wklejto.pl

Dodane przez: ~buolax (2008-07-07 17:44) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
ComboFix 08-07-05.1 - 1 2008-07-07 17:16:15.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.39 [GMT 2:00]Running from: C:\\Documents and Settings\\1\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\1\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\axrfgvek.dll
C:\\WINDOWS\\mrvtdpqe.exe
C:\\WINDOWS\\system32\\gonncriw.ini
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\axrfgvek.dll
C:\\WINDOWS\\mrvtdpqe.exe
C:\\WINDOWS\\system32\\gonncriw.ini
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.
 
2008-07-01 21:06 . 2008-07-01 21:06     <DIR>   d--------       C:\\Documents and Settings\\irmina\\Dane aplikacji\\AdobeAUM
2008-06-11 11:45 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-11 11:45 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-06-09 07:37 . 2008-06-09 07:48     <DIR>   d--------       C:\\Documents and Settings\\irmina\\Dane aplikacji\\HP
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 09:51        ---------       d-----w C:\\Program Files\\Opera
2008-06-15 20:28        ---------       d-----w C:\\Documents and Settings\\irmina\\Dane aplikacji\\MEGAUPLOADTOOLBAR
2008-06-02 07:58        ---------       d-----w C:\\Program Files\\FotoSender
2008-05-26 09:56        ---------       d-----w C:\\Documents and Settings\\irmina\\Dane aplikacji\\AdobeUM
2008-05-15 16:52        ---------       d-----w C:\\Documents and Settings\\irmina\\Dane aplikacji\\HPAppData
2008-05-08 12:28        202,752 ----a-w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
2007-01-14 17:49        168     -csh--r C:\\WINDOWS\\system32\\1F5AA63849.sys
2007-01-14 17:55        15,860  -csha-w C:\\WINDOWS\\system32\\KGyGaAvL.sys
.
 
------- Sigcheck -------
 
2004-08-04 02:44  30208  87c1709bba3683bcb54cd14bf7cea7b5       C:\\WINDOWS\\system32\\ctfmon.exe
2004-08-04 02:44  30208  87c1709bba3683bcb54cd14bf7cea7b5       C:\\WINDOWS\\system32\\dllcache\\ctfmon.exe
2004-08-04 02:44  15360  cbfa30492d70ce3938d8a7783d0c0436       C:\\WINDOWS\\XPize\\Backup\\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Documents and Settings\\natalia\\Moje dokumenty\\Gadu-Gadu\\gg.exe\" [2007-07-09 09:39 2119104]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"avast!\"=\"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2007-12-04 15:00 79224]
\"Sony Ericsson PC Suite\"=\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" [2006-11-24 01:06 487424]
\"Adobe Photo Downloader\"=\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\" [2005-06-06 23:46 57344]
\"NeroCheck\"=\"C:\\WINDOWS\\system32\\\\NeroCheck.exe\" [2001-07-09 10:50 155648]
\"HP Software Update\"=\"F:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2007-03-11 22:34 49152]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"SoundMan\"=\"SOUNDMAN.EXE\" [2004-02-09 18:54 65024 C:\\WINDOWS\\SOUNDMAN.EXE]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 02:44 30208]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Gamma Loader.lnk - C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2008-02-19 11:45:49 113664]
HP Digital Imaging Monitor.lnk - F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2007-03-11 21:26:24 210520]
=
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSN Sniffer]
 [X]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\\Program Files\\Messenger\\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroCheck]
--------- 2001-07-09 10:50 155648 C:\\WINDOWS\\system32\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
--a--c--- 2005-08-26 19:14 36975 C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\\Program Files\\Winamp\\winampa.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
\"FirewallOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Documents and Settings\\\\natalia\\\\Moje dokumenty\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
 
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
 
*Newly Created Service* - CATCHME
.
Contents of the \'Scheduled Tasks\' folder
\"2008-06-07 07:36:25 C:\\WINDOWS\\Tasks\\AppleSoftwareUpdate.job\"
- C:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 17:20:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-07 17:36:45
ComboFix-quarantined-files.txt  2008-07-07 15:36:15
ComboFix2.txt  2008-07-07 14:54:21
 
Pre-Run: 863,948,800 bajtów wolnych
Post-Run: 871,735,296 bajtów wolnych
 
105     --- E O F ---   2008-06-20 20:48:24
 
Wygenerowano w 0.044s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!