wklejto.pl

Dodane przez: ~petervs (2008-07-07 16:56) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
ComboFix 08-07-05.1 - piotrb 2008-07-07 15:50:27.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.405 [GMT 1:00]Running from: C:\\Documents and Settings\\piotrb\\Desktop\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\piotrb\\Desktop\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\system32\\avgsafe.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\avgsafe.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.
 
2008-07-07 12:00 . 2008-07-07 12:09     <DIR>   d--------       C:\\Program Files\\a-squared Anti-Malware
2008-07-07 11:03 . 2008-07-07 11:03     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-07-07 11:03 . 2008-07-07 11:03     <DIR>   d--------       C:\\WINDOWS\\LastGood
2008-07-07 11:03 . 2008-07-07 11:03     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2008-07-07 10:21 . 2008-07-07 10:21     26,624  --a------       C:\\WINDOWS\\system32\\avirasafe.dll
2008-07-07 10:21 . 2008-07-07 10:21     26,624  --a------       C:\\WINDOWS\\system32\\avg_ss.dll
2008-07-07 09:44 . 2008-07-07 10:02     <DIR>   d--------       C:\\Program Files\\SkanerOnline
2008-07-07 09:38 . 2008-07-07 12:26     <DIR>   d--------       C:\\Program Files\\Passware
2008-07-04 09:52 . 2008-07-04 09:52     <DIR>   d--------       C:\\Program Files\\FDBES
2008-07-04 09:39 . 2008-07-04 09:39     <DIR>   d--------       C:\\Program Files\\AnswerWorks 4.0
2008-07-02 09:18 . 2008-07-02 09:18     <DIR>   d--------       C:\\Program Files\\WexTech
2008-07-02 09:18 . 2008-07-02 09:18     <DIR>   d--------       C:\\Program Files\\Common Files\\LHSPF
2008-07-02 09:18 . 2008-07-02 09:18     <DIR>   d--------       C:\\Documents and Settings\\piotrb\\WINDOWS
2008-07-02 09:18 . 2000-05-02 10:03     225,280 --a------       C:\\WINDOWS\\system32\\awrtl30.dll
2008-07-02 09:18 . 1998-08-04 11:22     111,616 ---------       C:\\WINDOWS\\system32\\Ltih30tb.dll
2008-07-02 09:10 . 2008-07-02 09:18     <DIR>   d--------       C:\\Program Files\\Common Files\\Wextech Shared
2008-07-02 09:10 . 2008-07-04 09:18     <DIR>   d--------       C:\\Program Files\\AutoCAD 2002
2008-06-24 11:42 . 2008-06-24 11:42     <DIR>   d--------       C:\\Program Files\\ProLingo
2008-06-24 11:36 . 2008-06-24 11:36     <DIR>   d--------       C:\\Program Files\\Veneficium Ltd
2008-06-24 11:36 . 2006-06-06 01:08     67,472  --a------       C:\\WINDOWS\\UnDeploy.exe
2008-06-13 15:39 . 2008-06-13 15:39     <DIR>   d--------       C:\\Program Files\\Danfoss
2008-06-13 12:27 . 2008-06-13 12:27     <DIR>   d--------       C:\\Program Files\\Orban
2008-06-12 16:25 . 2008-06-12 16:25     <DIR>   d--------       C:\\Program Files\\MeeSoft
2008-06-12 15:56 . 2008-06-12 15:56     <DIR>   d--------       C:\\Office10
2008-06-11 13:33 . 2008-06-11 13:35     <DIR>   d--------       C:\\Program Files\\InstalSoft
2008-06-10 14:31 . 2008-06-10 14:31     <DIR>   d--------       C:\\Program Files\\Crystal Decisions
2008-06-10 14:17 . 2008-06-10 14:25     <DIR>   d--------       C:\\Program Files\\Heva24
2008-06-10 12:04 . 2001-09-06 10:00     1,700,352       --a------       C:\\WINDOWS\\system32\\gdiplus.dll
2008-06-10 12:04 . 2007-06-25 14:02     475,136 --a------       C:\\WINDOWS\\system32\\SkinCrafter2.dll
2008-06-09 08:49 . 2004-08-04 00:56     21,504  --a------       C:\\WINDOWS\\system32\\hidserv.dll
2008-06-09 08:49 . 2004-08-04 00:56     21,504  --a--c---       C:\\WINDOWS\\system32\\dllcache\\hidserv.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 15:29        ---------       d-----w C:\\Documents and Settings\\All Users\\Application Data\\Fluid Desk Sp. z o.o
2008-07-04 08:47        ---------       d-----w C:\\Program Files\\Common Files\\Autodesk Shared
2008-07-04 08:37        ---------       d-----w C:\\Program Files\\Autodesk
2008-07-04 08:37        ---------       d-----w C:\\Documents and Settings\\All Users\\Application Data\\Autodesk
2008-07-02 09:01        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\Autodesk
2008-06-30 16:05        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-13 14:39        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-12 12:55        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\Skype
2008-06-12 12:30        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\skypePM
2008-06-10 10:21        ---------       d-----w C:\\Program Files\\Microsoft Bootvis
2008-06-05 10:13        ---------       d-----w C:\\Program Files\\Advanced Grapher
2008-06-03 09:18        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\InstallShield
2008-05-19 14:00        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\Bricsys
2008-05-19 13:58        ---------       d-----w C:\\Program Files\\Bricsys
2008-05-19 13:47        ---------       d-----w C:\\Program Files\\Common Files\\Bricsys
2008-05-15 08:45        ---------       d-----w C:\\Program Files\\Foxit Software
2008-05-15 08:15        ---------       d-----w C:\\Documents and Settings\\piotrb\\Application Data\\AdobeUM
2008-04-18 10:11        253,116 ----a-w C:\\WINDOWS\\PDFCreator_Toolbar_Uninstaller_9015.exe
2008-04-18 10:11        14,290  -c--a-w C:\\Program Files\\settings.dat
2008-03-27 12:23        32      ----a-w C:\\Documents and Settings\\All Users\\Application Data\\ezsid.dat
2001-11-23 04:08        712,704 -c--a-w C:\\WINDOWS\\inf\\OTHER\\AUDIO3D.DLL
.
 
