wklejto.pl

Dodane przez: ~Wojciech3 (2008-08-31 14:12) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
ComboFix 08-08-30.03 - krzysiek kupniewicz 2008-08-31 12:40:08.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.684 [GMT 1:00]
Running from: C:\\Documents and Settings\\krzysiek kupniewicz\\Desktop\\ComboFix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Program Files\\MyGlobalSearch
C:\\Program Files\\myglobalsearch\\bar\\History\\search
D:\\Autorun.inf
 
.
(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-31  )))))))))))))))))))))))))))))))
.
 
2008-08-13 22:32 . 2008-05-01 15:30     331,776 ---------       C:\\WINDOWS\\system32\\dllcache\\msadce.dll
2008-07-10 20:30 . 2008-08-06 18:05     96,976  --a------       C:\\WINDOWS\\system32\\drivers\\klin.dat
2008-07-10 20:30 . 2008-08-02 14:44     87,855  --a------       C:\\WINDOWS\\system32\\drivers\\klick.dat
2008-07-10 20:29 . 2008-08-31 12:05     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2008-07-10 20:29 . 2008-08-31 12:46     10,965,280      --ahs----       C:\\WINDOWS\\system32\\drivers\\fidbox.dat
2008-07-10 20:29 . 2008-08-31 12:46     152,608 --ahs----       C:\\WINDOWS\\system32\\drivers\\fidbox2.dat
2008-07-10 20:29 . 2008-08-31 11:56     147,380 --ahs----       C:\\WINDOWS\\system32\\drivers\\fidbox.idx
2008-07-10 20:29 . 2008-08-31 11:56     14,948  --ahs----       C:\\WINDOWS\\system32\\drivers\\fidbox2.idx
2008-07-10 18:53 . 2008-07-10 18:53     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2008-07-07 21:32 . 2008-07-07 21:32     253,952 ---------       C:\\WINDOWS\\system32\\dllcache\\es.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 11:08        ---------       d-----w C:\\Documents and Settings\\krzysiek kupniewicz\\Application Data\\Skype
2008-08-28 16:28        ---------       d-----w C:\\Program Files\\DAEMON Tools
2008-08-20 12:14        ---------       d-----w C:\\Program Files\\eMule
2008-07-18 21:10        94,920  ----a-w C:\\WINDOWS\\system32\\dllcache\\cdm.dll
2008-07-18 21:10        94,920  ----a-w C:\\WINDOWS\\system32\\cdm.dll
2008-07-18 21:10        53,448  ----a-w C:\\WINDOWS\\system32\\wuauclt.exe
2008-07-18 21:10        53,448  ----a-w C:\\WINDOWS\\system32\\dllcache\\wuauclt.exe
2008-07-18 21:10        45,768  ----a-w C:\\WINDOWS\\system32\\wups2.dll
2008-07-18 21:10        36,552  ----a-w C:\\WINDOWS\\system32\\wups.dll
2008-07-18 21:10        36,552  ----a-w C:\\WINDOWS\\system32\\dllcache\\wups.dll
2008-07-18 21:09        563,912 ----a-w C:\\WINDOWS\\system32\\wuapi.dll
2008-07-18 21:09        563,912 ----a-w C:\\WINDOWS\\system32\\dllcache\\wuapi.dll
2008-07-18 21:09        325,832 ----a-w C:\\WINDOWS\\system32\\wucltui.dll
2008-07-18 21:09        325,832 ----a-w C:\\WINDOWS\\system32\\dllcache\\wucltui.dll
2008-07-18 21:09        205,000 ----a-w C:\\WINDOWS\\system32\\wuweb.dll
2008-07-18 21:09        205,000 ----a-w C:\\WINDOWS\\system32\\dllcache\\wuweb.dll
2008-07-18 21:09        1,811,656       ----a-w C:\\WINDOWS\\system32\\wuaueng.dll
2008-07-18 21:09        1,811,656       ----a-w C:\\WINDOWS\\system32\\dllcache\\wuaueng.dll
2008-07-10 19:40        112,144 ----a-w C:\\WINDOWS\\system32\\drivers\\kl1.sys
2008-07-10 19:29        ---------       d-----w C:\\Program Files\\Kaspersky Lab
2008-07-07 20:32        253,952 ----a-w C:\\WINDOWS\\system32\\es.dll
2008-06-24 16:23        74,240  ----a-w C:\\WINDOWS\\system32\\mscms.dll
2008-06-24 16:23        74,240  ------w C:\\WINDOWS\\system32\\dllcache\\mscms.dll
2008-06-23 09:49        18,432  ------w C:\\WINDOWS\\system32\\dllcache\\iedw.exe
2008-06-20 17:41        245,248 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 17:41        245,248 ------w C:\\WINDOWS\\system32\\dllcache\\mswsock.dll
2008-06-20 17:41        148,992 ----a-w C:\\WINDOWS\\system32\\dllcache\\dnsapi.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\dllcache\\tcpip.sys
2008-06-20 10:44        138,368 ------w C:\\WINDOWS\\system32\\dllcache\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\dllcache\\tcpip6.sys
2008-06-13 13:10        272,128 ------w C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-05-08 12:28        202,752 ------w C:\\WINDOWS\\system32\\dllcache\\rmcast.sys
2008-05-07 05:18        1,287,680       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-05-07 05:18        1,287,680       ------w C:\\WINDOWS\\system32\\dllcache\\quartz.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NBJ\"=\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\" [2005-01-04 14:17 1937408]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2005-08-30 19:51 1708032]
\"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2007-01-12 14:57 25367592]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2008-04-20 17:41 68856]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 09:00 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATIPTA\"=\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\" [2005-11-10 21:05 344064]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\" [2005-11-10 13:03 36975]
\"RecGuard\"=\"C:\\Windows\\SMINST\\RecGuard.exe\" [2005-10-11 10:23 1187840]
\"hpWirelessAssistant\"=\"C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe\" [2005-12-13 16:45 507904]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 10:50 155648]
\"Symantec PIF AlertEng\"=\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" [2007-03-12 18:30 517768]
\"LG Drive\"=\"C:\\Program Files\\LG USB Drive 2.9\\LG_Drive.exe\" [2006-07-28 20:31 1015808]
\"RemoteControl\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2004-06-28 22:29 32768]
\"BJCFD\"=\"C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe\" [2003-01-27 17:16 376912]
\"ISUSPM Startup\"=\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe\" [2006-05-16 11:58 213936]
\"ISUSScheduler\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" [2006-05-16 11:58 86960]
\"ISUSPM\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" [2006-05-16 11:58 213936]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 09:00 15360]
 
