wklejto.pl

Dodane przez: ~anapero (2008-07-12 20:38) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
ComboFix 08-07-11.1 - Ania 2008-07-12 20:36:07.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.88 [GMT 2:00]
Running from: C:\\Documents and Settings\\Ania\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Ania\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\Documents and Settings\\Ania\\Moje dokumenty\\Dokumenty\\GIS\\Inne\\MicroStation.chm
C:\\Program Files\\Bentley\\Documentation\\MicroStation.chm
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\Ania\\Moje dokumenty\\Dokumenty\\GIS\\Inne\\MicroStation.chm
C:\\Program Files\\Bentley\\Documentation\\MicroStation.chm
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.
 
2008-07-11 22:10 . 2008-07-11 22:10     <DIR>   d--------       C:\\WINDOWS\\system32\\Kaspersky Lab
2008-07-11 22:10 . 2008-07-11 22:10     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2008-07-11 18:16 . 2008-07-11 18:16     <DIR>   d--------       C:\\Program Files\\Panda Security
2008-07-11 18:16 . 2008-06-19 17:24     28,544  --a------       C:\\WINDOWS\\system32\\drivers\\pavboot.sys
2008-07-10 14:54 . 2008-07-10 14:54     <DIR>   d--------       C:\\Downloads
2008-07-10 14:50 . 2008-07-10 14:51     <DIR>   d--------       C:\\Program Files\\FlashGet
2008-07-06 15:56 . 2007-04-17 11:32     2,455,488       ---------       C:\\WINDOWS\\system32\\dllcache\\ieapfltr.dat
2008-07-06 15:56 . 2007-03-08 07:11     1,036,288       ---------       C:\\WINDOWS\\system32\\dllcache\\ieframe.dll.mui
2008-07-06 15:56 . 2008-04-23 09:20     459,264 ---------       C:\\WINDOWS\\system32\\dllcache\\msfeeds.dll
2008-07-06 15:56 . 2008-04-23 09:20     383,488 ---------       C:\\WINDOWS\\system32\\dllcache\\ieapfltr.dll
2008-07-06 15:56 . 2008-04-23 09:20     267,776 ---------       C:\\WINDOWS\\system32\\dllcache\\iertutil.dll
2008-07-06 15:56 . 2008-04-23 09:20     63,488  ---------       C:\\WINDOWS\\system32\\dllcache\\icardie.dll
2008-07-06 15:56 . 2008-04-23 09:20     52,224  ---------       C:\\WINDOWS\\system32\\dllcache\\msfeedsbs.dll
2008-07-06 15:56 . 2008-04-22 09:39     13,824  ---------       C:\\WINDOWS\\system32\\dllcache\\ieudinit.exe
2008-07-06 15:55 . 2008-04-23 09:20     6,066,176       ---------       C:\\WINDOWS\\system32\\dllcache\\ieframe.dll
2008-07-05 17:54 . 2008-07-05 17:54     <DIR>   d--------       C:\\WINDOWS\\system32\\pl-pl
2008-06-28 20:54 . 2004-08-04 20:00     31,616  --a------       C:\\WINDOWS\\system32\\drivers\\usbccgp.sys
2008-06-28 20:54 . 2004-08-04 20:00     31,616  --a------       C:\\WINDOWS\\system32\\dllcache\\usbccgp.sys
2008-06-16 19:59 . 2004-03-22 15:17     24,816  --a------       C:\\WINDOWS\\system32\\mdimon.dll
2008-06-16 19:55 . 2008-06-16 19:55     <DIR>   d--------       C:\\Program Files\\Microsoft Works
2008-06-16 19:54 . 2008-06-16 19:54     <DIR>   d--------       C:\\WINDOWS\\SHELLNEW
2008-06-16 19:54 . 2008-06-16 19:54     <DIR>   d--------       C:\\Program Files\\Microsoft.NET
2008-06-16 19:30 . 2008-06-16 19:30     <DIR>   d--------       C:\\Program Files\\DaemonTools_WhenUSave_Installer
2008-06-13 00:29 . 2008-07-06 17:25     1,355   --a------       C:\\WINDOWS\\imsins.BAK
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\dllcache\\mswsock.dll
2008-06-20 17:42        148,992 ----a-w C:\\WINDOWS\\system32\\dllcache\\dnsapi.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\dllcache\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\dllcache\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\dllcache\\tcpip6.sys
2008-06-16 17:25        639,224 ----a-w C:\\WINDOWS\\system32\\drivers\\sptd.sys
2008-06-14 18:01        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-14 18:01        273,024 ------w C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-05-22 19:54        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Yahoo! Companion
2008-05-22 19:26        ---------       d-----w C:\\Program Files\\Yahoo!
2008-05-08 12:28        202,752 ----a-w C:\\WINDOWS\\system32\\dllcache\\rmcast.sys
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\dllcache\\quartz.dll
2008-04-23 23:20        3,591,680       ----a-w C:\\WINDOWS\\system32\\dllcache\\mshtml.dll
2008-04-22 07:43        70,656  ----a-w C:\\WINDOWS\\system32\\dllcache\\ie4uinit.exe
2008-04-22 07:43        625,664 ----a-w C:\\WINDOWS\\system32\\dllcache\\iexplore.exe
2008-04-21 07:03        474,112 ----a-w C:\\WINDOWS\\system32\\dllcache\\shlwapi.dll
2008-04-21 07:03        151,552 ----a-w C:\\WINDOWS\\system32\\dllcache\\cdfview.dll
2008-04-21 07:03        1,494,528       ----a-w C:\\WINDOWS\\system32\\dllcache\\shdocvw.dll
2008-04-21 07:03        1,055,744       ----a-w C:\\WINDOWS\\system32\\dllcache\\danim.dll
2008-04-21 07:03        1,023,488       ----a-w C:\\WINDOWS\\system32\\dllcache\\browseui.dll
2008-04-20 05:07        161,792 ----a-w C:\\WINDOWS\\system32\\dllcache\\ieakui.dll
.
 
