wklejto.pl

Dodane przez: ~mati (2008-07-10 13:22) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
ComboFix 08-07-08.9 - wini 2008-07-10 13:24:18.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.172 [GMT 2:00]
Running from: C:\\Documents and Settings\\wini\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\wini\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\RECYCLER\\S-1-5-21-1482476501-1644491937-682003330-1013\\iuhx32.exe
C:\\WINDOWS\\system32\\wans.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\wans.exe
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_WANS
-------\\Service_WANS
 
 
(((((((((((((((((((((((((   Files Created from 2008-06-10 to 2008-07-10  )))))))))))))))))))))))))))))))
.
 
2008-07-09 12:28 . 2008-07-09 12:28     <DIR>   d--------       C:\\Program Files\\Common Files\\Funk Software
2008-07-09 12:28 . 2006-10-12 12:32     123,392 --a------       C:\\WINDOWS\\system32\\dzip32.dll
2008-07-09 12:28 . 2006-10-12 12:32     20,096  --a------       C:\\WINDOWS\\system32\\drivers\\PCASp50.SYS
2008-07-09 12:28 . 2006-10-12 12:32     2,504   --a------       C:\\WINDOWS\\system32\\drivers\\PCANDIS5.INF
2008-07-04 09:16 . 2008-07-04 09:16     <DIR>   d--------       C:\\Program Files\\Bullzip
2008-07-04 09:16 . 2008-04-22 08:19     187,392 --a------       C:\\WINDOWS\\system32\\bzpdf.dll
2008-07-04 09:16 . 2008-04-02 08:13     147,456 --a------       C:\\WINDOWS\\system32\\bzpdfc.dll
2008-07-03 14:55 . 2008-07-10 11:43     <DIR>   d--------       C:\\BMW M3 Challenge
2008-07-02 11:46 . 2007-07-30 19:19     38,232  --a------       C:\\WINDOWS\\system32\\wucltui.dll.mui
2008-07-02 11:46 . 2007-07-30 19:20     30,040  --a------       C:\\WINDOWS\\system32\\wuaucpl.cpl.mui
2008-07-02 11:46 . 2007-07-30 19:20     30,040  --a------       C:\\WINDOWS\\system32\\wuapi.dll.mui
2008-07-02 11:46 . 2007-07-30 19:18     21,336  --a------       C:\\WINDOWS\\system32\\wuaueng.dll.mui
2008-07-02 11:35 . 2008-07-02 11:35     <DIR>   d--------       C:\\WINDOWS\\system32\\pl-pl
2008-07-02 11:31 . 2008-07-02 11:33     1,355   --a------       C:\\WINDOWS\\imsins.BAK
2008-07-01 13:56 . 2008-07-01 13:57     <DIR>   d--------       C:\\Program Files\\Executive Software
2008-07-01 09:05 . 2008-02-11 08:05     628,224 --ahs----       C:\\WINDOWS\\system32\\Juchde.exe
2008-07-01 09:05 . 2007-03-23 16:52     56,552  --ahs----       C:\\WINDOWS\\system32\\Juchdp.exe
2008-07-01 09:05 . 2005-04-09 21:12     30,720  --a------       C:\\WINDOWS\\system32\\reotspnwy.dll
2008-07-01 09:05 . 2008-07-01 07:04     30,512  --ahs----       C:\\WINDOWS\\system32\\brecxar.CPX
2008-07-01 09:05 . 2008-03-04 08:55     24,493  --ahs----       C:\\WINDOWS\\system32\\erecxar.CPX
2008-07-01 09:05 . 2008-05-22 08:20     21,031  --ahs----       C:\\WINDOWS\\system32\\arecxar.CPX
2008-07-01 09:05 . 2007-03-05 23:59     8,091   --ahs----       C:\\WINDOWS\\system32\\crecxar.CPX
2008-07-01 09:05 . 2008-07-10 13:27     4,663   --ahs----       C:\\WINDOWS\\system32\\wrda.sys
2008-07-01 09:05 . 2008-07-01 09:11     391     --ahs----       C:\\WINDOWS\\system32\\vburcs.cmd
2008-07-01 09:05 . 2008-07-01 07:53     282     --ahs----       C:\\WINDOWS\\system32\\dremxar.CPX
2008-06-30 10:08 . 2008-07-10 11:36     <DIR>   d--------       C:\\WINDOWS\\system32\\drive
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Program Files\\QuickTime
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Program Files\\iTunes
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Program Files\\iPod
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Documents and Settings\\wini\\Dane aplikacji\\Apple Computer
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\QuickTime
2008-06-13 09:19 . 2008-06-13 09:19     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple Computer
2008-06-13 09:19 . 1999-11-10 12:05     86,016  --a------       C:\\WINDOWS\\unvise32qt.exe
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 10:28        ---------       d-----w C:\\Program Files\\SmartCom
2008-07-09 10:28        ---------       d-----w C:\\Program Files\\Common Files\\SmartCom
2008-07-01 22:11        ---------       d-----w C:\\Program Files\\PokerStars
2008-06-13 07:20        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-05-27 13:19        ---------       d-----w C:\\Program Files\\Ashampoo
2008-05-27 13:10        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-05-27 12:39        ---------       d-----w C:\\Program Files\\Spybot - Search & Destroy
2008-05-12 10:06        ---------       d-----w C:\\Documents and Settings\\wini\\Dane aplikacji\\Bullzip
2008-02-11 06:05        628,224 --sha-w C:\\WINDOWS\\system32\\Juchde.exe
2007-03-23 14:52        56,552  --sha-w C:\\WINDOWS\\system32\\Juchdp.exe
.
 
