wklejto.pl

Dodane przez: ~a (2008-07-11 12:56) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
ComboFix 08-07-10.1 - Sylwia&Romek 2008-07-11 12:50:58.4 - NTFSx86
Running from: C:\\Documents and Settings\\Sylwia&Romek\\Pulpit\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-11 to 2008-07-11  )))))))))))))))))))))))))))))))
.
 
2008-07-09 12:28 . 2008-01-15 10:44     109,568 -ra------       C:\\WINDOWS\\system32\\drivers\\zebrmdm.sys
2008-07-09 12:28 . 2008-01-15 10:44     91,264  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrsce.sys
2008-07-09 12:28 . 2008-01-15 10:44     14,848  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrmdfl.sys
2008-07-09 12:27 . 2008-01-15 10:44     109,568 -ra------       C:\\WINDOWS\\system32\\drivers\\zebrmdmc.sys
2008-07-09 12:27 . 2008-01-15 10:44     12,160  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrcmnt.sys
2008-07-09 12:27 . 2008-01-15 10:44     12,160  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrcm.sys
2008-07-09 12:20 . 2008-01-15 10:44     83,200  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrbus.sys
2008-07-09 12:09 . 2008-01-15 10:44     63,360  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrceb.sys
2008-07-09 12:09 . 2008-01-15 10:44     12,160  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrwhnt.sys
2008-07-09 12:09 . 2008-01-15 10:44     12,160  -ra------       C:\\WINDOWS\\system32\\drivers\\zebrwh.sys
2008-07-09 12:07 . 2008-07-09 12:07     <DIR>   d--------       C:\\Program Files\\Symbian
2008-07-09 12:07 . 2008-07-09 12:07     <DIR>   d--------       C:\\Program Files\\Intuwave
2008-07-09 12:07 . 2005-06-08 15:53     288     --a------       C:\\WINDOWS\\mrinstu.iss
2008-07-09 12:06 . 2008-07-09 14:13     <DIR>   d--------       C:\\Program Files\\Sony Ericsson
2008-07-09 12:06 . 2008-07-09 12:07     <DIR>   d--------       C:\\Program Files\\Common Files\\Sony Ericsson Shared
2008-07-09 12:06 . 2008-07-09 12:06     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Teleca
2008-07-09 08:03 . 2008-04-14 00:15     32,128  --a------       C:\\WINDOWS\\system32\\drivers\\usbccgp.sys
2008-07-09 08:03 . 2008-04-14 00:15     32,128  --a--c---       C:\\WINDOWS\\system32\\dllcache\\usbccgp.sys
2008-07-07 10:02 . 2008-07-07 10:02     195,145 --a------       C:\\WINDOWS\\system32\\AdobeFnt.lst
2008-06-25 07:19 . 2008-06-25 07:19     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-06-25 07:19 . 2008-06-25 07:19     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-06-13 08:59 . 2008-06-13 09:08     <DIR>   d--------       C:\\Documents and Settings\\Sylwia&Romek\\Dane aplikacji\\Corel
2008-06-13 08:54 . 1999-02-17 13:49     1,039,360       -ra------       C:\\WINDOWS\\system32\\MSJET35.DLL
2008-06-13 08:54 . 1999-02-17 13:49     368,912 -ra------       C:\\WINDOWS\\system32\\VBAR332.DLL
2008-06-13 08:53 . 1998-09-25 13:18     607,744 ---------       C:\\WINDOWS\\system32\\Decslib.dll
2008-06-13 08:52 . 1999-03-08 08:53     28,252  ---------       C:\\WINDOWS\\corelpf.lrs
2008-06-13 08:51 . 2008-06-13 08:52     <DIR>   d--------       C:\\Program Files\\Corel
2008-06-13 08:48 . 2008-06-13 08:57     <DIR>   d--------       C:\\WINDOWS\\Corel
2008-06-12 13:34 . 2008-07-09 11:46     146     --a------       C:\\WINDOWS\\DelMR.bat
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:55        ---------       d-----w C:\\Documents and Settings\\Sylwia&Romek\\Dane aplikacji\\Ahead
2008-07-09 10:28        ---------       d-----w C:\\Documents and Settings\\Sylwia&Romek\\Dane aplikacji\\Teleca
2008-07-09 10:07        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-09 10:07        ---------       d-----w C:\\Program Files\\Common Files\\Teleca Shared
2008-07-09 10:07        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-07-09 09:46        ---------       d-----w C:\\Program Files\\SkanerOnline
2008-07-09 09:45        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Sony Ericsson
2008-07-01 12:43        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-27 06:50        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-06-25 08:25        ---------       d-----w C:\\Program Files\\Odkurzacz
2008-06-22 12:17        ---------       d-----w C:\\Documents and Settings\\Sylwia&Romek\\Dane aplikacji\\PC Suite
2008-06-05 13:19        ---------       d-----w C:\\Program Files\\microsoft frontpage
2008-05-28 07:13        0       ---ha-w C:\\WINDOWS\\system32\\drivers\\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-28 07:13        0       ---ha-w C:\\WINDOWS\\system32\\drivers\\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-28 07:02        ---------       d-----w C:\\Program Files\\Common Files\\PCSuite
2008-05-28 07:02        ---------       d-----w C:\\Program Files\\Common Files\\Nokia
2008-05-28 06:56        ---------       d-----w C:\\Program Files\\PC Connectivity Solution
2008-05-28 06:54        ---------       d-----w C:\\Program Files\\Nokia
2008-05-28 06:51        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Installations
2008-04-14 21:16        1,804   ----a-w C:\\WINDOWS\\system32\\dcache.bin
2008-04-14 20:56        332,288 ----a-w C:\\WINDOWS\\system32\\netsetup.exe
2008-04-14 20:52        92,424  ----a-w C:\\WINDOWS\\system32\\rdpdd.dll
2008-04-14 20:52        87,176  ----a-w C:\\WINDOWS\\system32\\rdpwsx.dll
2008-04-14 20:52        299,520 ----a-w C:\\WINDOWS\\system32\\drmclien.dll
2008-04-14 20:52        12,168  ----a-w C:\\WINDOWS\\system32\\tsddd.dll
2008-04-14 20:50        999,936 ----a-w C:\\WINDOWS\\system32\\syssetup.dll
