wklejto.pl

Dodane przez: ~asiatz (2008-07-10 21:57) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
ComboFix 08-07-09.5 - asia 2008-07-10 21:52:18.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.110 [GMT 2:00]
Running from: C:\\Documents and Settings\\asia\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\asia\\Pulpit\\CFScript.txt
 * Created a new restore point
 * Resident AV is active
 
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\system32\\8F.tmp
C:\\WINDOWS\\system32\\Drivers\\Uae04.sys
C:\\WINDOWS\\system32\\Drivers\\Wch72.sys
C:\\WINDOWS\\system32\\WinNt64.dl_
C:\\WINDOWS\\system32\\WinNt64.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\8F.tmp
C:\\WINDOWS\\system32\\Drivers\\Uae04.sys
C:\\WINDOWS\\system32\\Drivers\\Wch72.sys
C:\\WINDOWS\\system32\\WinNt64.dl_
C:\\WINDOWS\\system32\\WinNt64.dll
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_SETUPNTGLM7X
-------\\Legacy_TCPSR
-------\\Legacy_UAE04
-------\\Legacy_WCH72
-------\\Service_SetupNTGLM7X
-------\\Service_tcpsr
-------\\Service_Uae04
-------\\Service_Wch72
 
 
(((((((((((((((((((((((((   Files Created from 2008-06-10 to 2008-07-10  )))))))))))))))))))))))))))))))
.
 
