wklejto.pl

Dodane przez: ~combo (2009-02-08 18:26) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
ComboFix 09-02-07.01 - x 2009-02-08 18:34:38.10 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.1113 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\x\\Pulpit\\ComboFix.exe
Użyto następujących komend :: c:\\documents and settings\\x\\Pulpit\\CFScript.txt
 * Utworzono nowy punkt przywracania
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
 
FILE ::
c:\\documents and settings\\x\\clf32.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\documents and settings\\x\\clf32.exe
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-08 do 2009-02-08  )))))))))))))))))))))))))))))))
.
 
2009-02-08 17:38 . 2009-02-08 17:38     <DIR>   d--------       c:\\program files\\Malwarebytes\' Anti-Malware
2009-02-08 17:38 . 2009-02-08 17:38     <DIR>   d--------       c:\\documents and settings\\x\\Dane aplikacji\\Malwarebytes
2009-02-08 17:38 . 2009-02-08 17:38     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\Malwarebytes
2009-02-08 17:38 . 2009-01-04 18:38     38,496  --a------       c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-02-08 17:38 . 2009-01-04 18:38     15,504  --a------       c:\\windows\\system32\\drivers\\mbam.sys
2009-02-02 18:54 . 2009-02-02 18:54     5,120   --ahs----       c:\\windows\\system32\\Thumbs.db
2009-01-31 16:42 . 2009-02-05 15:36     101,287 --a------       c:\\windows\\system32\\drivers\\klin.dat
2009-01-31 16:42 . 2009-02-05 15:36     89,601  --a------       c:\\windows\\system32\\drivers\\klick.dat
2009-01-31 16:41 . 2009-01-31 16:41     <DIR>   d--------       c:\\program files\\Kaspersky Lab
2009-01-31 16:41 . 2009-02-08 18:15     2,089,504       --ahs----       c:\\windows\\system32\\drivers\\fidbox.dat
2009-01-31 16:41 . 2009-02-08 18:16     327,712 --ahs----       c:\\windows\\system32\\drivers\\fidbox2.dat
2009-01-31 16:41 . 2009-02-08 18:15     19,500  --ahs----       c:\\windows\\system32\\drivers\\fidbox.idx
2009-01-31 16:41 . 2009-02-08 18:16     3,248   --ahs----       c:\\windows\\system32\\drivers\\fidbox2.idx
2009-01-31 16:37 . 2009-01-31 16:37     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files
2009-01-31 13:04 . 2009-01-31 13:04     <DIR>   d--------       c:\\program files\\Frets on Fire
2009-01-31 13:04 . 2009-01-31 13:07     <DIR>   d--------       c:\\program files\\Alarian
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 17:32        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\DMCache
2009-02-08 17:27        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2009-02-05 18:36        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\Skype
2009-02-05 18:10        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\skypePM
2009-01-31 14:52        ---------       d-----w c:\\program files\\CCleaner
2009-01-17 14:57        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\IDM
2009-01-15 10:36        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\EPSON
2009-01-08 18:43        ---------       d-----w c:\\program files\\MSECache
2009-01-07 19:16        ---------       d-----w c:\\program files\\Internet Download Manager
2009-01-06 19:54        ---------       d--h--w c:\\program files\\InstallShield Installation Information
2009-01-06 19:53        ---------       d-----w c:\\program files\\Quake III Arena
2009-01-02 19:18        ---------       d-----w c:\\program files\\Common Files\\snpstd3
2009-01-02 17:45        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\Moyea
2008-12-30 17:16        ---------       d-----w c:\\program files\\FlashGet
2008-12-30 17:03        ---------       d-----w c:\\program files\\Orbitdownloader
2008-12-30 17:03        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\Orbit
2008-12-22 18:27        ---------       d-----w c:\\program files\\Common Files\\Skype
2008-12-19 19:49        183,112 ----a-w c:\\windows\\system32\\PnkBstrB.exe
2008-12-19 19:49        138,184 ----a-w c:\\windows\\system32\\drivers\\PnkBstrK.sys
2008-12-19 19:37        66,872  ----a-w c:\\windows\\system32\\PnkBstrA.exe
2008-12-19 19:31        ---------       d-----w c:\\documents and settings\\x\\Dane aplikacji\\Leadertech
2008-12-09 16:58        ---------       d-----w c:\\program files\\directx
2008-12-08 07:54        ---------       d-----w c:\\program files\\Acala 3GP Movies Free
2008-12-08 07:37        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\aHisoft
2008-11-11 19:00        218,376 ----a-w c:\\windows\\system32\\klogon.dll
2004-03-11 12:27        40,960  ----a-w c:\\program files\\Uninstall_CDS.exe
2002-07-01 14:13        243     --sha-w c:\\documents and settings\\All Users\\Dane aplikacji\\system16driver.dat
.
 
