wklejto.pl

Dodane przez: ~Anonim (2008-11-28 23:34) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
ComboFix 08-11-27.03 - Właściciel 2008-11-28  0:20:43.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.612 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Właściciel\\Pulpit\\ComboFix.exe
 * Utworzono nowy punkt przywracania
 
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_VFILT
 
 
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-27 do 2008-11-27  )))))))))))))))))))))))))))))))
.
 
2008-11-27 23:43 . 2008-11-27 23:43     <DIR>   d--------       c:\\program files\\EsetOnlineScanner
2008-11-24 23:21 . 2008-11-24 23:21     <DIR>   d--------       c:\\program files\\Enigma 2003 Final
2008-11-24 23:12 . 2008-11-01 10:35     230,355 --a------       C:\\Language.pl.xml
2008-11-17 22:37 . 2008-11-17 22:37     <DIR>   d--------       c:\\program files\\Common Files\\BinarySense
2008-11-17 22:37 . 2008-11-17 22:37     <DIR>   d--------       c:\\program files\\BinarySense
2008-11-17 22:37 . 2008-11-17 22:37     <DIR>   d--------       c:\\documents and settings\\Właściciel\\Dane aplikacji\\BinarySense
2008-11-17 22:36 . 2008-11-17 22:36     <DIR>   d--------       c:\\program files\\HD Tune
2008-11-12 10:11 . 2008-09-04 18:17     1,106,944       ---------       c:\\windows\\system32\\dllcache\\msxml3.dll
2008-11-12 10:11 . 2008-10-24 12:21     455,296 ---------       c:\\windows\\system32\\dllcache\\mrxsmb.sys
2008-11-11 21:52 . 2008-11-11 21:52     <DIR>   d--hs----       C:\\FOUND.029
2008-11-01 21:54 . 2008-11-01 21:54     1,409   --a------       c:\\windows\\system32\\tmpF208A.FOT
2008-11-01 21:54 . 2008-11-01 21:54     1,409   --a------       c:\\windows\\system32\\tmp2DF7A.FOT
2008-10-29 00:08 . 2008-10-29 00:08     <DIR>   d--------       c:\\program files\\DevalVR
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21        455,296 ----a-w c:\\windows\\system32\\drivers\\mrxsmb.sys
2008-10-19 21:23        ---------       d-----w c:\\program files\\QuickTime
2008-10-19 21:23        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\QuickTime
2008-10-16 13:13        202,776 ----a-w c:\\windows\\system32\\wuweb.dll
2008-10-16 13:13        202,776 ----a-w c:\\windows\\system32\\dllcache\\wuweb.dll
2008-10-16 13:13        1,809,944       ----a-w c:\\windows\\system32\\wuaueng.dll
2008-10-16 13:13        1,809,944       ----a-w c:\\windows\\system32\\dllcache\\wuaueng.dll
2008-10-16 13:12        561,688 ----a-w c:\\windows\\system32\\wuapi.dll
2008-10-16 13:12        561,688 ----a-w c:\\windows\\system32\\dllcache\\wuapi.dll
2008-10-16 13:12        323,608 ----a-w c:\\windows\\system32\\wucltui.dll
2008-10-16 13:12        323,608 ----a-w c:\\windows\\system32\\dllcache\\wucltui.dll
2008-10-16 13:09        92,696  ----a-w c:\\windows\\system32\\dllcache\\cdm.dll
2008-10-16 13:09        92,696  ----a-w c:\\windows\\system32\\cdm.dll
2008-10-16 13:09        51,224  ----a-w c:\\windows\\system32\\wuauclt.exe
2008-10-16 13:09        51,224  ----a-w c:\\windows\\system32\\dllcache\\wuauclt.exe
2008-10-16 13:09        43,544  ----a-w c:\\windows\\system32\\wups2.dll
2008-10-16 13:08        34,328  ----a-w c:\\windows\\system32\\wups.dll
2008-10-16 13:08        34,328  ----a-w c:\\windows\\system32\\dllcache\\wups.dll
2008-10-15 17:36        337,408 ------w c:\\windows\\system32\\dllcache\\netapi32.dll
2008-10-03 18:26        6,066,176       ------w c:\\windows\\system32\\dllcache\\ieframe.dll
2008-09-30 15:43        1,286,152       ----a-w c:\\windows\\system32\\msxml4.dll
2008-09-15 16:27        1,846,656       ----a-w c:\\windows\\system32\\win32k.sys
2008-09-15 16:27        1,846,656       ------w c:\\windows\\system32\\dllcache\\win32k.sys
2008-09-10 01:15        1,307,648       ------w c:\\windows\\system32\\msxml6.dll
2008-09-10 01:15        1,307,648       ------w c:\\windows\\system32\\dllcache\\msxml6.dll
2008-09-08 11:41        333,824 ------w c:\\windows\\system32\\dllcache\\srv.sys
2008-09-04 17:17        1,106,944       ----a-w c:\\windows\\system32\\msxml3.dll
2008-08-27 10:27        3,593,216       ----a-w c:\\windows\\system32\\dllcache\\mshtml.dll
2007-02-13 14:18        21,822,168      ----a-w c:\\program files\\AdbeRdr80_en_US.exe
2007-02-13 14:13        7,050,552       ----a-w c:\\program files\\psa30se_en_us.exe
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2008-09-23 21755688]
\"Gadu-Gadu\"=\"c:\\program files\\Gadu-Gadu\\gg.exe\" [2008-03-20 2127296]
\"eMuleAutoStart\"=\"s:\\emule\\emule.exe\" [2007-08-04 5971968]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"HPDJ Taskbar Utility\"=\"c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe\" [2003-11-11 188416]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.6.0_07\\bin\\jusched.exe\" [2008-06-10 144784]
\"PCSuiteTrayApplication\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2007-06-18 271360]
\"00PCTFW\"=\"c:\\program files\\PC Tools Firewall Plus\\FirewallGUI.exe\" [2007-12-31 2594712]
\"WinampAgent\"=\"c:\\program files\\Winamp\\winampa.exe\" [2007-10-10 36352]
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\" [2008-06-12 34672]
\"QuickTime Task\"=\"c:\\program files\\QuickTime\\qttask.exe\" [2008-10-19 77824]
\"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-11-18 81000]
\"Atomic.exe\"=\"c:\\program files\\Atomic Clock Sync\\Atomic.exe\" [2004-06-17 524288]
\"nForce Tray Options\"=\"sstray.exe\" [2002-11-13 c:\\windows\\system32\\sstray.exe]
\"Kernel and Hardware Abstraction Layer\"=\"KHALMNPR.EXE\" [2007-11-29 c:\\windows\\KHALMNPR.Exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
\"Nokia.PCSync\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-06-19 1241088]
 
