wklejto.pl

Dodane przez: moria (2008-07-10 00:32) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
ComboFix 08-07-09.2 - Dorota 2008-07-10  0:35:31.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.934 [GMT 2:00]
Running from: E:\\Programy_moje\\ComboFix\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-09 to 2008-07-09  )))))))))))))))))))))))))))))))
.
 
2008-07-09 22:06 . 2004-08-04 14:00     25,088  --a------       C:\\WINDOWS\\system32\\userinit.exe
2008-07-09 22:06 . 2004-08-04 14:00     25,088  --a--c---       C:\\WINDOWS\\system32\\dllcache\\userinit.exe
2008-07-08 22:39 . 2008-07-08 22:39     54,156  --ah-----       C:\\WINDOWS\\QTFont.qfn
2008-07-08 22:39 . 2008-07-08 22:39     1,409   --a------       C:\\WINDOWS\\QTFont.for
2008-06-12 09:21 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-12 09:21 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 19:40        ---------       d-----w C:\\Documents and Settings\\Dorota\\Dane aplikacji\\SiteAdvisor
2008-06-30 20:54        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-06-29 17:08        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\DVD Shrink
2008-06-28 10:09        ---------       d-----w C:\\Program Files\\SiteAdvisor
2008-06-28 10:08        ---------       d-----w C:\\Program Files\\Yahoo!
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-16 23:22        25,992  ----a-w C:\\WINDOWS\\system32\\pgdfgsvc.exe
2008-06-16 22:50        ---------       d-----w C:\\Documents and Settings\\Dorota\\Dane aplikacji\\OpenOffice.ux.pl2
2008-05-13 22:02        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Microsoft Help
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-23 07:20        826,368 ----a-w C:\\WINDOWS\\system32\\wininet.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
\"Odkurzacz-MCD\"=\"E:\\Programy_moje\\Odkurzacz_10.9\\Odkurzacz\\odk_mcd.exe\" [2007-05-03 10:02 264704]
\"PowerArchiver Tray\"=\"E:\\Programy_moje\\PowerArchiver2007\\PASTARTER.EXE\" [2008-01-24 19:37 141352]
\"SpybotSD TeaTimer\"=\"E:\\Programy_moje\\Spy&Bot\\Spybot - Search & Destroy\\TeaTimer.exe\" [2008-01-28 11:43 2097488]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NVMixerTray\"=\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\" [2004-06-03 21:51 131072]
\"ATIPTA\"=\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\" [2005-08-30 22:05 344064]
\"HPDJ Taskbar Utility\"=\"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe\" [2003-07-28 15:43 188416]
\"HP Software Update\"=\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\" [2003-06-25 12:24 49152]
\"HP Component Manager\"=\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\" [2003-10-23 20:51 233472]
\"DeviceDiscovery\"=\"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe\" [2003-05-21 19:37 229437]
\"avast!\"=\"E:\\PROGRA~1\\Avast\\ashDisp.exe\" [2008-05-16 01:19 79224]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 14:00 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2004-12-14 15:44:06 29696]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinFast Schedule]
--a------ 2006-01-12 16:54 327680 C:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"E:\\\\Programy_moje\\\\Microsoft_Office_2007\\\\Office12\\\\ONENOTE.EXE\"=
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 DiskMgkS;DiskMagik Service;E:\\Programy_moje\\DiscMagik_2.2.0\\DiskMgkS.exe [2007-12-14 01:34]
S3 AC2003;AC2003;C:\\WINDOWS\\system32\\Drivers\\AC2003.sys [2004-07-12 05:57]
S3 bd5de130-2d2f-4843-8a36-5b730a3070b0;bd5de130-2d2f-4843-8a36-5b730a3070b0;G:\\Player\\cds300.dll []
S3 WFIOCTL;WFIOCTL;C:\\Program Files\\WinFast\\WFTVFM\\WFIOCTL.SYS [2005-01-06 17:55]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{81815acf-7d65-11db-be54-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Autorun.exe root.ini
 
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-SiteAdvisor - C:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 00:36:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-10  0:37:01
ComboFix-quarantined-files.txt  2008-07-09 22:36:56
 
Pre-Run: 10,088,919,040 bajtów wolnych
Post-Run: 10,094,182,400 bajtów wolnych
 
89      --- E O F ---   2008-07-08 23:33:06
 
Wygenerowano w 0.025s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!