2008-07-10 12:44 . 2008-07-10 12:44     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\G DATA
2008-07-10 12:44 . 2008-07-10 12:44     45,768  --a------       C:\\WINDOWS\\system32\\drivers\\MiniIcpt.sys
2008-07-10 12:44 . 2008-07-10 12:44     41,928  --a------       C:\\WINDOWS\\system32\\drivers\\GDTdiIcpt.sys
2008-07-10 12:44 . 2008-07-10 12:44     32,072  --a------       C:\\WINDOWS\\system32\\drivers\\HookCentre.sys
2008-07-10 12:41 . 2008-07-10 12:43     <DIR>   d--------       C:\\Program Files\\G DATA AntiVirus Trial
2008-07-10 12:41 . 2008-07-10 12:43     <DIR>   d--------       C:\\Program Files\\Common Files\\G DATA
2008-07-10 12:41 . 2008-07-10 12:41     <DIR>   d--------       C:\\Documents and Settings\\asia\\Dane aplikacji\\InstallShield
2008-07-10 12:13 . 2008-07-10 12:46     <DIR>   d--------       C:\\WINDOWS\\SxsCaPendDel
2008-07-10 12:01 . 2008-07-10 12:45     121     --a------       C:\\WINDOWS\\bdagent.INI
2008-07-10 11:58 . 2008-07-10 12:02     81,984  --a------       C:\\WINDOWS\\system32\\bdod.bin
2008-07-10 10:09 . 2008-07-10 10:09     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-07-09 15:30 . 2008-07-09 15:30     <DIR>   d--------       C:\\Program Files\\Common Files\\Adobe AIR
2008-07-09 15:14 . 2008-07-09 15:14     <DIR>   d--------       C:\\WINDOWS\\Cache
2008-07-08 15:16 . 2004-08-04 00:44     13,312  --a------       C:\\WINDOWS\\system32\\glock32.exe
2008-07-07 22:34 . 2008-07-09 20:35     <DIR>   d--------       C:\\Program Files\\Speedway Meeting
2008-07-07 22:28 . 2008-07-09 20:36     249,856 ---------       C:\\WINDOWS\\Setup1.exe
2008-07-07 22:28 . 2008-07-09 20:36     73,216  --a------       C:\\WINDOWS\\ST6UNST.EXE
2008-07-05 21:43 . 2008-07-05 21:43     <DIR>   d--------       C:\\WINDOWS\\system32\\repository
2008-06-27 11:55 . 2008-06-27 11:55     <DIR>   d--------       C:\\Documents and Settings\\asia\\Dane aplikacji\\Gadu-Gadu
2008-06-27 11:54 . 2008-06-27 13:15     <DIR>   d--------       C:\\Documents and Settings\\asia\\Gadu-Gadu
2008-06-20 13:55 . 2008-06-20 15:07     <DIR>   d--------       C:\\Program Files\\OEdit
2008-06-18 18:32 . 2004-08-03 22:58     5,504   --a------       C:\\WINDOWS\\system32\\drivers\\MSTEE.sys
2008-06-18 18:32 . 2004-08-03 22:58     5,504   --a--c---       C:\\WINDOWS\\system32\\dllcache\\mstee.sys
2008-06-16 08:46 . 2004-08-04 00:44     221,184 --a------       C:\\WINDOWS\\system32\\wmpns.dll
2008-06-16 08:10 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-16 08:10 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-06-15 20:56 . 2005-06-28 10:21     22,752  --a------       C:\\WINDOWS\\system32\\spupdsvc.exe
2008-06-15 18:37 . 2008-06-15 18:37     <DIR>   d--------       C:\\Program Files\\Common Files\\DirectX
2008-06-14 08:57 . 2008-07-09 09:02     <DIR>   d--h-----       C:\\WINDOWS\\$hf_mig$
2008-06-13 07:44 . 2008-06-13 07:44     192,512 --a------       C:\\WINDOWS\\system32\\cbOCR.dll
2008-06-12 19:56 . 2008-06-12 19:59     <DIR>   d--------       C:\\Program Files\\AnMing
2008-06-12 19:39 . 2008-06-14 19:25     <DIR>   d--------       C:\\Program Files\\NCH Swift Sound
2008-06-12 19:39 . 2008-06-12 19:39     <DIR>   d--------       C:\\Documents and Settings\\asia\\Dane aplikacji\\NCH Swift Sound
2008-06-12 19:39 . 2008-06-12 19:39     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\NCH Swift Sound
2008-06-12 18:57 . 2008-06-12 18:57     <DIR>   d--------       C:\\Program Files\\Illustrate
2008-06-12 18:57 . 2008-06-12 18:57     <DIR>   d--------       C:\\Documents and Settings\\asia\\Dane aplikacji\\AccurateRip
2008-06-12 18:57 . 2008-06-12 18:56     4,230,520       --a------       C:\\WINDOWS\\system32\\SpoonUninstall.exe
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 19:58        ---------       d-----w C:\\Program Files\\neostrada tp
2008-07-10 10:41        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-09 13:29        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-07-05 16:46        ---------       d-----w C:\\Program Files\\Common Files\\DVDVideoSoft
2008-07-05 16:45        ---------       d-----w C:\\Program Files\\DVDVideoSoft
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-14 17:24        ---------       d-----w C:\\Program Files\\Kazaa Lite Rewolucja
2008-06-09 18:42        36      ----a-w C:\\Documents and Settings\\asia\\klextlock.dat
2008-06-09 14:09        ---------       d-----w C:\\Program Files\\BitTorrent
2008-06-09 13:34        ---------       d-----w C:\\Program Files\\EA Sports
2008-06-07 13:04        ---------       d-----w C:\\Program Files\\Fifa Master
2008-06-07 08:08        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\Media Player Classic
2008-06-03 11:48        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\BitTorrent
2008-06-03 11:40        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kazaa Lite
2008-06-01 18:22        ---------       d-----w C:\\Program Files\\K-Lite Codec Pack
2008-05-26 17:42        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-05-25 17:48        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\fltk.org
2008-05-24 20:55        ---------       d-----w C:\\Program Files\\Native Instruments
2008-05-24 20:45        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\Sonic Foundry
2008-05-24 20:45        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\Publish Providers
2008-05-24 20:45        ---------       d-----w C:\\Documents and Settings\\asia\\Dane aplikacji\\NetMedia Providers
2008-05-24 11:23        33      ----a-w C:\\WINDOWS\\system32\\drivers\\adidsl.cfg
2008-05-24 11:22        ---------       d-----w C:\\Program Files\\SAGEM
2008-05-24 11:22        ---------       d-----w C:\\Program Files\\Java
2008-05-24 11:22        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-05-24 11:01        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Microsoft Help
2008-05-24 11:00        ---------       d-----w C:\\Program Files\\MSBuild
2008-05-24 11:00        ---------       d-----w C:\\Program Files\\Microsoft Works
2008-05-24 10:48        ---------       d-----w C:\\Program Files\\Realtek AC97
2008-05-24 10:45        ---------       d-----w C:\\Program Files\\VIA
2008-05-24 10:17        ---------       d-----w C:\\Program Files\\microsoft frontpage
2008-05-24 10:15        ---------       d-----w C:\\Program Files\\Usługi online
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-21 07:03        662,016 ----a-w C:\\WINDOWS\\system32\\wininet.dll
.
 
