Wątki


Combofix



ullisses - Czw Cze 19, 2008 8:25 am
ComboFix 08-06-16.5 - GRYZLI 2008-06-18 20:30:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.207 [GMT 2:00]
Running from: C:\Documents and Settings\GRYZLI\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 19:22 . 2008-06-18 19:22 <DIR> d-------- C:\WINDOWS\Logs
2008-06-18 19:22 . 2008-06-18 19:26 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-18 17:42 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-18 17:33 . 2008-06-18 17:33 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\system32\pl
2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-18 17:25 . 2008-06-18 17:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-18 17:17 . 2008-06-18 17:17 <DIR> d-------- C:\WINDOWS\EHome
2008-06-18 17:00 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-18 17:00 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-06-18 17:00 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-06-18 17:00 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-06-17 13:09 . 2008-06-17 13:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 12:10 . 2008-06-17 12:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-17 11:48 . 2008-06-17 11:48 <DIR> d-------- C:\Program Files\WinASO
2008-06-12 16:53 . 2008-06-12 16:54 <DIR> d-------- C:\MyUNIIstaler
2008-06-12 15:14 . 2008-06-12 15:14 <DIR> d-------- C:\WINDOWS\Sun
2008-06-12 15:13 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 15:12 . 2008-06-12 15:13 <DIR> d-------- C:\Program Files\Java
2008-06-12 15:10 . 2008-06-12 15:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 14:57 . 2008-04-14 18:00 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:57 . 2008-04-14 18:00 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 14:57 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\UC.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-08 14:49 . 2008-06-08 14:50 <DIR> d-------- C:\Program Files\WinCOMANDER
2008-06-05 11:14 . 2008-06-05 11:14 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 15:42 . 2008-06-18 15:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-22 04:14 . 2008-05-22 04:14 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-22 04:08 . 2008-05-27 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-05-22 04:07 . 2008-06-03 20:52 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-22 04:05 . 2008-06-17 12:02 <DIR> d-------- C:\Program Files\Winamp
2008-05-22 04:05 . 2008-05-22 04:08 <DIR> d-------- C:\Documents and Settings\GRYZLI\Dane aplikacji\Winamp
2008-05-18 22:48 . 2008-05-18 22:48 <DIR> d-------- C:\Documents and Settings\GRYZLI\Dane aplikacji\ABBYY
2008-05-18 22:43 . 2008-05-18 22:43 <DIR> d-------- C:\Program Files\Common Files\ABBYY
2008-05-18 22:40 . 2008-05-18 22:46 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-05-18 22:40 . 2008-05-18 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ABBYY

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 02:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-18 17:07 --------- d-----w C:\Program Files\MCS Studios
2008-05-15 14:47 --------- d-----w C:\Program Files\Telewizja
2008-05-15 14:47 --------- d-----w C:\Program Files\Common Files\TV
2008-05-15 14:47 --------- d-----w C:\Program Files\Apple Software Update
2008-05-15 14:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-09 08:34 --------- d-----w C:\Program Files\Alwil Software
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-27 11:19 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\uTorrent
2008-04-26 15:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 14:52 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\Apple Computer
2008-04-20 13:53 --------- d-----w C:\Program Files\iTunes
2008-04-20 13:53 --------- d-----w C:\Program Files\iPod
2008-04-20 13:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-20 13:48 --------- d-----w C:\Program Files\QuickTime
2008-04-20 13:14 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\Leadertech
2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:30 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-11 16:30 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 19:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-24 19:25 22,328 ----a-w C:\Documents and Settings\GRYZLI\Dane aplikacji\PnkBstrK.sys
2007-12-08 17:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-27 13:35 56 --sh--r C:\WINDOWS\system32\49C16E989A.sys
2008-01-27 13:35 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"BitComet"="D:\BITComet\BitComet.exe" [2008-03-25 08:38 2196280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 14:57 917504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 16:22 542208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 12:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\GaduGadu\\Gadu-Gadu\\gg.exe"=
"D:\\BITComet\\BitComet.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9554:TCP"= 9554:TCP:BitCometBeta 9554 TCP
"9554:UDP"= 9554:UDP:BitCometBeta 9554 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service []
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 11:40]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-01-27 20:57]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-01-27 21:02]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 20:34:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3016] 0xFFB10020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-06-18 20:35:31
ComboFix-quarantined-files.txt 2008-06-18 18:35:25

Pre-Run: 15,021,301,760 bajtów wolnych
Post-Run: 15,039,959,040 bajtów wolnych

205 --- E O F --- 2008-06-18 13:58:47

I CO DALEJ????!!!




kamuflasz - Czw Cze 19, 2008 9:16 am
teraz czekaj na odpowiedĽ, następnym razem logi z Combofixa zamieszczaj w dziale Bezpieczeństwo



huber2t - Czw Cze 19, 2008 11:29 am
W logu nic nie widze

Czy s± jakie¶ problemy?
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • szpetal.keep.pl
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • funlifepok.htw.pl

  • Sitedesign by AltusUmbrae.