Anonim / 9 lat, 2 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
ComboFix 08-08-27.05 - Ja 2008-08-28 11:32:59.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1711 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
J:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-28  )))))))))))))))))))))))))))))))
.

2008-08-28 11:21 . 2008-08-28 11:21	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-08-28 10:38 . 2008-08-28 10:38	<DIR>	d--------	C:\Documents and Settings\Ja\Dane aplikacji\CyberLink
2008-08-28 10:38 . 2008-08-28 10:38	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-08-28 10:38 . 2001-03-08 18:30	24,064	---------	C:\WINDOWS\system32\msxml3a.dll
2008-08-28 10:37 . 2008-08-28 10:37	<DIR>	d--------	C:\Program Files\CyberLink
2008-08-28 10:37 . 2003-03-18 20:14	499,712	---------	C:\WINDOWS\system32\msvcp71.dll
2008-08-28 10:37 . 2003-02-21 04:42	348,160	---------	C:\WINDOWS\system32\msvcr71.dll
2008-08-28 10:26 . 2008-08-28 10:26	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-08-28 10:24 . 2008-08-28 10:24	<DIR>	d--------	C:\Program Files\Nero
2008-08-28 10:24 . 2008-08-28 10:26	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2008-08-28 10:24 . 2008-08-28 10:24	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-28 10:18 . 2008-08-28 10:18	<DIR>	d--------	C:\Program Files\SubEdit-Player
2008-08-28 10:14 . 2008-08-28 10:14	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2008-08-28 10:12 . 2008-08-28 10:12	<DIR>	d--------	C:\Program Files\Windows Media Connect 2
2008-08-28 10:11 . 2008-08-28 10:11	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-08-28 10:11 . 2008-08-28 10:12	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-08-28 10:11 . 2006-09-25 17:58	23,856	--a------	C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 10:10 . 2008-08-28 10:10	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-08-28 10:07 . 2008-04-14 00:15	26,368	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-28 10:06 . 2008-08-28 10:06	13,646	--a------	C:\WINDOWS\system32\wpa.bak
2008-08-28 10:02 . 2008-05-03 05:16	213,493	--a------	C:\WINDOWS\system32\nvdspcht.chm
2008-08-28 10:02 . 2008-08-28 11:28	182,038	--a------	C:\WINDOWS\system32\nvapps.xml
2008-08-28 10:02 . 2008-05-03 05:16	139,792	--a------	C:\WINDOWS\system32\nv3dcht.chm
2008-08-28 10:02 . 2008-05-03 05:16	124,817	--a------	C:\WINDOWS\system32\nvcplcht.chm
2008-08-28 10:02 . 2008-05-03 05:16	59,261	--a------	C:\WINDOWS\system32\nvmobcht.chm
2008-08-28 10:00 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 08:37	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-28 08:37	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-28 08:03	---------	d-----w	C:\Program Files\VDOTool
2008-08-28 07:57	---------	d-----w	C:\Program Files\Realtek
2008-08-28 07:57	---------	d-----w	C:\Documents and Settings\Ja\Dane aplikacji\InstallShield
2008-08-28 07:53	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-08-28 07:50	---------	d-----w	C:\Program Files\Intel
2008-08-28 07:40	---------	d-----w	C:\Program Files\microsoft frontpage
2008-08-28 07:38	---------	d-----w	C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="C:\Program Files\VDOTool\TBPanel.exe" [2008-06-04 11:37 2157096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:16 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 10:40 16858112 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-03 05:16 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=


*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 11:33:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-28 11:34:15
ComboFix-quarantined-files.txt  2008-08-28 09:34:13

Pre-Run: 100,098,146,304 bajtów wolnych
Post-Run: 100,125,401,088 bajtów wolnych

96