------- Sigcheck -------
 
2004-08-03 22:14  359040  9f4b36614a0fc234525ba224957de55c      c:\\windows\\system32\\dllcache\\tcpip.sys
2004-08-03 22:14  359040  6a603809f598332dbedd535bdbce313e      c:\\windows\\system32\\drivers\\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2004-08-03 15360]
\"IDMan\"=\"c:\\program files\\Internet Download Manager\\IDMan.exe\" [2008-09-13 931248]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.5.0_03\\bin\\jusched.exe\" [2005-04-13 36975]
\"ATIPTA\"=\"c:\\program files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\" [2004-11-30 344064]
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\" [2008-06-12 34672]
\"StartCCC\"=\"c:\\program files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" [2008-01-21 61440]
\"WinampAgent\"=\"c:\\program files\\Winamp\\winampa.exe\" [2008-08-04 36352]
\"FixCamera\"=\"c:\\windows\\FixCamera.exe\" [2007-07-11 20480]
\"snpstd3\"=\"c:\\windows\\vsnpstd3.exe\" [2007-05-10 835584]
\"tsnpstd3\"=\"c:\\windows\\tsnpstd3.exe\" [2007-04-21 270336]
\"AVP\"=\"c:\\program files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe\" [2008-11-11 206088]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2004-08-03 15360]
 
c:\\documents and settings\\x\\Menu Start\\Programy\\Autostart\\
dslmon.exe [2007-02-13 1205840]
Skr˘t do daemon.lnk - c:\\program files\\DAEMON Tools\\daemon.exe [2008-06-23 171464]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
DSLMON.lnk - c:\\program files\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe [2008-07-30 1205840]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"NoStartMenuSubFolders\"= 1 (0x1)
\"NoFavoritesMenu\"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ATIPTA]
--a------ 2004-11-30 20:10 344064 c:\\program files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 c:\\windows\\system32\\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 c:\\program files\\DAEMON Tools\\daemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Google IME Autoupdater]
--a------ 2008-01-07 11:15 251376 c:\\program files\\Google\\Google Pinyin\\GooglePinyinDaemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\\windows\\system32\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RemoteControl]
--------- 2003-12-08 17:35 32768 c:\\program files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\USB Storage Toolbox]
--a------ 2005-09-14 20:44 65536 c:\\program files\\USB Disk Win98 Driver\\Res.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMan]
--a------ 2004-06-18 09:31 67584 c:\\windows\\SOUNDMAN.EXE
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"d:\\\\Gry\\\\PES 2009\\\\pes2009.exe\"=
\"d:\\\\Gry\\\\ds II\\\\DungeonSiege2.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"c:\\\\Documents and Settings\\\\x\\\\Pulpit\\\\ComboFix.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"54321:TCP\"= 54321:TCP:BitComet 54321 TCP
\"54321:UDP\"= 54321:UDP:BitComet 54321 UDP
 
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\\windows\\system32\\drivers\\klbg.sys [2008-01-29 32784]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\\windows\\system32\\drivers\\sfsync03.sys [2005-10-13 35328]
R2 LicCtrlService;LicCtrl Service;c:\\windows\\Runservice.exe [2007-04-26 2560]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\\windows\\system32\\drivers\\e4usbaw.sys [2008-07-30 104344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\\windows\\system32\\drivers\\klim5.sys [2008-04-30 24592]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\\windows\\system32\\drivers\\RMSPPPOE.SYS [2007-03-02 33792]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\\windows\\system32\\drivers\\e4ldr.sys [2008-07-30 69656]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\\windows\\system32\\drivers\\ASPI32.SYS [2008-05-23 16512]
S3 KS-959;MA-620 USB Infrared Adapter;c:\\windows\\system32\\drivers\\KS-959.sys [2007-05-12 19034]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\\windows\\system32\\drivers\\SE2Fbus.sys [2008-01-26 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\\windows\\system32\\drivers\\SE2Fmdfl.sys [2008-01-26 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\\windows\\system32\\drivers\\SE2Fmdm.sys [2008-01-26 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\\windows\\system32\\drivers\\SE2Fmgmt.sys [2008-01-26 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\\windows\\system32\\drivers\\se2Fnd5.sys [2008-01-26 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\\windows\\system32\\drivers\\SE2Fobex.sys [2008-01-26 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\\windows\\system32\\drivers\\se2Funic.sys [2008-01-26 90800]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\\windows\\system32\\drivers\\w200bus.sys [2008-03-31 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\\windows\\system32\\drivers\\w200mdfl.sys [2008-03-31 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\\windows\\system32\\drivers\\w200mdm.sys [2008-03-31 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\\windows\\system32\\drivers\\w200mgmt.sys [2008-03-31 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\\windows\\system32\\drivers\\w200obex.sys [2008-03-31 86368]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links using BitComet - c:\\program files\\BitComet\\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\\program files\\BitComet\\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\\program files\\BitComet\\BitComet.exe/AddLink.htm
IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - c:\\program files\\BitSpirit\\bsurl.htm
IE: Ściągnij przez IDM - c:\\program files\\Internet Download Manager\\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\\program files\\Internet Download Manager\\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\\program files\\Internet Download Manager\\IEGetVL.htm
LSP: c:\\windows\\system32\\imon.dll
TCP: {D18ECC14-7500-4A56-AC80-FFF958505584} = 83.238.255.76 213.241.79.37
FF - ProfilePath - c:\\documents and settings\\x\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\[u]0[/u]tos844q.default\\
FF - prefs.js: browser.startup.homepage - www.interia.pl
FF - prefs.js: network.proxy.type - 4
FF - component: c:\\documents and settings\\x\\Dane aplikacji\\IDM\\idmmzcc2\\components\\idmmzcc.dll
FF - plugin: c:\\documents and settings\\x\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\[u]0[/u]tos844q.default\\extensions\\firefox@tvunetworks.com\\plugins\\npTVUAx.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJava11.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJava12.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJava13.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJava14.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJava32.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPJPI150_03.dll
FF - plugin: c:\\program files\\Java\\jre1.5.0_03\\bin\\NPOJI610.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npdjvu.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:35:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
\"scansk\"=hex(0):d4,96,bc,d0,26,ba,6b,89,85,43,1c,72,5f,9b,b9,41,21,16,65,30,57,
   2a,d8,30,da,b0,93,7d,e6,2e,70,2f,7d,17,63,3d,7d,0f,a0,25,00,00,00,00,00,00,\\
 