C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2008-04-23 03:38:16 29696]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0 SE\\CalCheck.exe [2006-07-23 19:51:32 69632]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.JPEG\"= JPEGCODE.DLL
\"VIDC.MPEG\"= JPEGCODE.DLL
\"vidc.SMP4\"= mcs_vfw.dll
\"msacm.dvacm\"= C:\\PROGRA~1\\COMMON~1\\ULEADS~1\\Vio\\Dvacm.acm
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Desktop Help.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Broadband Desktop Help.lnk
backup=C:\\WINDOWS\\pss\\Broadband Desktop Help.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Photosmart Premier Fast Start.lnk
backup=C:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Cpqset]
--a------ 2005-08-01 14:26 233534 C:\\Program Files\\HPQ\\Default Settings\\Cpqset.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QPService]
--a------ 2005-12-12 11:39 94208 C:\\Program Files\\HP\\QuickPlay\\QPService.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SynTPEnh]
--a------ 2005-06-19 21:50 729178 C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
 
R3 HSFHWATI;HSFHWATI;C:\\WINDOWS\\system32\\DRIVERS\\HSFHWATI.sys [2005-08-22 10:06]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\\WINDOWS\\system32\\DRIVERS\\klim5.sys [2007-12-13 13:28]
S3 PAC207;Trust WB-1400T Webcam;C:\\WINDOWS\\system32\\DRIVERS\\pfc027.sys [2005-02-24 12:29]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\D]
\\Shell\\AutoRun\\command - C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e9595713-f5ee-11dc-b19f-001150dd07a3}]
\\Shell\\AutoRun\\command - G:\\InstallTomTomHOME.exe
 
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
 
Notify-WgaLogon - (no file)
MSConfigStartUp-eabconfg - C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe
MSConfigStartUp-Motive SmartBridge - C:\\PROGRA~1\\BTBROA~1\\Help\\SMARTB~1\\BTHelpNotifier.exe
MSConfigStartUp-Yahoo! Pager - C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe
MSConfigStartUp-YBrowser - C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe
 
 
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\\Documents and Settings\\krzysiek kupniewicz\\Application Data\\Mozilla\\Firefox\\Profiles\\p8i44fqo.default\\
.
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 12:46:41
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-08-31 12:49:19
ComboFix-quarantined-files.txt  2008-08-31 11:49:14
 
Pre-Run: 4,678,918,144 bytes free
Post-Run: 4,681,478,144 bytes free
 
156     --- E O F ---   2008-08-14 02:09:40
 
Wygenerowano w 0.075s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!