(((((((((((((((((((((((((((((   snapshot@2008-07-10_12.53.28,71   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 09:45:38   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2008-07-10 11:26:49   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2005-10-20 18:02:28   163,328 ----a-w C:\\WINDOWS\\erdnt\\subs\\ERDNT.EXE
+ 2008-07-10 11:27:19   16,384  ----atw C:\\WINDOWS\\Temp\\Perflib_Perfdata_1f4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
\"RTEGPRS\"=\"C:\\Program Files\\Common Files\\SmartCom\\RTEGPRS.exe\" [2006-10-12 12:32 2670592]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 14:00 15360]
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Ashampoo AntiVirus Service.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Ashampoo AntiVirus Service.lnk
backup=C:\\WINDOWS\\pss\\Ashampoo AntiVirus Service.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^desktop.ini]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\desktop.ini
backup=C:\\WINDOWS\\pss\\desktop.iniCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\HP Digital Imaging Monitor.lnk
backup=C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^wini^Menu Start^Programy^Autostart^desktop.ini]
path=C:\\Documents and Settings\\wini\\Menu Start\\Programy\\Autostart\\desktop.ini
backup=C:\\WINDOWS\\pss\\desktop.iniStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AVKTray]
--a------ 2007-10-11 11:24 603720 C:\\Program Files\\G DATA AntiVirus Trial\\AVKTray\\AVKTray.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Boingo Wireless Software]
--a------ 2006-09-18 12:30 1144400 C:\\Program Files\\Boingo\\Boingo Wireless Software\\Boingo.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\EdHTML]
--a------ 2003-03-24 18:38 1443328 C:\\Program Files\\Binboy\\EdHTMLv5.0\\EdHTML.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
--a------ 2005-05-12 00:12 49152 c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\\Program Files\\Messenger\\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services]
\"Diskeeper\"=2 (0x2)
\"Boingo WMonitor\"=3 (0x3)
\"Boingo Wireless Engine\"=3 (0x3)
\"AVKWCtl\"=2 (0x2)
\"avGuard\"=2 (0x2)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpofxm08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposfx08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqscnvw.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqCopy.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpfccopy.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpzwiz01.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqPhUnl.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqDIA.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpoews01.exe\"=
\"C:\\\\Program Files\\\\Electronic Arts\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\iTunes\\\\iTunes.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\drive\\\\calling.com\"=
\"C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"19942:TCP\"= 19942:TCP:BitComet 19942 TCP
\"19942:UDP\"= 19942:UDP:BitComet 19942 UDP
 
