wklejto.pl

Dodane przez: ~dede (2008-08-21 13:18) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
ComboFix 08-08-19.06 - FARMATOR 1 2008-08-21 13:22:35.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.430 [GMT 2:00]
Running from: C:\\Documents and Settings\\FARMATOR 1\\Pulpit\\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
 
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\FARMATOR 1\\Cookies\\farmator 1@visit.kodak[1].txt
C:\\WINDOWS\\system32\\amvo.exe
 
.
(((((((((((((((((((((((((   Files Created from 2008-07-21 to 2008-08-21  )))))))))))))))))))))))))))))))
.
 
2008-08-21 13:02 . 2008-08-21 13:02     <DIR>   d--------       C:\\Program Files\\Avira
2008-08-21 13:02 . 2008-08-21 13:02     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Avira
2008-08-21 12:56 . 2008-08-21 12:58     <DIR>   d--------       C:\\Program Files\\Spyware Doctor
2008-08-21 12:56 . 2008-08-21 12:56     <DIR>   d--------       C:\\Documents and Settings\\FARMATOR 1\\Dane aplikacji\\PC Tools
2008-08-21 12:56 . 2007-12-10 14:53     81,288  --a------       C:\\WINDOWS\\system32\\drivers\\iksyssec.sys
2008-08-21 12:56 . 2007-12-10 14:53     66,952  --a------       C:\\WINDOWS\\system32\\drivers\\iksysflt.sys
2008-08-21 12:56 . 2008-02-01 12:55     42,376  --a------       C:\\WINDOWS\\system32\\drivers\\ikfilesec.sys
2008-08-21 12:56 . 2007-12-10 14:53     29,576  --a------       C:\\WINDOWS\\system32\\drivers\\kcom.sys
2008-08-05 12:25 . 2008-08-21 13:01     <DIR>   d-a------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-08-02 13:30 . 2008-08-02 13:30     118     --a------       C:\\WINDOWS\\system32\\MRT.INI
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 08:52        ---------       d-----w C:\\Program Files\\English Translator 3
2008-07-11 07:10        ---------       d-----w C:\\Documents and Settings\\FARMATOR 1\\Dane aplikacji\\Tlen.pl
2008-07-07 20:33        253,952 ----a-w C:\\WINDOWS\\system32\\es.dll
2008-06-27 12:47        ---------       d-----w C:\\Program Files\\ESET
2008-06-24 16:24        74,240  ----a-w C:\\WINDOWS\\system32\\mscms.dll
2008-06-23 16:42        826,368 ----a-w C:\\WINDOWS\\system32\\wininet.dll
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
\"MSMSGS\"=\"C:\\Program Files\\Messenger\\msmsgs.exe\" [2004-10-13 18:24 1694208]
\"Komunikator\"=\"C:\\Program Files\\Tlen.pl\\tlen.exe\" [2007-02-12 12:01 1149440]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATICCC\"=\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" [2005-08-12 14:43 45056]
\"nod32kui\"=\"C:\\Program Files\\Eset\\nod32kui.exe\" [2007-07-02 15:51 949376]
\"CreativeMouse \"=\"C:\\Program Files\\Mouse Driver\\MouseDrv.exe\" [2004-06-27 14:54 503808]
\"HP Software Update\"=\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2004-09-13 15:49 49152]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 11:50 155648]
\"StatusClient 2.6\"=\"C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe\" [2003-10-03 19:52 61440]
\"TomcatStartup 2.5\"=\"C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe\" [2004-04-09 17:31 184320]
\"OrderReminder\"=\"C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder\\OrderReminder.exe\" [2008-03-07 14:22 98304]
\"ToolBoxFX\"=\"C:\\Program Files\\HP\\ToolBoxFX\\bin\\HPTLBXFX.exe\" [2006-10-06 11:14 53248]
\"avgnt\"=\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" [2008-02-12 10:06 262401]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2006-01-11 11:23 15961088 C:\\WINDOWS\\RTHDCPL.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 14:00 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-09-23 22:05:26 29696]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"FirewallOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\WINDOWS\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
 
S3 cxbu0wdm;CardMan 6121;C:\\WINDOWS\\system32\\DRIVERS\\cxbu0wdm.sys [2007-02-28 08:38]
S3 HPFXBULK;HPFXBULK;C:\\WINDOWS\\system32\\drivers\\hpfxbulk.sys [2005-09-20 18:22]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0f31908b-4cc6-11dd-a43b-001676c7597b}]
\\Shell\\AutoRun\\command - F:\\1nkbd8h.bat
\\Shell\\explore\\Command - F:\\1nkbd8h.bat
\\Shell\\open\\Command - F:\\1nkbd8h.bat
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{2fb666bc-4964-11dc-a32c-001676c7597b}]
\\Shell\\AutoRun\\command - F:\\xmnm2.cmd
\\Shell\\explore\\Command - F:\\xmnm2.cmd
\\Shell\\open\\Command - F:\\xmnm2.cmd
 
*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SDAUXSERVICE
*Newly Created Service* - SDCORESERVICE
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\\Documents and Settings\\FARMATOR 1\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\n5bklx8q.default\\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 13:24:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\\WINDOWS\\system32\\lsass.exe
-> C:\\Program Files\\Eset\\pr_imon.dll
.
Completion time: 2008-08-21 13:25:03
ComboFix-quarantined-files.txt  2008-08-21 11:25:01
 
Pre-Run: 9,008,721,920 bajtów wolnych
Post-Run: 9,140,908,032 bajtów wolnych
 
113     --- E O F ---   2008-08-14 13:02:49
 
Wygenerowano w 0.047s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!