:43     1,233,920       --a------       C:\\WINDOWS\\system32\\msxml4.dll
2008-06-14 12:45 . 2005-09-26 22:55     419,240 --a------       C:\\WINDOWS\\system32\\Vsflex7L.ocx
2008-06-14 12:45 . 2000-05-22 00:00     244,416 --a------       C:\\WINDOWS\\system32\\Msflxgrd.ocx
2008-06-14 12:45 . 2005-11-24 11:34     82,432  --a------       C:\\WINDOWS\\system32\\msxml4r.dll
2008-06-14 12:45 . 2005-10-04 10:39     44,544  --a------       C:\\WINDOWS\\system32\\msxml4a.dll
2008-06-14 12:45 . 2005-06-28 22:12     36,864  --a------       C:\\WINDOWS\\system32\\CSDLGE1LIB.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:54        4       ----a-w C:\\Program Files\\is.dat
2008-07-06 16:54        ---------       d-----w C:\\Documents and Settings\\Ola\\Dane aplikacji\\Skype
2008-07-06 16:50        ---------       d-----w C:\\Documents and Settings\\Ola\\Dane aplikacji\\skypePM
2008-07-06 13:20        ---------       d-----w C:\\Documents and Settings\\Ola\\Dane aplikacji\\AVG7
2008-07-06 10:17        16,384  ----a-w C:\\Program Files\\uik.dat
2008-07-06 09:41        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Grisoft
2008-07-04 19:58        ---------       d-----w C:\\Documents and Settings\\Ola\\Dane aplikacji\\GanymedeNet
2008-07-03 16:58        ---------       d-----w C:\\Program Files\\Ganymede
2008-06-14 10:46        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2007-12-06 19:20        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
2004-10-01 14:00        40,960  ----a-w C:\\Program Files\\Uninstall_CDS.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2002-01-09 16:04        1470488 --a------       C:\\Program Files\\Wisdom-soft\\tbWis1.dll
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
\"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}\"= \"C:\\Program Files\\Wisdom-soft\\tbWis1.dll\" [2002-01-09 16:04 1470488]
 
[HKEY_CLASSES_ROOT\\clsid\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
\"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}\"= \"C:\\Program Files\\Wisdom-soft\\tbWis1.dll\" [2002-01-09 16:04 1470488]
 
[HKEY_CLASSES_ROOT\\clsid\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2006-03-02 14:00 15360]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-11-14 12:54 2131392]
\"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2007-12-12 16:23 21686568]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2006-06-01 11:22 7618560]
\"SoundMAXPnP\"=\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\" [2006-12-18 15:34 868352]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\" [2007-09-25 02:11 132496]
\"AVG7_CC\"=\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" [2008-04-25 09:58 579584]
\"BEWINTERNET-PLSessionManager\"=\"C:\\Program Files\\OrangeBS\\BEWInternet-PL\\SessionManager\\SessionManager.exe\" [2007-07-24 19:03 102400]
\"!AVG Anti-Spyware\"=\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" [2007-06-11 11:25 6731312]
\"MSConfig\"=\"C:\\WINDOWS\\pchealth\\helpctr\\Binaries\\MSCONFIG.EXE\" [2006-03-02 14:00 159744]
\"nwiz\"=\"nwiz.exe\" [2006-06-01 11:22 1519616 C:\\WINDOWS\\system32\\nwiz.exe]
\"NvMediaCenter\"=\"NvMCTray.dll\" [2006-06-01 11:22 86016 C:\\WINDOWS\\system32\\nvmctray.dll]
\"Resume copy\"=\"copyfstq.exe\" [2002-03-24 13:54 46080 C:\\WINDOWS\\COPYFSTQ.EXE]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2006-03-02 14:00 15360]
\"AVG7_Run\"=\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe\" [2008-01-29 23:23 219136]
 
C:\\Documents and Settings\\Ola\\Menu Start\\Programy\\Autostart\\
spy.exe [2004-12-14 12:34:58 32768]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
\"msacm.divxa32\"= msaud32_divx.acm
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Ola^Menu Start^Programy^Autostart^spy.bak]
path=C:\\Documents and Settings\\Ola\\Menu Start\\Programy\\Autostart\\spy.bak
backup=C:\\WINDOWS\\pss\\spy.bakStartup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Ola^Menu Start^Programy^Autostart^spy.exe]
path=C:\\Documents and Settings\\Ola\\Menu Start\\Programy\\Autostart\\spy.exe
backup=C:\\WINDOWS\\pss\\spy.exeStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\\WINDOWS\\system32\\NeroCheck.exe
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\NVIDIA Corporation\\\\NetworkAccessManager\\\\Apache Group\\\\Apache2\\\\bin\\\\Apache.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\NAPI-PROJEKT\\\\napisy.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\dpvsetup.exe\"=
\"C:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avginet.exe\"=
\"C:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avgamsvr.exe\"=
\"C:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avgcc.exe\"=
\"C:\\\\Program Files\\\\Grisoft\\\\AVG7\\\\avgemc.exe\"=
\"C:\\\\Program Files\\\\OrangeBS\\\\BEWInternet-PL\\\\Connectivity\\\\ConnectivityManager.exe\"=
\"C:\\\\Documents and Settings\\\\Ola\\\\Menu Start\\\\Programy\\\\Autostart\\\\spy.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"8461:TCP\"= 8461:TCP:GoD High Port
\"8462:TCP\"= 8462:TCP:GoD Low Port
 
R2 NwSapAgent;Agent SAP;C:\\WINDOWS\\system32\\svchost.exe [2006-03-02 14:00]
R3 RT2400PCI;802.11b WLAN PCI;C:\\WINDOWS\\system32\\DRIVERS\\RT2400.sys [2003-10-31 09:47]
S3 GTFFBUS;GT FF BUS;C:\\WINDOWS\\system32\\DRIVERS\\gtffbus.sys [2007-01-15 16:48]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\\WINDOWS\\system32\\DRIVERS\\Gtm51Irp.sys [2007-01-15 16:48]
S3 GTPTSER;GT PT SER;C:\\WINDOWS\\system32\\DRIVERS\\gtptser.sys [2007-01-15 16:48]
S3 GTUQBUS;GT UQ BUS;C:\\WINDOWS\\system32\\DRIVERS\\gtuqbus.sys [2007-01-15 16:48]
 
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 19:42:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\\system\\ControlSet002\\Services\\ASFWHide]
\"ImagePath\"=\"\\??\\C:\\DOCUME~1\\Ola\\USTAWI~1\\Temp\\ASFWHide\"
.
Completion time: 2008-07-06 19:42:57
ComboFix-quarantined-files.txt  2008-07-06 17:42:53
ComboFix2.txt  2008-07-06 11:52:45
 
Pre-Run: 14,604,210,176 bajtów wolnych
Post-Run: 14,644,183,040 bajtów wolnych
 
132     --- E O F ---   2008-02-14 22:31:46
 
Wygenerowano w 0.068s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!