2008-04-14 20:49        98,304  ----a-w C:\\WINDOWS\\system32\\actxprxy.dll
2008-04-14 20:48        5,632   ----a-w C:\\WINDOWS\\system32\\wmi.dll
2008-04-14 20:48        1,449,472       ----a-w C:\\WINDOWS\\system32\\winntbbu.dll
2008-04-14 20:47        57,375  ----a-w C:\\WINDOWS\\system32\\odbcji32.dll
2008-04-14 20:47        103,424 ----a-w C:\\WINDOWS\\system32\\dpcdll.dll
2008-04-14 20:43        4,126   ----a-w C:\\WINDOWS\\system32\\msdxmlc.dll
2008-04-14 20:42        3,584   ----a-w C:\\WINDOWS\\system32\\msafd.dll
2008-04-14 20:36        3,584   ----a-w C:\\WINDOWS\\system32\\icmp.dll
2008-04-14 20:35        9,344   ----a-w C:\\WINDOWS\\system32\\framebuf.dll
2008-04-14 20:35        569,856 ----a-w C:\\WINDOWS\\system32\\gpedit.dll
2008-04-14 20:33        3,072   ----a-w C:\\WINDOWS\\system32\\dpnlobby.dll
2008-04-14 20:33        3,072   ----a-w C:\\WINDOWS\\system32\\dpnaddr.dll
2008-04-14 20:33        24,064  ----a-w C:\\WINDOWS\\system32\\pidgen.dll
2008-04-14 20:31        16,896  ----a-w C:\\WINDOWS\\system32\\cfgmgr32.dll
2008-04-14 20:30        285,696 ----a-w C:\\WINDOWS\\system32\\atmfd.dll
2008-04-14 20:00        2,190,336       ----a-w C:\\WINDOWS\\system32\\ntoskrnl.exe
2008-04-14 19:59        2,067,200       ----a-w C:\\WINDOWS\\system32\\ntkrnlpa.exe
2008-04-14 19:55        4,096   ----a-w C:\\WINDOWS\\system32\\dsprpres.dll
2008-04-14 19:52        89,600  ----a-w C:\\WINDOWS\\system32\\msxml6r.dll
2008-04-14 19:50        80,896  ------w C:\\WINDOWS\\system32\\msshavmsg.dll
2008-04-14 19:45        49,664  ----a-w C:\\WINDOWS\\system32\\inetres.dll
2008-04-14 19:43        563,200 ----a-w C:\\WINDOWS\\system32\\shdoclc.dll
2008-04-14 19:37        10,240  ----a-w C:\\WINDOWS\\system32\\gpkrsrc.dll
2008-04-14 19:35        67,584  ----a-w C:\\WINDOWS\\system32\\browselc.dll
2008-04-14 19:35        1,845,888       ----a-w C:\\WINDOWS\\system32\\win32k.sys
2008-04-14 19:32        57,344  ----a-w C:\\WINDOWS\\system32\\mshtmler.dll
2008-04-13 22:15        17,664  ----a-w C:\\WINDOWS\\system32\\watchdog.sys
2008-04-13 22:13        9,728   ------w C:\\WINDOWS\\system32\\comsdupd.exe
2008-04-13 22:13        12,800  ----a-w C:\\WINDOWS\\system32\\spiisupd.exe
2008-04-13 22:10        427,008 ----a-w C:\\WINDOWS\\system32\\xpob2res.dll
2008-04-13 22:08        2,953,216       ----a-w C:\\WINDOWS\\system32\\xpsp2res.dll
2008-04-13 22:05        194,560 ----a-w C:\\WINDOWS\\system32\\xpsp1res.dll
2008-04-13 22:01        7,424   ----a-w C:\\WINDOWS\\system32\\kd1394.dll
2008-04-13 22:00        61,440  ------w C:\\WINDOWS\\system32\\msvcrt40.dll
2008-04-13 21:07        208,384 ----a-w C:\\WINDOWS\\system32\\rsaenh.dll
2008-04-13 21:07        138,752 ----a-w C:\\WINDOWS\\system32\\dssenh.dll
2008-04-13 20:56        12,288  ----a-w C:\\WINDOWS\\system32\\odbcp32r.dll
2008-04-13 20:56        12,288  ----a-w C:\\WINDOWS\\system32\\mscpx32r.dll
2008-04-13 20:51        733,696 ----a-w C:\\WINDOWS\\system32\\qedwipes.dll
2008-04-13 20:18        1,647,616       ----a-w C:\\WINDOWS\\system32\\winbrand.dll
2008-04-13 20:15        216,064 ----a-w C:\\WINDOWS\\system32\\moricons.dll
2008-04-13 19:53        48,128  ----a-w C:\\WINDOWS\\system32\\msprivs.dll
2008-04-13 19:09        884,736 ----a-w C:\\WINDOWS\\system32\\msimsg.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2008-04-14 22:51 15360]
\"mRouterConfig\"=\"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterConfig.exe\" [2006-03-02 11:54 290816]
\"PC Suite Tray\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe\" [2008-04-16 12:53 1079808]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATIPTA\"=\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\" [2004-05-15 22:00 335872]
\"PC Suite for Smartphones\"=\"C:\\Program Files\\Sony Ericsson\\Mobile4\\Application Launcher\\Application Launcher.exe\" [2007-12-25 14:53 548864]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2008-04-14 22:51 15360]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2008-03-26 18:41 1232896]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.l3fhg\"= mp3fhg.acm
\"VIDC.X264\"= x264vfw.dll
\"VIDC.HFYU\"= huffyuv.dll
\"vidc.i263\"= i263_32.drv
\"VIDC.YV12\"= yv12vfw.dll
\"msacm.divxa32\"= divxa32.acm
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Sylwia&Romek^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
path=C:\\Documents and Settings\\Sylwia&Romek\\Menu Start\\Programy\\Autostart\\Rejestrowanie produktów Corela.lnk
backup=C:\\WINDOWS\\pss\\Rejestrowanie produktów Corela.lnkStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mRouterConfig]
--a------ 2006-03-02 11:54 290816 C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterConfig.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Odkurzacz-MCD]
--a------ 2008-03-03 14:44 266240 C:\\Program Files\\Odkurzacz\\odk_mcd.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite for Smartphones]
-ra------ 2007-12-25 14:53 548864 C:\\Program Files\\Sony Ericsson\\Mobile4\\Application Launcher\\Application Launcher.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\\Program Files\\Winamp\\winampa.exe
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Common Files\\\\Ahead\\\\Nero Web\\\\SetupX.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Intuwave\\\\Shared\\\\mRouterRuntime\\\\mRouterRuntime.exe\"=
\"C:\\\\Program Files\\\\Sony Ericsson\\\\Mobile4\\\\Sync Manager\\\\DXP SyncML.exe\"=
\"C:\\\\Program Files\\\\Sony Ericsson\\\\Update Service\\\\Update Service.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"1335:UDP\"= 1335:UDP:Windows Media Format SDK (firefox.exe)
 
