wklejto.pl

Dodane przez: ~Anonim (2009-02-03 22:09) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
ComboFix 09-02-02.04 - Administrator 2009-02-03 22:20:23.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1983.1349 [GMT 1:00]
Uruchomiony z: c:\programy\Po Zainstalowaniu Windowsa\LOGI\ComboFix.exe
 * Utworzono nowy punkt przywracania
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
 
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
d:\documents and settings\All Users\Dane aplikacji\Microsoft\bits.dll
d:\documents and settings\All Users\Dane aplikacji\Microsoft\ipdll.dll
d:\windows\system32\tmp.reg
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-03 do 2009-02-03  )))))))))))))))))))))))))))))))
.
 
2009-01-26 22:07 . 2009-01-26 22:07     <DIR>   d--------       d:\program files\DivX
2009-01-26 00:44 . 2009-01-26 00:44     <DIR>   d--------       d:\documents and settings\Administrator\Dane aplikacji\Crayon Physics Deluxe
2009-01-23 00:52 . 2001-02-25 02:19     287,744 --a------       d:\windows\system32\divxa32.acm
2009-01-23 00:52 . 2006-10-18 19:05     232,448 --a------       d:\windows\system32\mp3fhg.acm
2009-01-04 18:25 . 2009-01-04 18:25     <DIR>   d--------       d:\documents and settings\Administrator\Dane aplikacji\Juce VST Host
2009-01-03 23:40 . 2009-01-03 23:40     <DIR>   d--------       d:\program files\ASIO4ALL v2
2009-01-03 23:39 . 2009-01-03 23:39     <DIR>   d--------       d:\program files\Outsim
2009-01-03 23:39 . 2009-01-03 23:40     <DIR>   d--------       d:\program files\Image-Line
2009-01-03 23:39 . 2002-07-07 23:14     1,294,336       --a------       d:\windows\system32\vorbis.acm
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 22:58        ---------       d-----w d:\documents and settings\Administrator\Dane aplikacji\Tlen.pl
2009-02-01 12:37        ---------       d-----w d:\program files\AIMP2
2009-01-31 11:57        ---------       d-----w d:\program files\ALLPlayer
2009-01-31 11:12        ---------       d-----w d:\documents and settings\All Users\Dane aplikacji\Soulseek
2009-01-26 20:01        360,576 ----a-w d:\windows\system32\drivers\tcpip.sys
2009-01-22 23:52        ---------       d-----w d:\program files\K-Lite Codec Pack
2009-01-16 22:09        ---------       d-----w d:\program files\Tlen.pl
2009-01-03 21:28        ---------       d-----w d:\program files\u-he
2009-01-03 21:28        ---------       d-----w d:\program files\Easy CD-DA Extractor 11
2008-12-27 21:24        ---------       d--h--w d:\program files\InstallShield Installation Information
2008-12-27 21:19        ---------       d-----w d:\program files\Giant
2008-12-23 22:41        ---------       d-----w d:\program files\NAPI-PROJEKT
2008-12-23 00:26        ---------       d-----w d:\program files\Bonjour
2008-12-23 00:16        83,456  ----a-w d:\program files\Common Files\ThfLE25I.exe
2008-12-23 00:10        61,440  ----a-w d:\windows\system32\svch?st.exe
2008-12-22 23:20        98,304  ----a-w d:\windows\system32\CmdLineExt.dll
2008-12-22 23:20        122,880 ----a-w d:\windows\system32\UAService7.exe
2008-12-20 01:57        ---------       d-----w d:\program files\Common Files\Tmp
2008-12-20 01:56        ---------       d-----w d:\program files\Celemony
2008-12-20 00:19        ---------       d-----w d:\program files\Common Files\Adobe
2008-12-20 00:10        ---------       d-----w d:\program files\Common Files\Macrovision Shared
2008-12-17 10:50        368,640 ----a-w d:\windows\system32\ReWire.dll
2008-12-15 18:56        ---------       d-----w d:\program files\BitSpirit
2008-12-15 14:27        410,984 ----a-w d:\windows\system32\deploytk.dll
2008-12-15 14:27        ---------       d-----w d:\program files\Java
2008-12-14 21:22        ---------       d-----w d:\program files\MoorHunt
2008-12-14 20:10        ---------       d-----w d:\program files\microsoft frontpage
2008-12-13 18:03        ---------       d-----w d:\documents and settings\All Users\Dane aplikacji\Tlen.pl
2008-12-12 00:59        ---------       d-----w d:\documents and settings\All Users\Dane aplikacji\FLEXnet
2008-12-11 00:33        86,016  ----a-w d:\windows\system32\dpl100.dll
2008-12-11 00:33        200,704 ----a-w d:\windows\system32\dtu100.dll
2008-12-09 02:28        593,920 ----a-w d:\windows\system32\dpuGUI11.dll
2008-12-09 02:28        57,344  ----a-w d:\windows\system32\dpv11.dll
2008-12-09 02:28        344,064 ----a-w d:\windows\system32\dpus11.dll
2008-12-09 02:28        294,912 ----a-w d:\windows\system32\dpu11.dll
2008-11-13 22:41        5,068,152       ----a-w d:\windows\system32\SpoonUninstall.exe
2008-11-13 22:22        2,368   ----a-w d:\windows\system32\SVKP.sys
2008-11-13 00:24        73,216  ----a-w d:\windows\ST6UNST.EXE
2008-11-13 00:24        245,760 ------w d:\windows\Setup1.exe
2008-11-06 16:37        524,288 ----a-w d:\windows\system32\DivXsm.exe
2008-11-06 16:37        3,596,288       ----a-w d:\windows\system32\qt-dx331.dll
2008-11-06 16:35        200,704 ----a-w d:\windows\system32\ssldivx.dll
2008-11-06 16:35        1,044,480       ----a-w d:\windows\system32\libdivx.dll
2008-11-06 16:33        823,296 ----a-w d:\windows\system32\divx_xx0c.dll
2008-11-06 16:33        823,296 ----a-w d:\windows\system32\divx_xx07.dll
2008-11-06 16:33        815,104 ----a-w d:\windows\system32\divx_xx0a.dll
2008-11-06 16:33        802,816 ----a-w d:\windows\system32\divx_xx11.dll
2008-11-06 16:33        684,032 ----a-w d:\windows\system32\DivX.dll
2008-11-06 16:33        12,288  ----a-w d:\windows\system32\DivXWMPExtType.dll
2008-03-03 10:27        28,672  ----a-w d:\program files\mozilla firefox\components\FlashgetXpi.dll
2008-08-11 14:43        23      --sha-w d:\windows\system32\bcfe3_z.dll
2008-08-07 00:26        16,384  --sha-w d:\windows\system32\config\systemprofile\Cookies\index.dat
2008-08-07 00:26        16,384  --sha-w d:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-08-07 00:26        32,768  --sha-w d:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
 
