wklejto.pl

Dodane przez: ~DariusN (2008-12-31 11:30) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
ComboFix 08-12-30.02 - Urząd Miejski 2008-12-31 11:36:33.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.503.158 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Urząd Miejski\\Pulpit\\ComboFix.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Autorun.inf
c:\\windows\\expiorer.exe
c:\\windows\\system32\\kavo0.dll
c:\\windows\\system32\\kavo1.dll
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-31  )))))))))))))))))))))))))))))))
.
 
2008-12-31 10:58 . 2008-12-31 10:58     <DIR>   d--------       c:\\program files\\Trend Micro
2008-12-31 10:46 . 2008-12-31 10:40     85,504  ---------       c:\\windows\\system32\\trz10.tmp
2008-12-30 14:32 . 2008-12-30 14:32     85,504  -r-hs----       c:\\windows\\system32\\vbsdfe1.dll
2008-12-30 14:31 . 2008-12-31 10:49     122,535 -r-hs----       c:\\windows\\system32\\vamsoft.exe
2008-12-30 10:25 . 2008-12-30 08:01     125,628 -r-hs----       C:\\1sertc.exe
2008-12-30 08:33 . 2008-12-30 08:33     <DIR>   d--------       c:\\program files\\Lavasoft
2008-12-30 08:33 . 2008-12-30 08:37     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\Lavasoft
2008-12-30 08:32 . 2008-12-30 08:32     <DIR>   d--------       c:\\program files\\Common Files\\Wise Installation Wizard
2008-12-22 14:13 . 2008-12-17 15:30     68,859  ---------       c:\\windows\\hpoins05.dat.temp
2008-12-22 14:13 . 2004-12-15 16:05     19,696  ---------       c:\\windows\\hpomdl05.dat.temp
2008-12-17 15:30 . 2008-12-22 14:26     68,877  --a------       c:\\windows\\hpoins05.dat
2008-12-17 15:30 . 2004-12-15 16:05     19,696  ---------       c:\\windows\\hpomdl05.dat
2008-12-17 15:29 . 2008-12-17 15:30     <DIR>   d--------       c:\\temp\\HP_WebRelease
2008-12-15 14:04 . 2008-12-15 14:04     221     --a------       c:\\windows\\NCLogConfig.ini
2008-11-13 08:27 . 2008-10-24 12:21     455,296 ---------       c:\\windows\\system32\\dllcache\\mrxsmb.sys
2008-11-13 08:26 . 2008-09-04 18:17     1,106,944       ---------       c:\\windows\\system32\\dllcache\\msxml3.dll
2008-11-04 14:24 . 2008-11-04 14:24     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\Yahoo! Companion
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 09:40        ---------       d-----w c:\\program files\\OpenOffice.org1.1.0
2008-12-30 07:30        ---------       d-----w c:\\documents and settings\\UrzĄd Miejski\\Dane aplikacji\\Lavasoft
2008-12-17 14:19        ---------       d-----w c:\\program files\\Hewlett-Packard
2008-12-17 08:18        ---------       d-----w c:\\documents and settings\\UrzĄd Miejski\\Dane aplikacji\\AdobeUM
2008-12-15 14:43        ---------       d-----w c:\\documents and settings\\UrzĄd Miejski\\Dane aplikacji\\Image Zone Express
2008-12-15 13:04        ---------       d-----w c:\\documents and settings\\UrzĄd Miejski\\Dane aplikacji\\HP
2008-12-13 06:39        3,593,216       ----a-w c:\\windows\\system32\\dllcache\\mshtml.dll
2008-11-12 13:47        ---------       d-----w c:\\program files\\FrikoPlayer
2008-11-03 12:52        ---------       d-----w c:\\program files\\CCleaner
2008-11-03 12:51        ---------       d-----w c:\\program files\\Yahoo!
2008-10-23 12:42        286,720 ----a-w c:\\windows\\system32\\gdi32.dll
2008-10-23 12:42        286,720 ------w c:\\windows\\system32\\dllcache\\gdi32.dll
2008-10-16 13:15        70,656  ------w c:\\windows\\system32\\dllcache\\ie4uinit.exe
2008-10-16 13:13        202,776 ----a-w c:\\windows\\system32\\wuweb.dll
2008-10-16 13:13        202,776 ----a-w c:\\windows\\system32\\dllcache\\wuweb.dll
2008-10-16 13:13        1,809,944       ----a-w c:\\windows\\system32\\wuaueng.dll
2008-10-16 13:13        1,809,944       ----a-w c:\\windows\\system32\\dllcache\\wuaueng.dll
2008-10-16 13:12        561,688 ----a-w c:\\windows\\system32\\wuapi.dll
2008-10-16 13:12        561,688 ----a-w c:\\windows\\system32\\dllcache\\wuapi.dll
2008-10-16 13:12        323,608 ----a-w c:\\windows\\system32\\wucltui.dll
2008-10-16 13:12        323,608 ----a-w c:\\windows\\system32\\dllcache\\wucltui.dll
2008-10-16 13:11        13,824  ------w c:\\windows\\system32\\dllcache\\ieudinit.exe
2008-10-16 13:09        92,696  ----a-w c:\\windows\\system32\\dllcache\\cdm.dll
2008-10-16 13:09        92,696  ----a-w c:\\windows\\system32\\cdm.dll
2008-10-16 13:09        51,224  ----a-w c:\\windows\\system32\\wuauclt.exe
2008-10-16 13:09        51,224  ----a-w c:\\windows\\system32\\dllcache\\wuauclt.exe
2008-10-16 13:09        43,544  ----a-w c:\\windows\\system32\\wups2.dll
2008-10-16 13:08        34,328  ----a-w c:\\windows\\system32\\wups.dll
2008-10-16 13:08        34,328  ----a-w c:\\windows\\system32\\dllcache\\wups.dll
2008-10-15 16:36        337,408 ------w c:\\windows\\system32\\dllcache\\netapi32.dll
2008-10-15 07:06        633,632 ------w c:\\windows\\system32\\dllcache\\iexplore.exe
2008-10-15 07:04        161,792 ------w c:\\windows\\system32\\dllcache\\ieakui.dll
2008-10-03 10:04        247,326 ----a-w c:\\windows\\system32\\strmdll.dll
2008-10-03 10:04        247,326 ------w c:\\windows\\system32\\dllcache\\strmdll.dll
2008-09-30 15:43        1,286,152       ----a-w c:\\windows\\system32\\msxml4.dll
2008-09-15 15:27        1,846,656       ----a-w c:\\windows\\system32\\win32k.sys
2008-09-15 15:27        1,846,656       ------w c:\\windows\\system32\\dllcache\\win32k.sys
2008-09-10 01:15        1,307,648       ------w c:\\windows\\system32\\msxml6.dll
2008-09-10 01:15        1,307,648       ------w c:\\windows\\system32\\dllcache\\msxml6.dll
2008-09-08 10:41        333,824 ------w c:\\windows\\system32\\dllcache\\srv.sys
2008-09-04 17:17        1,106,944       ----a-w c:\\windows\\system32\\msxml3.dll
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
 
