wklejto.pl

Dodane przez: ~jacek69 (2008-07-14 11:19) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
ComboFix 08-07-13.9 - Ewa 2008-07-14 11:03:54.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.361 [GMT 2:00]
Running from: C:\\Documents and Settings\\Ewa\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Ewa\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\pagefile.sys.vbs
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\autorun.inf
C:\\Documents and Settings\\Ewa\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Windows Media\\10.0\\WMSDKNSD.XML
C:\\Program Files\\myglobalsearch
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9PLUGIN.DLL
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\MGSBAR.DLL
C:\\Program Files\\myglobalsearch\\bar\\1.bin\\NPMYGLSH.DLL
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0C96195
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0C97127
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0C97FDC.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0C98401.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]0C98D65.bin
C:\\Program Files\\myglobalsearch\\bar\\Cache\\files.ini
C:\\Program Files\\myglobalsearch\\bar\\History\\search
C:\\Program Files\\myglobalsearch\\bar\\Settings\\prevcfg.htm
C:\\WINDOWS\\pagefile.sys.vbs
C:\\WINDOWS\\system32\\amvo.exe
C:\\WINDOWS\\system32\\amvo0.dll
C:\\WINDOWS\\system32\\amvo1.dll
D:\\Autorun.inf
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-14 to 2008-07-14  )))))))))))))))))))))))))))))))
.
 
2008-07-14 10:11 . 2008-07-14 10:11     <DIR>   d--------       C:\\Program Files\\SoftprojectGP
2008-07-14 10:11 . 2005-07-20 12:48     59,904  --a------       C:\\WINDOWS\\system32\\zlib.dll
2008-07-04 12:59 . 2008-07-06 10:40     114,342 -r-hs----       C:\\[u]0[/u]0hoeav.com
2008-07-03 21:15 . 2008-07-03 20:47     114,611 -r-hs----       C:\\xmnm2.cmd
2008-06-27 14:33 . 2008-06-27 14:33     56      --ah-----       C:\\WINDOWS\\system32\\ezsidmv.dat
2008-06-27 14:32 . 2008-06-27 14:32     <DIR>   d--------       C:\\Program Files\\Common Files\\Skype
2008-06-24 18:54 . 2008-06-24 18:53     110,892 -r-hs----       C:\\t9peum02.exe
2008-06-21 20:05 . 2008-06-24 18:53     110,892 -r-hs----       C:\\jfvkcsy.bat
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 08:23        ---------       d-----w C:\\Documents and Settings\\Ewa\\Dane aplikacji\\Skype
2008-07-03 11:36        ---------       d-----w C:\\Documents and Settings\\Ewa\\Dane aplikacji\\XnView
2008-06-21 16:47        3,478   --sha-r C:\\pagefile.sys.vbs
2008-06-06 21:51        ---------       d-----w C:\\Documents and Settings\\Ewa\\Dane aplikacji\\U3
2008-06-06 20:18        ---------       d-----w C:\\Program Files\\Winamp Remote
2008-04-28 11:14        104,269 --sh--r C:\\oq.cmd
2008-03-28 20:45        16,368  ----a-w C:\\Documents and Settings\\Ewa\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2008-03-24 13:55        3,698,426       ----a-w C:\\Program Files\\XnView-win-en.exe
2008-03-24 13:41        4,261,270       ----a-w C:\\Program Files\\FSViewerSetup35.exe
2008-03-06 21:26        31,078  ----a-w C:\\Program Files\\National_Treasure_Book_of_Secrets_(NAPiSY-93234)[1].NS.zip
2007-12-03 21:51        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-11-14 12:54 2131392]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2008-04-19 22:28 68856]
\"MSMSGS\"=\"C:\\Program Files\\Messenger\\msmsgs.exe\" [2004-08-04 01:55 1667584]
\"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2008-05-30 15:54 21718312]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Monitor\"=\"C:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe\" [2006-11-03 12:01 319488]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.ffds\"= ffdshow.ax
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"D:\\\\Program Files\\\\BearShare\\\\BearShare.exe\"=
\"C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\Kaspersky Lab Setup Files\\\\Kaspersky Anti-Virus 7.0.1.321\\\\Polish\\\\setup.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0d5b6c0f-e966-11dc-bbc3-00304f2bc74f}]
\\Shell\\AutoRun\\command - F:\\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0d5b6c2c-e966-11dc-bbc3-00304f2bc74f}]
\\Shell\\AutoRun\\command - G:\\jfvkcsy.bat
\\Shell\\explore\\Command - G:\\jfvkcsy.bat
\\Shell\\open\\Command - G:\\jfvkcsy.bat
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{98b860b9-a2a2-11dc-bb26-00304f2bc74f}]
\\Shell\\AutoRun\\command - F:\\jfvkcsy.bat
\\Shell\\explore\\Command - F:\\jfvkcsy.bat
\\Shell\\open\\Command - F:\\jfvkcsy.bat
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{9cfecda0-fd8a-11dc-9492-00304f2bc74f}]
\\Shell\\AutoRun\\command - F:\\gjn2pjlw.exe
\\Shell\\explore\\Command - F:\\gjn2pjlw.exe
\\Shell\\open\\Command - F:\\gjn2pjlw.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{f59d148d-ee1e-11dc-9471-00304f2bc74f}]
\\Shell\\AutoRun\\command - H:\\y82td3td.com
\\Shell\\explore\\Command - H:\\y82td3td.com
\\Shell\\open\\Command - H:\\y82td3td.com
 
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
 
HKCU-Run-ares - D:\\Program Files\\Ares\\Ares.exe
HKLM-Run-MSRegInfo - C:\\WINDOWS\\pagefile.sys.vbs
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 11:11:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-14 11:15:24
ComboFix-quarantined-files.txt  2008-07-14 09:14:54
 
Pre-Run: 8,678,805,504 bajtów wolnych
Post-Run: 8,676,401,152 bajtów wolnych
 
123
 
Wygenerowano w 0.048s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!