wklejto.pl

Dodane przez: ~alitia (2008-07-12 16:51) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
ComboFix 08-07-11.1 - aga 2008-07-12 16:32:12.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.657 [GMT 2:00]
Running from: C:\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\winexy32.dll
C:\\WINDOWS\\system32\\winosz32.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.
 
2008-07-12 16:30 . 2008-07-12 16:30     2,611,847       --a------       C:\\ComboFix.exe
2008-07-10 22:21 . 2008-07-10 22:21     <DIR>   d--------       C:\\GSpot270a
2008-07-10 22:21 . 2008-07-10 22:21     411,509 --a------       C:\\GSpot270a.zip
2008-07-10 22:04 . 2007-09-04 18:56     164,352 --a------       C:\\WINDOWS\\system32\\unrar.dll
2008-07-10 22:03 . 2008-07-10 22:03     <DIR>   d--------       C:\\Program Files\\K-Lite Codec Pack
2008-07-10 22:00 . 2008-07-10 22:00     14,725,701      --a------       C:\\klcodec400f.exe
2008-07-10 21:40 . 2008-07-10 21:40     48,367,896      --a------       C:\\avg_free_stf_en_8_138a1332.exe
2008-07-10 21:30 . 2008-07-10 21:30     9,524,448       --a------       C:\\winamp554_full_emusic-7plus_pl-pl.exe
2008-07-08 09:56 . 2008-07-08 09:56     <DIR>   d--hs----       C:\\FOUND.012
2008-07-03 23:08 . 2008-07-03 23:08     33,280  --a------       C:\\WINDOWS\\system32\\winhab32.dll
2008-06-23 22:18 . 2008-06-23 22:18     41,472  --a------       C:\\Documents and Settings\\aga\\38931.exe
2008-06-23 22:18 . 2008-06-23 22:18     41,472  --a------       C:\\Documents and Settings\\aga\\29498.exe
2008-06-22 17:01 .      30,208          C:\\WINDOWS\\system32\\drivers\\Afk38.sys
2008-06-21 15:34 . 2008-06-21 15:34     <DIR>   d--hs----       C:\\FOUND.011
2008-06-17 12:52 . 2008-06-17 12:52     <DIR>   d--------       C:\\Program Files\\Picasa2
2008-06-12 21:22 . 2008-06-12 21:22     103,642 --a------       C:\\Lake%20Powell,%20Arizona.jpg
2008-06-12 21:18 . 2008-06-12 21:18     128,758 --a------       C:\\Dolomite%20Mountains,%20Italy.jpg
2008-06-12 21:17 . 2008-06-12 21:17     13,908  --a------       C:\\Dolomite Mountains, Italy.htm
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 18:36        7,680   ----a-w C:\\WINDOWS\\system32\\ff_vfw.dll
2008-05-31 08:31        ---------       d-----w C:\\Program Files\\Sun
2008-05-31 08:30        ---------       d-----w C:\\Program Files\\Java
2008-05-31 08:28        ---------       d-----w C:\\Program Files\\Common Files\\Java
2008-05-30 23:22        683,520 ----a-w C:\\WINDOWS\\system32\\divx.dll
2008-05-22 22:22        3,596,288       ----a-w C:\\WINDOWS\\system32\\qt-dx331.dll
2008-05-22 22:19        81,920  ----a-w C:\\WINDOWS\\system32\\dpl100.dll
2008-05-17 08:04        2,165,504       ----a-w C:\\tcmdr703(dobreprogramy.pl).exe
2008-05-01 12:48        13,704,192      ----a-w C:\\IKEA_Home_Planner.exe
2008-04-19 09:24        2,928,928       ----a-w C:\\ica32t.exe
2008-04-19 09:12        3,275,640       ----a-w C:\\multi.exe
2008-01-07 18:54        24,298,184      ----a-w C:\\Program Files\\5550-plk-win2k_xp.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\ctfmon.exe\" [2002-09-28 22:00 13312]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2007-11-04 20:05 68856]
\"Picasa Media Detector\"=\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\" [2008-02-26 03:23 443968]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 11:50 155648]
\"DVDTray\"=\"C:\\Program Files\\Ahead\\ODD Toolkit\\DVDTray.exe\" [2004-09-03 10:58 65536]
\"OrderReminder\"=\"C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe\" [2005-03-18 13:18 98304]
\"Share-to-Web Namespace Daemon\"=\"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\" [2002-04-17 10:42 69632]
\"Sony Ericsson PC Suite\"=\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" [2005-10-26 16:17 159744]
\"WOOWATCH\"=\"C:\\PROGRA~1\\NEOSTR~1\\Watch.exe\" [2004-08-23 14:49 20480]
\"WOOTASKBARICON\"=\"C:\\PROGRA~1\\NEOSTR~1\\GestMaj.exe\" [2004-10-14 16:55 32768]
\"WinampAgent\"=\"C:\\Program Files\\Winamp\\winampa.exe\" [2007-05-19 11:39 35328]
\"AVG7_CC\"=\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" [2008-06-28 11:41 580096]
\"!AVG Anti-Spyware\"=\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" [2007-06-11 10:25 6731312]
\"RemoteControl\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2007-01-08 22:26 68640]
\"LanguageShortcut\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\" [2007-01-08 22:17 52256]
\"HPDJ Taskbar Utility\"=\"C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\" [2002-12-10 01:37 188416]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 04:28 144784]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\CTFMON.EXE\" [2002-09-28 22:00 13312]
\"AVG7_Run\"=\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe\" [2007-12-08 11:59 219136]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
BlueSoleil.lnk - D:\\Winamp\\BlueSoleil.exe [2003-07-14 08:04:36 1183744]
DSLMON.lnk - C:\\Program Files\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe [2003-09-24 10:18:54 839680]
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE [1999-02-17 20:05:56 65588]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"aux\"= ctwdm32.dll
\"VIDC.YV12\"= yv12vfw.dll
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Afk38.sys]
@=\"Driver\"
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Pvb62.sys]
@=\"Driver\"
 