R1 Hotkey;Hotkey;C:\\WINDOWS\\system32\\drivers\\Hotkey.sys [2003-04-28 12:27]
R2 AVKService;G DATA Scheduler;C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\AVKService.exe [2007-09-27 15:10]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\\WINDOWS\\system32\\drivers\\GDTdiIcpt.sys [2008-04-01 23:48]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\\WINDOWS\\system32\\DRIVERS\\odysseyIM4.sys [2005-06-10 07:55]
S1 Wbutton;Wbutton;C:\\WINDOWS\\system32\\drivers\\Wbutton.sys []
S2 SRVStarter_Lerex;Service Starter: Lerex;C:\\WINDOWS\\system32\\Juchdp.exe [2007-03-23 16:52]
S2 SRVStarter_nerw;Service Starter: nerw;C:\\WINDOWS\\system32\\Juchdp.exe [2007-03-23 16:52]
S3 AshAvScan;AshAvScan;C:\\WINDOWS\\system32\\DRIVERS\\AshAvScan.sys [2008-03-12 15:38]
S3 GDMnIcpt;GDMnIcpt;C:\\WINDOWS\\system32\\drivers\\MiniIcpt.sys [2008-04-01 23:48]
S3 HookCentre;HookCentre;C:\\WINDOWS\\system32\\drivers\\HookCentre.sys [2008-04-01 23:48]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\\WINDOWS\\system32\\DRIVERS\\ewusbmdm.sys [2006-11-09 09:35]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;C:\\WINDOWS\\system32\\DRIVERS\\ewusbapp.sys [2006-11-09 09:35]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\\WINDOWS\\system32\\DRIVERS\\ewusbser.sys [2006-11-09 09:35]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\\WINDOWS\\system32\\Drivers\\PCASp50.sys [2006-10-12 12:32]
S4 avGuard;avGuard Service;C:\\Program Files\\Ashampoo\\Ashampoo AntiVirus\\ashAvSrv.exe [2008-03-10 13:42]
S4 AVKWCtl;Strażnik AntiVirus;C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\AVKWCtl.exe [2007-10-08 11:43]
S4 Boingo Wireless Engine;Boingo Wireless Engine;C:\\Program Files\\Boingo\\Boingo Wireless Software\\WENGINE2\\BWEngine.exe [2006-09-06 17:42]
S4 Boingo WMonitor;Boingo WMonitor;C:\\Program Files\\Boingo\\Boingo Wireless Software\\WENGINE2\\WMonitor.exe [2006-09-06 17:42]
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 13:27:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\SRVStarter_Lerex]
\"ImagePath\"=\"\\\"C:\\WINDOWS\\system32\\Juchdp.exe\\\" /Name:SRVStarter_Lerex /App:\\\"C:\\WINNT\\system32\\Juchde.exe\\\"\"
 
[HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\SRVStarter_nerw]
\"ImagePath\"=\"\\\"C:\\WINDOWS\\system32\\Juchdp.exe\\\" /Name:SRVStarter_nerw /App:\\\"C:\\WINDOWS\\system32\\Juchde.exe\\\"\"
.
------------------------ Other Running Processes ------------------------
.
C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAANTMon.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\snmp.exe
C:\\WINDOWS\\system32\\Juchde.exe
.
**************************************************************************
.
Completion time: 2008-07-10 13:28:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-10 11:28:56
ComboFix2.txt  2008-07-10 11:14:30
ComboFix3.txt  2008-07-10 10:53:38
 
Pre-Run: 60,577,701,888 bajtów wolnych
Post-Run: 60,508,450,816 bajt˘w wolnych
 
194
 
Wygenerowano w 0.099s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!