wklejto.pl

Dodane przez: ~Anonim (2009-02-24 10:21) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
ComboFix 09-02-21.01 - Adasz 2009-02-24 10:26:49.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2046.1439 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Adasz\\Pulpit\\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*
 * Utworzono nowy punkt przywracania
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-24 do 2009-02-24  )))))))))))))))))))))))))))))))
.
 
2009-02-20 10:40 . 2008-10-10 04:52     4,379,984       --a------       c:\\windows\\system32\\D3DX9_40.dll
2009-02-20 10:40 . 2008-10-10 04:52     2,036,576       --a------       c:\\windows\\system32\\D3DCompiler_40.dll
2009-02-20 10:40 . 2008-10-27 10:04     514,384 --a------       c:\\windows\\system32\\XAudio2_3.dll
2009-02-20 10:40 . 2008-10-10 04:52     452,440 --a------       c:\\windows\\system32\\d3dx10_40.dll
2009-02-20 10:40 . 2008-10-27 10:04     235,856 --a------       c:\\windows\\system32\\xactengine3_3.dll
2009-02-20 10:40 . 2008-10-27 10:04     70,992  --a------       c:\\windows\\system32\\XAPOFX1_2.dll
2009-02-20 10:40 . 2008-10-27 10:04     23,376  --a------       c:\\windows\\system32\\X3DAudio1_5.dll
2009-02-19 22:59 . 2009-02-23 23:19     54,156  --ah-----       c:\\windows\\QTFont.qfn
2009-02-19 22:59 . 2009-02-19 22:59     1,409   --a------       c:\\windows\\QTFont.for
2009-02-07 09:41 . 2009-02-07 09:41     10,520  --a------       c:\\windows\\system32\\avgrsstx.dll
2009-02-01 17:36 . 2009-02-01 17:59     <DIR>   d--------       c:\\program files\\SmokersCalc
2009-01-25 20:33 . 2009-01-25 20:34     <DIR>   d--------       c:\\documents and settings\\Adasz\\Dane aplikacji\\Workrave
2009-01-25 20:27 . 2009-02-15 13:26     <DIR>   d--------       c:\\program files\\ATS2
2009-01-25 20:26 . 2009-01-26 13:55     <DIR>   d--------       c:\\program files\\The Cleaner Demo
2009-01-25 20:19 . 2009-01-25 20:19     <DIR>   d--------       C:\\RootkitRevealer v1.71
2009-01-25 20:12 . 2009-01-25 20:12     <DIR>   d--------       c:\\program files\\Alwil Software
2009-01-25 20:10 . 2009-01-25 20:10     <DIR>   d--------       c:\\program files\\Systweak
2009-01-25 20:10 . 2009-01-25 20:10     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\Systweak
2009-01-25 20:10 . 2009-01-25 20:15     <DIR>   d--------       c:\\documents and settings\\Adasz\\Dane aplikacji\\Systweak
2009-01-25 20:09 . 2008-11-10 19:49     17,136  --a------       c:\\windows\\system32\\sasnative32.exe
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 09:28        ---------       d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Skype
2009-02-24 08:36        ---------       d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\WTablet
2009-02-24 08:36        ---------       d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\skypePM
2009-02-20 09:21        ---------       d--h--w c:\\program files\\InstallShield Installation Information
2009-02-13 13:12        ---------       d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Hamachi
2009-02-07 08:41        325,128 ----a-w c:\\windows\\system32\\drivers\\avgldx86.sys
2009-02-04 18:25        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\avg8
2009-01-28 20:23        ---------       d-----w c:\\program files\\CyberLink
2009-01-26 10:45        ---------       d-----w c:\\program files\\Macromedia
2009-01-26 09:32        ---------       d-----w c:\\program files\\Common Files\\Macromedia
2009-01-26 09:09        ---------       d-----w c:\\program files\\Crayon Physics Deluxe
2009-01-26 08:57        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2009-01-25 19:23        ---------       d-----w c:\\program files\\Spybot - Search & Destroy
2009-01-15 09:36        ---------       d-----w c:\\program files\\Common Files\\Wise Installation Wizard
2009-01-15 09:35        ---------       d-----w c:\\program files\\AGEIA Technologies
2009-01-14 18:49        11,973  ----a-w c:\\windows\\system32\\drivers\\secdrv.sys
2009-01-12 15:00        ---------       d-----w c:\\program files\\Opera 10 Preview
2009-01-12 12:35        ---------       d-----w c:\\program files\\HD Tune
2009-01-11 14:53        ---------       d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Crayon Physics Deluxe
2008-12-27 19:07        ---------       d-----w c:\\program files\\Futuremark
2008-12-18 20:03        319,488 ----a-w c:\\windows\\HideWin.exe
2008-12-16 15:10        606,848 ----a-w c:\\windows\\flashax.exe
2008-12-16 15:10        503,808 ----a-w c:\\windows\\leogeo_timebeat.scr
2008-12-16 15:10        12,288  ----a-w c:\\windows\\impborl.dll
2008-03-25 19:10        0       ---ha-w c:\\documents and settings\\Adasz\\hpothb07.dat
2008-02-15 11:31        2       --shatr c:\\windows\\winstart.bat
2008-07-22 05:17        3,911,712       --sha-w c:\\windows\\system32\\drivers\\fidbox.dat
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2008-09-23 21755688]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2004-08-03 15360]
\"supervisor.exe\"=\"c:\\windows\\supervisor.exe\" [2005-06-17 1077248]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gainward\"=\"c:\\program files\\VDOTool\\TBPanel.exe\" [2007-11-01 2165272]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2008-10-07 13574144]
\"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 31016]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 144784]
\"CoolSwitch\"=\"c:\\windows\\system32\\taskswitch.exe\" [2002-03-19 45632]
\"NeroFilterCheck\"=\"c:\\windows\\system32\\NeroCheck.exe\" [2006-01-12 155648]
\"SmcService\"=\"c:\\progra~1\\Sygate\\SPF\\smc.exe\" [2004-10-15 2577632]
\"WinFast Schedule\"=\"c:\\program files\\WinFast\\WFTVFM\\WFWIZ.exe\" [2006-04-27 344064]
\"PCSuiteTrayApplication\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2007-06-18 271360]
\"AVG8_TRAY\"=\"c:\\progra~1\\AVG\\AVG8\\avgtray.exe\" [2009-02-07 1601304]
\"RegDoctor\"=\"c:\\program files\\RegDoctor\\RegDoctor.exe\" [2008-08-27 2256896]
\"QuickTime Task\"=\"c:\\program files\\QuickTime\\QTTask.exe\" [2007-06-29 286720]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2008-10-07 86016]
\"RemoteControl\"=\"c:\\program files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2003-10-31 32768]
\"Advanced System Protector\"=\"c:\\program files\\Systweak\\Advanced System Protector\\ASP.exe\" [2009-01-03 15585512]
\"nwiz\"=\"nwiz.exe\" [2008-10-07 c:\\windows\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2004-08-03 15360]
\"Nokia.PCSync\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-06-19 1241088]
 