[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{c7ba7fdd-7a3a-42ba-9e4c-dbc332600ff6}]
@Denied: (Full) (Everyone)
\"Model\"=dword:0000016c
\"Therad\"=dword:0000000a
 
[HKEY_LOCAL_MACHINE\\software\\LicCtrl\\LicCtrl\\LicCtrl\\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \\EC1A69D1C0948222]
\"1\"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
   e3
\"2\"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
   e7,16,83,71,61,5d,be,d8,25
\"3\"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
   cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
 
[HKEY_LOCAL_MACHINE\\software\\LicCtrl\\LicCtrl\\LicCtrl\\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \\EC1A69D1C0948222\\B144CCE307E78EB6EE53CA2196E4D0A2]
\"1\"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
   b0,36,d7,56,53,fe,9f,3d,f9
\"2\"=hex:8c,23,2d,03,75,bd,a0,cd
\"3\"=hex:4b,ae,62,12,16,89,02,db,b4,70,75,d9,0b,26,d7,b3,0d,6f,88,46,78,b1,60,
   f3,e5,33,5f,20,08,20,d5,e4,06,6d,51,59,58,50,96,c7,63,b1,d8,d0,4a,bf,c9,9c,\\
\"4\"=hex:2f,ad,a2,e7,8a,bf,05,5e
\"5\"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\\
\"6\"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
\"7\"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
   97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
\"8\"=hex:7e,f2,3f,70,09,28,2b,d8,18,59,f7,d5,37,82,c9,3a,1c,41,a9,64,27,94,18,
   a4,93,4d,d7,f7,ea,1c,a8,08,02,7d,76,03,b4,db,d7,fd
\"9\"=hex:81,20,8f,ab,28,6a,52,9c
\"18\"=hex:70,56,26,33,e3,20,f8,ab
\"10\"=hex:07,96,b3,35,9e,5a,1a,0b
\"11\"=hex:81,20,8f,ab,28,6a,52,9c
\"12\"=hex:81,20,8f,ab,28,6a,52,9c
\"13\"=hex:81,20,8f,ab,28,6a,52,9c
\"14\"=hex:81,20,8f,ab,28,6a,52,9c
\"24\"=hex:81,20,8f,ab,28,6a,52,9c
\"26\"=hex:81,20,8f,ab,28,6a,52,9c
\"27\"=hex:81,20,8f,ab,28,6a,52,9c
\"19\"=hex:81,20,8f,ab,28,6a,52,9c
\"22\"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(1192)
c:\\windows\\system32\\Ati2evxx.dll
 
- - - - - - - > \'lsass.exe\'(1264)
c:\\windows\\system32\\imon.dll
.
Czas ukończenia: 2009-02-08 18:37:08
ComboFix-quarantined-files.txt  2009-02-08 17:37:01
ComboFix2.txt  2009-02-08 16:01:55
ComboFix3.txt  2008-06-23 12:01:24
 
Przed: 14,473,359,360 bajtów wolnych
Po: 14,461,689,856 bajtów wolnych
 
243
 
Wygenerowano w 0.129s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!