(((((((((((((((((((((((((((((   snapshot@2008-07-07_10.34.59.76   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 11:27:16   213,048 ----a-w C:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavss.dll
+ 2007-08-29 14:47:20   94,208  ----a-w C:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavuninstall.exe
+ 2007-08-29 14:49:54   950,272 ----a-w C:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavwebscan.dll
+ 2008-07-07 11:12:48   56,426,043      ----a-w C:\\WINDOWS\\TEMP\\a2cache_2409460E.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 13:00 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SiSUSBRG\"=\"C:\\WINDOWS\\SiSUSBrg.exe\" [2002-07-12 11:15 106496]
\"SiS Windows KeyHook\"=\"C:\\WINDOWS\\system32\\keyhook.exe\" [2003-10-30 14:09 249856]
\"Kaseya Agent Service Helper\"=\"C:\\Program Files\\Kaseya\\Agent\\KaUsrTsk.exe\" [2007-06-04 20:04 192512]
\"OfficeScanNT Monitor\"=\"C:\\Program Files\\Trend Micro\\Client Server Security Agent\\pccntmon.exe\" [2007-10-29 12:17 398784]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"a-squared\"=\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\" [2008-06-03 12:37 2131600]
\"PCTVOICE\"=\"pctspk.exe\" [2003-07-17 20:01 180224 C:\\WINDOWS\\system32\\pctspk.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"TSClientMSIUninstaller\"=\"C:\\WINDOWS\\Installer\\TSClientMsiTrans\\tscuinst.vbs\" [2006-11-07 09:06 12451]
 
C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\\Program Files\\Common Files\\Autodesk Shared\\acstart16.exe [2004-02-25 05:35:22 10872]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"NoWelcomeScreen\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\software\\policies\\microsoft\\windows\\windowsupdate\\au]
\"NoAutoUpdate\"= 1 (0x1)
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\EnglishPolishDictionary]
--a------ 2008-05-22 10:47 610304 C:\\Program Files\\ProLingo\\English Polish Dictionary\\ProLingoDictionary.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\\Program Files\\Skype\\Phone\\Skype.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\TrendAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\TrendFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
 
R2 KaseyaAgent;Kaseya Agent;C:\\Program Files\\Kaseya\\Agent\\AgentMon.exe [2007-06-04 19:52]
R2 Machnm32;Machnm32 Driver;C:\\WINDOWS\\System32\\Machnm32.sys [2006-12-20 09:00]
R3 KAPFA;KAPFA;C:\\WINDOWS\\system32\\drivers\\KAPFA.SYS [2007-05-11 09:31]
S2 CADopia License Manager;CADopia License Manager;C:\\PROGRA~1\\CADopia\\CADOPI~1\\LicenseManager\\lmgrd.exe [2004-02-04 13:47]
 
*Newly Created Service* - A2ANTIMALWARE
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:56:14
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-07 15:59:27
ComboFix-quarantined-files.txt  2008-07-07 14:58:30
ComboFix2.txt  2008-07-07 09:51:27
ComboFix3.txt  2008-07-07 09:36:21
 
Pre-Run: 17,114,943,488 bytes free
Post-Run: 17,126,633,472 bytes free
 
140
 
Wygenerowano w 0.065s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!