c:\\documents and settings\\Wˆa˜ciciel\\Menu Start\\Programy\\Autostart\\
HDDlife.lnk - c:\\program files\\BinarySense\\HDDlife 3\\HDDlifePro.exe [2008-02-15 2278648]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
Microsoft Office.lnk - c:\\program files\\Microsoft Office\\Office10\\OSA.EXE [2001-02-13 83360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\LBTWlgn]
2008-01-09 12:30 72208 c:\\program files\\Common Files\\LogiShrd\\Bluetooth\\LBTWLgn.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.FFDS\"= c:\\progra~1\\COMBIN~1\\Filters\\FFDShow\\ff_vfw.dll
\"msacm.avis\"= ff_acm.acm
\"msacm.ac3filter\"= ac3filter.acm
\"vidc.hfyu\"= huffyuv.dll
\"msacm.divxa32\"= DivXa32.acm
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WdfLoadGroup]
@=\"\"
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"s:\\\\eMule\\\\emule.exe\"=
\"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"c:\\\\Totalcmd\\\\TOTALCMD.EXE\"=
\"c:\\\\Program Files\\\\Mozilla Firefox\\\\FIREFOX.EXE\"=
\"C:0\\\\eMule\\\\emule.exe\"=
\"s:\\\\torro\\\\uTorrent.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\\windows\\system32\\DRIVERS\\si3112r.sys [2007-02-09 84529]
R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2008-11-22 110160]
R1 pctfw2;pctfw2;\\??\\c:\\windows\\system32\\drivers\\pctfw2.sys [2007-11-01 218520]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\\windows\\system32\\drivers\\pctmp.sys [2007-11-01 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\\windows\\system32\\drivers\\pctssipc.sys [2007-11-01 18328]
R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\DRIVERS\\aswFsBlk.sys [2008-11-22 20560]
R2 HDDlife HDD Access service;HDDlife HDD Access service;\"c:\\program files\\Common Files\\BinarySense\\hldasvc.exe\" [2008-02-15 832760]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\L]
\\Shell\\AutoRun\\command - ie.exe
\\Shell\\explore\\Command - ie.exe
\\Shell\\open\\Command - ie.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{223fed86-308f-11dc-8c16-002654132005}]
\\Shell\\AutoRun\\command - E:\\autoverify.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{4c5e2c39-1be8-11dc-8bf0-002654132005}]
\\Shell\\AutoRun\\command - ie.exe
\\Shell\\explore\\Command - ie.exe
\\Shell\\open\\Command - ie.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\\documents and settings\\Właściciel\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\3uqnzp3u.default\\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gazeta.pl/0,0.html
FF -: plugin - c:\\documents and settings\\Właściciel\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\3uqnzp3u.default\\extensions\\npdevalvr@devalvr.com\\plugins\\npdevalvr.dll
FF -: plugin - c:\\program files\\Mozilla Firefox\\plugins\\npbittorrent.dll
FF -: plugin - c:\\program files\\Mozilla Firefox\\plugins\\npdjvu.dll
FF -: plugin - c:\\windows\\system32\\C2MP\\npdivx32.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 00:33:06
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
 