[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks]
\"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\"= \"c:\\program files\\Winamp Toolbar\\winamptb.dll\" [2008-03-19 1267040]
 
[HKEY_CLASSES_ROOT\\clsid\\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\\TypeLib\\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLTBSearch]
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360]
\"MSMSGS\"=\"c:\\program files\\Messenger\\msmsgs.exe\" [2008-04-14 1695232]
\"vamsoft\"=\"c:\\windows\\system32\\vamsoft.exe\" [2008-12-31 122535]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"IgfxTray\"=\"c:\\windows\\system32\\igfxtray.exe\" [2005-04-25 94208]
\"HotKeysCmds\"=\"c:\\windows\\system32\\hkcmd.exe\" [2005-04-25 77824]
\"Persistence\"=\"c:\\windows\\system32\\igfxpers.exe\" [2005-04-25 114688]
\"SoundMAXPnP\"=\"c:\\program files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\" [2004-10-14 1388544]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.6.0_07\\bin\\jusched.exe\" [2008-06-10 144784]
\"PTHOSTTR\"=\"c:\\program files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE\" [2005-04-08 73728]
\"UpdateManager\"=\"c:\\program files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" [2003-08-19 110592]
\"dla\"=\"c:\\windows\\system32\\dla\\tfswctrl.exe\" [2005-04-27 122941]
\"SynTPEnh\"=\"c:\\program files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2005-06-20 729178]
\"hpWirelessAssistant\"=\"c:\\program files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe\" [2005-05-04 794624]
\"eabconfg.cpl\"=\"c:\\program files\\HPQ\\Quick Launch Buttons\\EabServr.exe\" [2004-12-03 290816]
\"Cpqset\"=\"c:\\program files\\HPQ\\Default Settings\\cpqset.exe\" [2004-09-07 213054]
\"WatchDog\"=\"c:\\program files\\InterVideo\\DVD Check\\DVDCheck.exe\" [2005-03-09 184320]
\"HP Software Update\"=\"c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2005-05-11 49152]
\"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-11-26 81000]
\"Spik\"=\"c:\\program files\\Spik\\Spik.exe\" [2007-01-15 71464]
\"WinampAgent\"=\"c:\\program files\\Winamp\\winampa.exe\" [2008-04-01 36352]
\"AGRSMMSG\"=\"AGRSMMSG.exe\" [2004-08-24 c:\\windows\\AGRSMMSG.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
c:\\documents and settings\\UrzĄd Miejski\\Menu Start\\Programy\\Autostart\\
OpenOffice.org 1.1.0.lnk - c:\\program files\\OpenOffice.org1.1.0\\program\\quickstart.exe [2003-10-09 61515]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
DSLMON.lnk - c:\\program files\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe [2007-10-21 1205840]
DVD Check.lnk - c:\\program files\\InterVideo\\DVD Check\\DVDCheck.exe [2006-05-30 184320]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.ffds\"= ffdshow.ax
\"msacm.sl_anet\"= c:\\progra~1\\ACEMEG~1\\SystemS\\sl_anet.acm
\"vidc.yv12\"= c:\\progra~1\\ACEMEG~1\\SystemS\\ATI\\atiyuv12.DLL
\"vidc.divx\"= c:\\progra~1\\ACEMEG~1\\SystemS\\DivX\\DivX520.dll
\"vidc.iyuv\"= c:\\progra~1\\ACEMEG~1\\SystemS\\Intel\\iyuv_32.dll
\"vidc.yvu9\"= c:\\progra~1\\ACEMEG~1\\SystemS\\Intel\\Iyvu9_32.dll
\"vidc.uyvy\"= c:\\progra~1\\ACEMEG~1\\SystemS\\MICROS~1\\msyuv.dll
\"vidc.yuy2\"= c:\\progra~1\\ACEMEG~1\\SystemS\\MICROS~1\\msyuv.dll
\"vidc.yvyu\"= c:\\progra~1\\ACEMEG~1\\SystemS\\MICROS~1\\msyuv.dll
\"msacm.msaudio1\"= c:\\progra~1\\ACEMEG~1\\SystemS\\MICROS~1\\msaud32.acm
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\svchost.exe\"=
\"c:\\\\Program Files\\\\Spik\\\\Spik.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
 
