Rootkit Bagle

Program instalacyjny do szukania i usuwania Rootkit Bagle

Windows XP\Vista

FindyKill

Raport z opcji 1

Cytuj

----------------- FindyKill V4.707 ------------------

* User: MxF - M_F
* Executed from : C:\Program Files\FindyKill
* Update on 06/12/08 by Chiquitine29
* Start at 15:56:17 the 2008-12-07
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Searching *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MxF\Moje dokumenty\HoverSnap_v08\HoverSnap.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Infected files / folders ] ----------------

»»»» Presence Files in C:

»»»» Presence Files in C:\WINDOWS

»»»» Presence Files in C:\WINDOWS\Prefetch

»»»» Presence Files in C:\WINDOWS\system32

Found ! [2007-06-06 00:07] - C:\WINDOWS\system32\AutoRun.inf

»»»» Presence Files in C:\WINDOWS\system32\drivers

»»»» Presence Files in C:\Documents and Settings\MxF\Dane aplikacji

»»»» Presence Files in C:\DOCUME~1\MxF\USTAWI~1\Temp

»»»» Presence Files in C:\Documents and Settings\MxF\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
   egui="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
   OutpostMonitor=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
   OutpostFeedBack="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled=
   AGRSMMSG=AGRSMMSG.exe
   hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
   QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

--------------- [ Registry / Infected keys ] ----------------

--------------- [ States / Services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 3

Ip6Fw - Type of startup = 3

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Searching in removable drives ] ----------------

+- Informations :

C: - dysk stay

D: - dysk stay

+- Contents of autorun : D:\autorun.inf

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

+- Presence of files :

Found ! [2004-04-30 13:01][---hs----] - D:\autorun.inf
Found ! [2004-11-30 11:01][---hs----] - D:\info.exe

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

------------------- ! End of report ! --------------------