(((((((((((((((((((((((((((((   snapshot@2008-07-10_20.16.10.01   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 18:11:45   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2008-07-10 19:57:56   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
- 2008-07-10 18:10:11   32,768  ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Cookies\\index.dat
+ 2008-07-10 19:56:10   32,768  ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Cookies\\index.dat
- 2008-07-10 18:10:11   98,304  ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat
+ 2008-07-10 19:56:10   131,072 ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat
- 2008-07-10 18:06:37   65,536  ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\MSHist012008071020080711\\index.dat
+ 2008-07-10 19:51:41   81,920  ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\MSHist012008071020080711\\index.dat
- 2008-07-10 18:10:11   229,376 ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat
+ 2008-07-10 19:56:10   147,456 ----a-w C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2005-07-20 21:07 7110656]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2005-07-20 21:07 86016]
\"RaidTool\"=\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\" [2004-10-11 08:54 589824]
\"GrooveMonitor\"=\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 00:47 31016]
\"WOOWATCH\"=\"C:\\PROGRA~1\\NEOSTR~1\\Watch.exe\" [2004-08-23 14:49 20480]
\"WOOTASKBARICON\"=\"C:\\PROGRA~1\\NEOSTR~1\\GestMaj.exe\" [2004-10-14 16:55 32768]
\"Glock Suite 1.1\"=\"C:\\WINDOWS\\system32\\glock32.exe\" [2004-08-04 00:44 13312]
\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\" [2008-06-12 02:38 34672]
\"AVKTray\"=\"C:\\Program Files\\G DATA AntiVirus Trial\\AVKTray\\AVKTray.exe\" [2007-10-11 11:24 603720]
\"nwiz\"=\"nwiz.exe\" [2005-07-20 21:07 1519616 C:\\WINDOWS\\system32\\nwiz.exe]
\"SoundMan\"=\"SOUNDMAN.EXE\" [2005-09-22 10:42 90112 C:\\WINDOWS\\soundman.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Gamma Loader.lnk - C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2008-05-25 21:19:04 113664]
 
[HKEY_USERS\\.default\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"NoDispBackgroundPage\"= 1 (0x1)
\"NoDispScrSavPage\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
 
R2 AVKProxy;G DATA AntiVirus Proxy;C:\\Program Files\\Common Files\\G DATA\\AVKProxy\\AVKProxy.exe [2007-10-26 11:16]
R2 AVKService;G DATA Scheduler;C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\AVKService.exe [2007-09-27 15:10]
R2 AVKWCtl;Strażnik AntiVirus;C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\AVKWCtl.exe [2007-10-08 11:43]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\\WINDOWS\\system32\\drivers\\GDTdiIcpt.sys [2008-07-10 12:44]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\\WINDOWS\\system32\\DRIVERS\\e4usbaw.sys [2006-09-19 11:03]
R3 GDMnIcpt;GDMnIcpt;C:\\WINDOWS\\system32\\drivers\\MiniIcpt.sys [2008-07-10 12:44]
R3 HookCentre;HookCentre;C:\\WINDOWS\\system32\\drivers\\HookCentre.sys [2008-07-10 12:44]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\\WINDOWS\\system32\\Drivers\\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2004-08-03 23:08]
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 21:58:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\WINDOWS\\system32\\FTRTSVC.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\PROGRA~1\\NEOSTR~1\\TaskBarIcon.exe
.
**************************************************************************
.
Completion time: 2008-07-10 22:03:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-10 20:02:04
ComboFix2.txt  2008-07-10 18:54:40
ComboFix3.txt  2008-07-10 18:17:59
 
Pre-Run: 7,134,040,064 bajtów wolnych
Post-Run: 7,130,443,776 bajt˘w wolnych
 
193     --- E O F ---   2008-07-09 08:05:07
 
Wygenerowano w 0.096s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!