R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2008-07-16 111184]
R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\DRIVERS\\aswFsBlk.sys [2008-07-16 20560]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\\windows\\system32\\Drivers\\e4ldr.sys [2007-10-21 69656]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\\windows\\system32\\DRIVERS\\e4usbaw.sys [2007-10-21 104344]
S3 GTIPCI21;GTIPCI21;c:\\windows\\system32\\DRIVERS\\gtipci21.sys [2004-05-03 80384]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0c2286e3-d6be-11db-8c07-001560b15b05}]
\\Shell\\AutoRun\\command - E:\\LaunchU3.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{10367a56-0d11-11dd-8d60-001560b15b05}]
\\Shell\\AutoRun\\command - 3wcxx91.cmd
\\Shell\\explore\\Command - 3wcxx91.cmd
\\Shell\\open\\Command - 3wcxx91.cmd
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{10efd7ab-6446-11dd-8dc0-001560b15b05}]
\\Shell\\AutoRun\\command - E:\\1sertc.exe
\\Shell\\explore\\Command - E:\\1sertc.exe
\\Shell\\open\\Command - E:\\1sertc.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{19d5f108-3f76-11dd-8d95-001560b15b05}]
\\Shell\\AutoRun\\command - EXPLORER.EXE
\\Shell\\explore\\Command - EXPLORER.EXE
\\Shell\\open\\Command - EXPLORER.EXE
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{45d63160-ddfa-11dc-8d27-001560b15b05}]
\\Shell\\AutoRun\\command - EXPLORER.EXE
\\Shell\\explore\\Command - EXPLORER.EXE
\\Shell\\open\\Command - EXPLORER.EXE
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{75c1acb7-384b-11dd-8d8d-001560b15b05}]
\\Shell\\AutoRun\\command - c:\\windows\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{a2458bda-cc0b-11dd-8e34-001560b15b05}]
\\Shell\\AutoRun\\command - E:\\1sertc.exe
\\Shell\\explore\\Command - E:\\1sertc.exe
\\Shell\\open\\Command - E:\\1sertc.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{a8d23a67-57b4-11dd-8db3-001560b15b05}]
\\Shell\\AutoRun\\command - c:\\windows\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b9b119e8-3dca-11dd-8d92-001560b15b05}]
\\Shell\\AutoRun\\command - c:\\windows\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
 
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
HKLM-Run-HPLJ Config - c:\\program files\\Hewlett-Packard\\hp LaserJet 1150_1300\\SetConfig.exe
 
 
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.rejestracja.neostrada.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Search - c:\\documents and settings\\All Users\\Dane aplikacji\\Winamp Toolbar\\ieToolbar\\resources\\en-US\\local\\search.html
IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\\program files\\Spik\\url_wpmsg.dll
 
c:\\windows\\Downloaded Program Files\\OggX.ocx - O16 -: {1E53EA77-34F2-474E-9046-B2B0C86F1821}
hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\\documents and settings\\Urząd Miejski\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\7k4nac5o.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://wp.pl
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\\documents and settings\\Urząd Miejski\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\7k4nac5o.default\\extensions\\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\\components\\WinampPlayer.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npwpk.dll
FF - plugin: c:\\program files\\Spik\\mozilla\\npwpk.dll
FF - plugin: c:\\program files\\Yahoo!\\Common\\npyaxmpb.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 11:37:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ... 
 
skanowanie ukrytych wpisów autostartu ...
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
  Cpqset = c:\\program files\\HPQ\\Default Settings\\cpqset.exe????????8?9?3?4??????? ???B???????????????B? ?????? 
 
skanowanie ukrytych plików ... 
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
Czas ukończenia: 2008-12-31 11:38:59
ComboFix-quarantined-files.txt  2008-12-31 10:38:30
 
Przed: 34,660,036,608 bajtów wolnych
Po: 34,655,821,824 bajtów wolnych
 
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Home Edition\" /noexecute=optin /fastdetect
 
216     --- E O F ---   2008-12-30 11:00:58
 
Wygenerowano w 0.101s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!