Skocz do zawartości
Gopher187

Prośba O Sprawdzenie Loga.

Przez Gopher187, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

Gopher187 Newbie

Gopher187

Opublikowano
Opublikowano (edytowane)

Bardzo prosze o sprawdzenie loga z Combofix. Bede wdzieczny.

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log z combofix."
ComboFix 08-11-14.01 - user 2008-11-16 20:03:44.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.716 [GMT 1:00]

Running from: c:\documents and settings\user\Pulpit\ComboFix.exe

Command switches used :: c:\documents and settings\user\Pulpit\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\windows\SET3.tmp

c:\windows\SET4.tmp

c:\windows\SET8.tmp

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\grande48.sys

.

---- Previous Run -------

.

c:\documents and settings\user\~tmp1174.exe

c:\windows\hosts

c:\windows\SET3.tmp

c:\windows\SET4.tmp

c:\windows\SET8.tmp

c:\windows\system32\firefox.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CCEVTSVC

-------\Legacy_ZZZSVC_LICH

-------\Service_CcEvtSvc

-------\Service_ZZZdrv_lich

-------\Service_ZZZsvc_lich

 

 

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))

.

 

2008-11-16 15:57 . 2008-11-16 15:57 56 --a------ c:\windows\wininit.ini

2008-11-16 15:52 . 2008-11-16 15:52 <DIR> d-------- c:\program files\World of Warcraft

2008-11-15 15:13 . 2008-11-15 15:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard

2008-11-12 22:54 . 2008-11-12 22:54 <DIR> d-------- c:\program files\FAST Defrag

2008-10-28 22:09 . 2008-10-28 22:17 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Microsoft Games

2008-10-27 15:11 . 2004-04-09 18:12 1,040,384 --a------ c:\windows\system32\GnucDNA.dll

2008-10-22 19:17 . 2008-10-22 19:17 50 --a------ c:\windows\MegaManager.INI

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Megaupload

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\EmailNotifier

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Megaupload

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\EmailNotifier

2008-10-20 18:23 . 2008-10-20 18:23 319 --a------ c:\windows\game.ini

2008-10-20 15:07 . 2008-10-20 15:07 2,560 --a------ c:\windows\_MSRSTRT.EXE

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-16 19:06 --------- d-----w c:\program files\neostrada tp

2008-11-16 19:04 --------- d-----w c:\documents and settings\user\Dane aplikacji\DNA

2008-11-16 19:00 --------- d-----w c:\documents and settings\user\Dane aplikacji\BitTorrent

2008-11-16 18:13 --------- d-----w c:\program files\eMule

2008-11-15 14:29 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-11-01 15:50 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-30 15:40 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2008-10-28 21:08 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-28 15:39 --------- d-----w c:\program files\Free Audio Pack

2008-10-23 13:23 --------- d-----w c:\program files\CyberLink

2008-10-20 14:08 --------- d-----w c:\program files\Mp3 To Wave Converter

2008-10-01 14:39 --------- d-----w c:\program files\NifTools

2008-09-25 15:38 729,088 ----a-w c:\windows\iun6002.exe

2008-09-25 15:38 --------- d-----w c:\program files\AceGain

2008-09-25 15:31 --------- d-----w c:\program files\EA GAMES

2008-09-23 07:05 --------- d-----w c:\program files\DVDVideoSoft

2008-09-21 19:01 --------- d-----w c:\documents and settings\user\Dane aplikacji\GanymedeNet

2008-03-17 20:48 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll

2008-06-06 09:26 519,772 --sha-w c:\windows\firefox.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2007-12-21 32768]

 

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2007-12-22 290112]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-21 15360]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

scvhost.exe [2007-11-08 503808]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xii78.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-03-17 21:48 3057152 c:\program files\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]

--a------ 2008-06-05 19:25 379966 c:\windows\system32\vip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-07-05 09:08 16380416 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 09:45 1826816 c:\windows\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ZZZsvc_lich"=2 (0x2)

"FTRTSVC"=2 (0x2)

"PnkBstrA"=2 (0x2)

"CcEvtSvc"=2 (0x2)

"BlueSoleil Hid Service"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Opera\\Opera.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\Documents and Settings\\user\\Ustawienia lokalne\\Dane aplikacji\\MM-Project v2.1 XML.exe"=

"g:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

"f:\\Program Files\\World of Warcraft\\Repair.exe"=

 