R3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;C:\\WINDOWS\\system32\\DRIVERS\\FA312nd5.sys [2001-08-17 22:12]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\\WINDOWS\\system32\\DRIVERS\\zebrceb.sys [2008-01-15 10:44]
S3 usbscan;Sterownik skanera USB;C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-14 00:15]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\\WINDOWS\\system32\\DRIVERS\\zebrbus.sys [2008-01-15 10:44]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\\WINDOWS\\system32\\DRIVERS\\zebrmdfl.sys [2008-01-15 10:44]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\\WINDOWS\\system32\\DRIVERS\\zebrmdm.sys [2008-01-15 10:44]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\\WINDOWS\\system32\\DRIVERS\\zebrmdmc.sys [2008-01-15 10:44]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\\WINDOWS\\system32\\DRIVERS\\zebrsce.sys [2008-01-15 10:44]
 
.
- - - - ORPHANS REMOVED - - - -
 
MSConfigStartUp-LanguageShortcut - C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe
MSConfigStartUp-NBKeyScan - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe
MSConfigStartUp-RemoteControl - C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 12:53:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-11 12:56:27
ComboFix-quarantined-files.txt  2008-07-11 10:56:16
ComboFix2.txt  2008-06-25 12:28:27
 
Pre-Run: 4,934,225,920 bajtów wolnych
Post-Run: 5,436,080,128 bajtów wolnych
 
198
 
Wygenerowano w 0.100s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!