R0 Afk38;Afk38;C:\\WINDOWS\\System32\\Drivers\\Afk38.sys []
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\\WINDOWS\\System32\\DRIVERS\\e4usbaw.sys [2006-09-19 11:03]
S0 Pvb62;Pvb62;C:\\WINDOWS\\System32\\Drivers\\Pvb62.sys []
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\\WINDOWS\\System32\\Drivers\\e4ldr.sys [2006-09-15 11:07]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\\WINDOWS\\System32\\DRIVERS\\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\\WINDOWS\\System32\\DRIVERS\\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\\WINDOWS\\System32\\DRIVERS\\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\\WINDOWS\\System32\\DRIVERS\\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\\WINDOWS\\System32\\DRIVERS\\w200obex.sys [2006-11-07 09:42]
 
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-autoclk - autoclk.exe
HKLM-Run-adiras - adiras.exe
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 16:35:59
Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\PROGRAM FILES\\GRISOFT\\AVG ANTI-SPYWARE 7.5\\GUARD.EXE
C:\\PROGRAM FILES\\GRISOFT\\AVG7\\AVGAMSVR.EXE
C:\\PROGRAM FILES\\GRISOFT\\AVG7\\AVGUPSVC.EXE
C:\\PROGRAM FILES\\GRISOFT\\AVG7\\AVGEMC.EXE
D:\\Winamp\\BTNtService.exe
C:\\WINDOWS\\SYSTEM32\\FTRTSVC.EXE
C:\\PROGRAM FILES\\COMMON FILES\\LIGHTSCRIBE\\LSSRVC.EXE
C:\\PROGRAM FILES\\CYBERLINK\\SHARED FILES\\RICHVIDEO.EXE
C:\\WINDOWS\\SYSTEM32\\WDFMGR.EXE
C:\\WINDOWS\\system32\\cmd.exe
C:\\PROGRAM FILES\\GRISOFT\\AVG7\\AVGCC.EXE
C:\\PROGRAM FILES\\NEOSTRADA TP\\TASKBARICON.EXE
C:\\PROGRAM FILES\\HEWLETT-PACKARD\\HP SHARE-TO-WEB\\HPGS2WNF.EXE
C:\\PROGRAM FILES\\COMMON FILES\\TELECA SHARED\\CAPABILITYMANAGER.EXE
C:\\WINDOWS\\SYSTEM32\\DEVLDR32.EXE
C:\\PROGRAM FILES\\COMMON FILES\\TELECA SHARED\\GENERIC.EXE
C:\\PROGRAM FILES\\SONY ERICSSON\\MOBILE2\\MOBILE PHONE MONITOR\\EPMWORKER.EXE
.
**************************************************************************
.
Completion time: 2008-07-12 16:36:50 - machine was rebooted [aga]
ComboFix-quarantined-files.txt  2008-07-12 14:36:46
 
Pre-Run: 8,101,978,112 bajtów wolnych
Post-Run: 8,882,495,488 bajt˘w wolnych
 
135
 
Wygenerowano w 0.103s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!