S0 Xii78;Xii78;c:\windows\system32\Drivers\Xii78.sys []

S3 ddsxeiservice;ddsxeiservice2;\??\e:\program files\CS\SXE\sXe Injected\ddsxei.sys []

S3 Revolution1;Revolution1;\??\c:\docume~1\user\USTAWI~1\Temp\Rar$EX00.578\SHAK3.sys []

S3 XDva062;XDva062;\??\c:\windows\system32\XDva062.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5052a39d-afdc-11dc-a003-001d7d3c480e}]

\Shell\AutoRun\command - J:\USBNB.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

HKCU-Run-FAST Defrag - (no file)

HKLM-Run-DriverCD - D:\Run.exe

MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-16 20:06:17

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\NEOSTR~1\TaskBarIcon.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2008-11-16 20:07:20 - machine was rebooted [user]

ComboFix-quarantined-files.txt 2008-11-16 19:07:16

 

Pre-Run: 61,045,985,280 bytes free

Post-Run: 61,213,376,512 bytes free

 

187

Edytowane przez Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Kolobos Newbie

Kolobos

Opublikowano
Opublikowano

CFScript.txt:

 

File::

c:\windows\firefox.exe

c:\documents and settings\All Users\Menu Start\Programy\Autostart\scvhost.exe

c:\windows\system32\vip.exe

 

Driver::

Xii78

Revolution1

XDva062

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xii78.sys]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]

 

Po wykonaniu daj nowy log, zrob tez skan przy pomocy Dr.Web CureIt.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Gopher187 Newbie

Gopher187

Opublikowano
Opublikowano

Skan z Dr. Web CureIt wrzuce jutro.

 

Log z ComboFix.

 

ComboFix 08-11-14.01 - user 2008-11-17 21:39:37.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.660 [GMT 1:00]

Running from: c:\documents and settings\user\Pulpit\ComboFix.exe

Command switches used :: c:\documents and settings\user\Pulpit\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\documents and settings\All Users\Menu Start\Programy\Autostart\scvhost.exe

c:\windows\firefox.exe

c:\windows\system32\vip.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\scvhost.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_REVOLUTION1

-------\Legacy_XDVA062

-------\Service_Revolution1

-------\Service_XDva062

-------\Service_Xii78

 

 

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))

.

 

2008-11-17 19:58 . 2008-11-17 19:58 96,976 --a------ c:\windows\system32\drivers\klin.dat

2008-11-17 19:58 . 2008-11-17 19:58 87,855 --a------ c:\windows\system32\drivers\klick.dat

2008-11-17 19:57 . 2008-11-17 21:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2008-11-17 19:57 . 2008-11-17 21:42 2,770,464 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-11-17 19:57 . 2008-11-17 21:43 229,408 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2008-11-17 19:57 . 2008-11-17 21:42 25,868 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-11-17 19:57 . 2008-11-17 21:42 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2008-11-17 19:50 . 2008-11-17 19:50 <DIR> d-------- c:\program files\Kaspersky Lab

2008-11-17 19:47 . 2008-11-17 19:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-11-17 13:37 . 2008-11-17 15:35 <DIR> d-------- C:\WoW

2008-11-16 20:49 . 2008-11-16 20:49 <DIR> d-------- c:\windows\Sun

2008-11-16 20:48 . 2008-11-16 20:48 <DIR> d-------- c:\program files\Common Files\Java

2008-11-16 20:48 . 2008-05-28 03:03 49,265 --a------ c:\windows\system32\jpicpl32.cpl

2008-11-16 15:57 . 2008-11-16 15:57 56 --a------ c:\windows\wininit.ini

2008-11-16 15:52 . 2008-11-16 15:52 <DIR> d-------- c:\program files\World of Warcraft

2008-11-15 15:13 . 2008-11-15 15:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard

2008-11-12 22:54 . 2008-11-12 22:54 <DIR> d-------- c:\program files\FAST Defrag

2008-10-28 22:09 . 2008-10-28 22:17 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Microsoft Games

2008-10-27 15:11 . 2004-04-09 18:12 1,040,384 --a------ c:\windows\system32\GnucDNA.dll

2008-10-22 19:17 . 2008-10-22 19:17 50 --a------ c:\windows\MegaManager.INI

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Megaupload

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\EmailNotifier

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Megaupload

2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\EmailNotifier

2008-10-20 18:23 . 2008-10-20 18:23 319 --a------ c:\windows\game.ini

2008-10-20 15:07 . 2008-10-20 15:07 2,560 --a------ c:\windows\_MSRSTRT.EXE

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-17 20:43 --------- d-----w c:\program files\neostrada tp