(((((((((((((((((((((((((((((   snapshot@2008-07-12_15.57.53.25   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 12:47:22   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2008-07-12 18:22:16   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2008-07-12 18:22:28   16,384  ----a-w C:\\WINDOWS\\Temp\\Perflib_Perfdata_a0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 20:00 15360]
\"MSMSGS\"=\"C:\\Program Files\\Messenger\\msmsgs.exe\" [2004-10-13 18:24 1694208]
\"Gadu-Gadu\"=\"D:\\Programy\\Gadu-Gadu\\gg.exe\" [2006-10-03 13:55 1631944]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LaunchApp\"=\"Alaunch\" [X]
\"SynTPLpr\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\" [2005-01-07 16:17 102491]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2005-01-07 16:16 692315]
\"IMJPMIG8.1\"=\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" [2004-08-04 20:00 208952]
\"MSPY2002\"=\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" [2004-08-04 20:00 59392]
\"igfxtray\"=\"C:\\WINDOWS\\system32\\igfxtray.exe\" [2005-07-18 04:09 94208]
\"igfxhkcmd\"=\"C:\\WINDOWS\\system32\\hkcmd.exe\" [2005-07-18 04:06 77824]
\"igfxpers\"=\"C:\\WINDOWS\\system32\\igfxpers.exe\" [2005-07-18 04:10 114688]
\"eDataSecurity Loader\"=\"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe\" [2005-10-19 09:30 69632]
\"EPM-DM\"=\"c:\\acer\\Empowering Technology\\ePower\\epm-dm.exe\" [2005-11-25 15:59 212992]
\"Acer ePower Management\"=\"C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe\" [2005-11-09 11:04 3084288]
\"LManager\"=\"C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE\" [2005-12-01 17:38 458752]
\"eRecoveryService\"=\"C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe\" [2005-11-16 17:00 397312]
\"ADMTray.exe\"=\"C:\\Acer\\Empowering Technology\\admtray.exe\" [2005-10-24 16:45 2462208]
\"ISUSPM Startup\"=\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" [2004-06-16 06:03 221184]
\"CorelDRAW Graphics Suite 11b\"=\"D:\\Programy\\Languages\\PL\\Programs\\Registration.exe\" [2004-06-23 00:20 733184]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\" [2007-09-25 01:11 132496]
\"avast!\"=\"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2007-12-04 14:00 79224]
\"HPDJ Taskbar Utility\"=\"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe\" [2002-06-21 11:32 188416]
\"TkBellExe\"=\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" [2008-05-01 13:53 185896]
\"DAEMON Tools\"=\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" [2006-11-12 12:48 157592]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2005-11-16 20:27 15600128 C:\\WINDOWS\\RTHDCPL.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 20:00 15360]
\"Picasa Media Detector\"=\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\" [2007-10-23 22:18 443968]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
--a------ 2004-08-04 20:00 455168 C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
--a------ 2004-08-04 20:00 455168 C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Picasa Media Detector]
--a------ 2007-10-23 22:18 443968 C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"D:\\\\Programy\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\oDC\\\\oDC.exe\"=
\"C:\\\\Program Files\\\\Real\\\\RealPlayer\\\\realplay.exe\"=
\"C:\\\\Program Files\\\\FlashGet\\\\flashget.exe\"=
 
R0 pavboot;pavboot;C:\\WINDOWS\\system32\\drivers\\pavboot.sys [2008-06-19 17:24]
R1 OsaFsLoc;OsaFsLoc;C:\\WINDOWS\\system32\\drivers\\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\\WINDOWS\\system32\\drivers\\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\\WINDOWS\\system32\\drivers\\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\\Acer\\Empowering Technology\\eRecovery\\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\\WINDOWS\\system32\\drivers\\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\\WINDOWS\\system32\\drivers\\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\\WINDOWS\\system32\\Drivers\\NdisFilt.sys [2005-09-13 15:34]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\\WINDOWS\\system32\\DRIVERS\\WlanBZXP.sys [2007-01-10 10:14]
S2 ArcGIS License Manager;ArcGIS License Manager;C:\\PROGRA~1\\ESRI\\LICENSE\\arcgis9x\\lmgrd.exe [1999-12-01 12:38]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\\WINDOWS\\system32\\ZDCndis5.SYS []
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\G]
\\Shell\\AutoRun\\command - 8de.bat
\\Shell\\explore\\Command - 
\\Shell\\open\\Command - 
 
*Newly Created Service* - INT15.SYS
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 20:38:45
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-12 20:39:34
ComboFix-quarantined-files.txt  2008-07-12 18:39:32
ComboFix2.txt  2008-07-12 13:58:10
 
Pre-Run: 6,828,457,984 bajtów wolnych
Post-Run: 6,814,171,136 bajtów wolnych
 
161     --- E O F ---   2008-07-09 20:22:18
Wygenerowano w 0.079s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!