Wątki |
Combofix
ullisses - Czw Cze 19, 2008 8:25 am ComboFix 08-06-16.5 - GRYZLI 2008-06-18 20:30:50.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.207 [GMT 2:00] Running from: C:\Documents and Settings\GRYZLI\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . 2008-06-18 19:22 . 2008-06-18 19:22 <DIR> d-------- C:\WINDOWS\Logs 2008-06-18 19:22 . 2008-06-18 19:26 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-18 17:42 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-06-18 17:33 . 2008-06-18 17:33 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\system32\pl 2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\system32\bits 2008-06-18 17:29 . 2008-06-18 17:29 <DIR> d-------- C:\WINDOWS\l2schemas 2008-06-18 17:25 . 2008-06-18 17:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-18 17:17 . 2008-06-18 17:17 <DIR> d-------- C:\WINDOWS\EHome 2008-06-18 17:00 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-06-18 17:00 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-06-18 17:00 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-06-18 17:00 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-06-17 13:09 . 2008-06-17 13:09 <DIR> d--h----- C:\WINDOWS\PIF 2008-06-17 12:10 . 2008-06-17 12:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-06-17 11:48 . 2008-06-17 11:48 <DIR> d-------- C:\Program Files\WinASO 2008-06-12 16:53 . 2008-06-12 16:54 <DIR> d-------- C:\MyUNIIstaler 2008-06-12 15:14 . 2008-06-12 15:14 <DIR> d-------- C:\WINDOWS\Sun 2008-06-12 15:13 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-12 15:12 . 2008-06-12 15:13 <DIR> d-------- C:\Program Files\Java 2008-06-12 15:10 . 2008-06-12 15:10 <DIR> d-------- C:\Program Files\Common Files\Java 2008-06-12 14:57 . 2008-04-14 18:00 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 14:57 . 2008-04-14 18:00 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-12 14:57 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\UC.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\RAR.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\LHA.PIF 2008-06-08 14:51 . 2002-10-29 05:50 545 --a------ C:\WINDOWS\ARJ.PIF 2008-06-08 14:49 . 2008-06-08 14:50 <DIR> d-------- C:\Program Files\WinCOMANDER 2008-06-05 11:14 . 2008-06-05 11:14 <DIR> d-------- C:\Program Files\CCleaner 2008-05-28 15:42 . 2008-06-18 15:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-22 04:14 . 2008-05-22 04:14 335 --a------ C:\WINDOWS\mozregistry.dat 2008-05-22 04:08 . 2008-05-27 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks 2008-05-22 04:07 . 2008-06-03 20:52 <DIR> d-------- C:\Program Files\Winamp Remote 2008-05-22 04:05 . 2008-06-17 12:02 <DIR> d-------- C:\Program Files\Winamp 2008-05-22 04:05 . 2008-05-22 04:08 <DIR> d-------- C:\Documents and Settings\GRYZLI\Dane aplikacji\Winamp 2008-05-18 22:48 . 2008-05-18 22:48 <DIR> d-------- C:\Documents and Settings\GRYZLI\Dane aplikacji\ABBYY 2008-05-18 22:43 . 2008-05-18 22:43 <DIR> d-------- C:\Program Files\Common Files\ABBYY 2008-05-18 22:40 . 2008-05-18 22:46 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2008-05-18 22:40 . 2008-05-18 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ABBYY . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-22 02:26 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-18 17:07 --------- d-----w C:\Program Files\MCS Studios 2008-05-15 14:47 --------- d-----w C:\Program Files\Telewizja 2008-05-15 14:47 --------- d-----w C:\Program Files\Common Files\TV 2008-05-15 14:47 --------- d-----w C:\Program Files\Apple Software Update 2008-05-15 14:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-05-09 08:34 --------- d-----w C:\Program Files\Alwil Software 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-27 11:19 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\uTorrent 2008-04-26 15:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-20 14:52 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\Apple Computer 2008-04-20 13:53 --------- d-----w C:\Program Files\iTunes 2008-04-20 13:53 --------- d-----w C:\Program Files\iPod 2008-04-20 13:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 13:48 --------- d-----w C:\Program Files\QuickTime 2008-04-20 13:14 --------- d-----w C:\Documents and Settings\GRYZLI\Dane aplikacji\Leadertech 2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:30 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 16:29 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 16:22 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-11 16:30 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-24 19:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-24 19:25 22,328 ----a-w C:\Documents and Settings\GRYZLI\Dane aplikacji\PnkBstrK.sys 2007-12-08 17:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-27 13:35 56 --sh--r C:\WINDOWS\system32\49C16E989A.sys 2008-01-27 13:35 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208] "BitComet"="D:\BITComet\BitComet.exe" [2008-03-25 08:38 2196280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 14:57 917504] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] "NWEReboot"="" [] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 16:22 542208] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] --a------ 2004-01-26 12:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\GaduGadu\\Gadu-Gadu\\gg.exe"= "D:\\BITComet\\BitComet.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9554:TCP"= 9554:TCP:BitCometBeta 9554 TCP "9554:UDP"= 9554:UDP:BitCometBeta 9554 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [] R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 11:40] R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-01-27 20:57] R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-01-27 21:02] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 20:34:33 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [3016] 0xFFB10020 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-06-18 20:35:31 ComboFix-quarantined-files.txt 2008-06-18 18:35:25 Pre-Run: 15,021,301,760 bajtów wolnych Post-Run: 15,039,959,040 bajtów wolnych 205 --- E O F --- 2008-06-18 13:58:47 I CO DALEJ????!!! kamuflasz - Czw Cze 19, 2008 9:16 am teraz czekaj na odpowiedĽ, następnym razem logi z Combofixa zamieszczaj w dziale Bezpieczeństwo huber2t - Czw Cze 19, 2008 11:29 am W logu nic nie widze Czy s± jakie¶ problemy? |
|||
Sitedesign by AltusUmbrae. |