2008-11-17 20:41 --------- d-----w c:\documents and settings\user\Dane aplikacji\DNA

2008-11-17 20:34 --------- d-----w c:\program files\eMule

2008-11-17 18:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-11-16 20:51 --------- d-----w c:\documents and settings\user\Dane aplikacji\BitTorrent

2008-11-16 19:48 --------- d-----w c:\program files\Java

2008-11-15 14:29 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-11-01 15:50 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-30 15:40 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2008-10-28 21:08 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-28 15:39 --------- d-----w c:\program files\Free Audio Pack

2008-10-23 13:23 --------- d-----w c:\program files\CyberLink

2008-10-20 14:08 --------- d-----w c:\program files\Mp3 To Wave Converter

2008-10-01 14:39 --------- d-----w c:\program files\NifTools

2008-09-25 15:38 729,088 ----a-w c:\windows\iun6002.exe

2008-09-25 15:38 --------- d-----w c:\program files\AceGain

2008-09-25 15:31 --------- d-----w c:\program files\EA GAMES

2008-09-23 07:05 --------- d-----w c:\program files\DVDVideoSoft

2008-09-21 19:01 --------- d-----w c:\documents and settings\user\Dane aplikacji\GanymedeNet

2008-03-17 20:48 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-16_20.07.03.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-21 16:34:36 121,872 ----a-w c:\windows\system32\drivers\kl1.sys

+ 2008-01-29 16:29:38 32,784 ----a-w c:\windows\system32\drivers\klbg.sys

+ 2008-11-17 18:57:30 213,008 ----a-w c:\windows\system32\drivers\klif.sys

+ 2008-04-30 16:06:48 24,592 ----a-w c:\windows\system32\drivers\klim5.sys

+ 2008-07-29 18:20:00 24,774 ----a-w c:\windows\system32\drivers\klopp.dat

- 2002-11-01 19:15:54 24,670 ------w c:\windows\system32\java.exe

+ 2008-05-28 00:20:14 49,248 ----a-w c:\windows\system32\java.exe

- 2002-11-01 19:15:54 24,672 ------w c:\windows\system32\javaw.exe

+ 2008-05-28 00:20:24 53,346 ----a-w c:\windows\system32\javaw.exe

+ 2008-05-28 02:03:38 131,174 ----a-w c:\windows\system32\javaws.exe

+ 2008-07-29 18:21:42 218,376 ----a-w c:\windows\system32\klogon.dll

- 2008-11-16 16:55:01 68,608 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-17 20:35:50 68,608 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-16 16:55:01 60,224 ----a-w c:\windows\system32\perfc015.dat

+ 2008-11-17 20:35:50 60,224 ----a-w c:\windows\system32\perfc015.dat

- 2008-11-16 16:55:01 436,090 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-17 20:35:50 436,090 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-16 16:55:01 423,478 ----a-w c:\windows\system32\perfh015.dat

+ 2008-11-17 20:35:50 423,478 ----a-w c:\windows\system32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2007-12-21 32768]

 

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2007-12-22 290112]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-21 15360]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_16\bin\jusched.exe" [2008-05-28 75256]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-03-17 21:48 3057152 c:\program files\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-07-05 09:08 16380416 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 09:45 1826816 c:\windows\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ZZZsvc_lich"=2 (0x2)

"FTRTSVC"=2 (0x2)

"PnkBstrA"=2 (0x2)

"CcEvtSvc"=2 (0x2)

"BlueSoleil Hid Service"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Opera\\Opera.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"g:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

"f:\\Program Files\\World of Warcraft\\Repair.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 ddsxeiservice;ddsxeiservice2;\??\e:\program files\CS\SXE\sXe Injected\ddsxei.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5052a39d-afdc-11dc-a003-001d7d3c480e}]

\Shell\AutoRun\command - J:\USBNB.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-17 21:43:40

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\NEOSTR~1\TaskBarIcon.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2008-11-17 21:45:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-17 20:45:28

ComboFix2.txt 2008-11-16 19:07:21

 

Pre-Run: 52 379 074 560 bytes free

Post-Run: 52,445,413,376 bytes free

 

206

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie
×
Tematy
×
×
  • Dodaj nową pozycję...