skanowanie ukrytych procesów ... 
 
skanowanie ukrytych wpisów autostartu ...
 
skanowanie ukrytych plików ... 
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(1148)
c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll
c:\\program files\\common files\\logishrd\\bluetooth\\LBTServ.dll
c:\\program files\\PC Tools Firewall Plus\\FwHook.dll
 
- - - - - - - > \'lsass.exe\'(1204)
c:\\program files\\PC Tools Firewall Plus\\FwHook.dll
 
- - - - - - - > \'csrss.exe\'(1124)
c:\\program files\\PC Tools Firewall Plus\\FwHook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\\program files\\PC TOOLS FIREWALL PLUS\\FWSERVICE.EXE
c:\\program files\\LAVASOFT\\AD-AWARE\\AAWSERVICE.EXE
c:\\program files\\ALWIL SOFTWARE\\AVAST4\\ASWUPDSV.EXE
c:\\program files\\ALWIL SOFTWARE\\AVAST4\\ASHSERV.EXE
c:\\program files\\ALWIL SOFTWARE\\AVAST4\\SETUP\\AVAST.SETUP
c:\\program files\\ALWIL SOFTWARE\\AVAST4\\ASHDISP.EXE
c:\\program files\\A-SQUARED FREE\\A2SERVICE.EXE
c:\\program files\\GRISOFT\\AVG ANTI-SPYWARE 7.5\\GUARD.EXE
c:\\program files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe
c:\\windows\\system32\\UTSCSI.EXE
c:\\program files\\Alwil Software\\Avast4\\ashMaiSv.exe
c:\\program files\\Alwil Software\\Avast4\\ashWebSv.exe
c:\\windows\\system32\\imapi.exe
c:\\program files\\Alwil Software\\Avast4\\ashMaiSv.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-28  0:38:12 - komputer został uruchomiony ponownie [Właściciel]
ComboFix3.txt  2007-11-28 01:02:40
ComboFix-quarantined-files.txt  2008-11-27 23:38:06
ComboFix2.txt  2008-03-08 22:07:30
 
Przed: 1 270 743 040 bajtów wolnych
Po: 1,301,725,184 bajtów wolnych
 
184     --- E O F ---   2008-11-13 22:04:32
 
Wygenerowano w 0.078s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!