------- Sigcheck -------
 
2007-07-10 14:06  642560  ce594e18fe0d0af804f1f3694921ce62      d:\windows\system32\user32.dll
 
2007-07-13 23:56  814592  ce7193c5f7c01b19768e066087c1c919      d:\windows\system32\wininet.dll
 
2009-01-26 21:01  360576  0fb6743e937c7bb248b2530a5a77abc6      d:\windows\system32\drivers\tcpip.sys
 
2007-07-26 18:30  2145792  316acc3ac43fc855204ce5e775f66b91     d:\windows\system32\ntoskrnl.exe
 
2007-07-13 23:42  974848  32f67215c57df2c401bf93b7ee65987f      d:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
"Free Download Manager"="d:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Komunikator"="d:\program files\Tlen.pl\tlen.exe" [2009-01-08 5853672]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="d:\program files\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]
"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"Resume copy"="copyfstq.exe" [2002-03-24 d:\windows\COPYFSTQ.EXE]
"C-Media Mixer"="Mixer.exe" [2003-03-20 d:\windows\mixer.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-07-27 d:\windows\system32\advpack.dll]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 d:\windows\Alcmtr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-05 09:08 16380416 d:\windows\RTHDCPL.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-06-15 09:45 1826816 d:\windows\SkyTel.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
 
R1 Asapi;Asapi;d:\windows\system32\drivers\asapi.sys [2008-08-08 11264]
R2 SVKP;SVKP;d:\windows\system32\SVKP.sys [2008-11-13 2368]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);d:\windows\system32\drivers\s115bus.sys [2008-09-07 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;d:\windows\system32\drivers\s115mdfl.sys [2008-09-07 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;d:\windows\system32\drivers\s115mdm.sys [2008-09-07 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s115mgmt.sys [2008-09-07 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;d:\windows\system32\drivers\s115obex.sys [2008-09-07 98568]
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cc9c6a2-de78-11dd-ac8f-000e2e6967c0}]
\Shell\AutoRun\command - h:\webarooportable\WebarooPortable.exe
.
Zawarto folderu 'Zaplanowane zadania'
 
2008-09-02 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Skan uzupeniajcy -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz plik wideo we Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz w Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Pobierz z &BitSpirit - d:\program files\BitSpirit\bsurl.htm
IE: Pobierz zaznaczone w Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: ñؾ(&B)
FF - ProfilePath - d:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d04v7pat.default\
FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: d:\program files\Mozilla Firefox\components\FlashgetXpi.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 22:21:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesw ...  
 
skanowanie ukrytych wpisw autostartu ... 
 
skanowanie ukrytych plikw ...  
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > 'winlogon.exe'(580)
d:\windows\system32\cscui.dll
.
Czas ukoczenia: 2009-02-03 22:21:46
ComboFix-quarantined-files.txt  2009-02-03 21:21:44
 
Przed: 5678604288 bajtw wolnych
Po: 5,748,535,296 bajtw wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
 
193
 
Wygenerowano w 0.084s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!