c:\\docume~1\\ALLUSE~1\\MENUST~1\\Programy\\AUTOST~1\\
Adobe Reader Speed Launch.lnk - c:\\program files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-09-24 29696]
hp psc 1000 series.lnk - c:\\program files\\Hewlett-Packard\\Digital Imaging\\bin\\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\\program files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe [2003-04-06 28672]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\avgrsstarter]
2009-02-07 09:41 10520 c:\\windows\\system32\\avgrsstx.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.wmv3\"= c:\\progra~1\\COMBIN~1\\Filters\\wmv9vcm.dll
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\session manager]
BootExecute     REG_MULTI_SZ    autocheck autochk *\\[u]0[/u]lsdelete\\[u]0[/u]sasnative32
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"c:\\\\Program Files\\\\AVG\\\\AVG8\\\\avgupd.exe\"=
\"c:\\\\Program Files\\\\TVAnts\\\\Tvants.exe\"=
\"c:\\\\Program Files\\\\SopCast\\\\SopCast.exe\"=
\"c:\\\\xampplite\\\\mysql\\\\bin\\\\mysqld.exe\"=
\"c:\\\\xampplite\\\\apache\\\\bin\\\\apache.exe\"=
\"d:\\\\Gry\\\\PES2009\\\\pes2009.exe\"=
\"d:\\\\Gry\\\\Sports Interactive\\\\Football Manager 2009\\\\fm.exe\"=
\"d:\\\\Gry\\\\Activision\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"=
\"d:\\\\Gry\\\\EA Games\\\\Mirror\'s Edge\\\\Binaries\\\\MirrorsEdge.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutLauncher.exe\"=
\"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutConfigTool.exe\"=
\"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutParadise.exe\"=
 
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\\windows\\system32\\drivers\\avgldx86.sys [2008-07-15 325128]
R2 avg8wd;AVG8 WatchDog;c:\\progra~1\\AVG\\AVG8\\avgwdsvc.exe [2009-02-07 298264]
R2 TabletServicePen;TabletServicePen;c:\\windows\\system32\\Pen_Tablet.exe [2008-08-31 1373480]
R3 BCASPROT;Advanced System Protector;c:\\program files\\Systweak\\Advanced System Protector\\sasprot32.sys [2009-01-25 6656]
S3 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\program files\\Anti Trojan Elite\\ATEPMon.sys --> c:\\program files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 WFIOCTL;WFIOCTL;\\??\\c:\\program files\\WinFast\\WFTVFM\\WFIOCTL.SYS --> c:\\program files\\WinFast\\WFTVFM\\WFIOCTL.SYS [?]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{279e68fb-fc9c-11dc-8051-0050bfff53c6}]
\\Shell\\AutoRun\\command - J:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{93b8cad7-0c6d-11dd-807f-0050bfff53c6}]
\\Shell\\AutoRun\\command - setup.exe
.
Zawartość folderu \'Zaplanowane zadania\'
 
2009-02-14 c:\\windows\\Tasks\\AppleSoftwareUpdate.job
- c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2007-06-03 12:42]
 
2008-06-18 c:\\windows\\Tasks\\FRU Task #Hewlett-Packard#hp psc 1000 series#1205759890.job
- c:\\program files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
HKLM-Run-Anti Trojan Elite - c:\\program files\\Anti Trojan Elite\\TJEnder.exe
 
 
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\\documents and settings\\Adasz\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\nzq763ue.default\\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\\program files\\AVG\\AVG8\\Firefox\\components\\avgssff.dll
FF - plugin: c:\\documents and settings\\Adasz\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\nzq763ue.default\\extensions\\firefox@tvunetworks.com\\plugins\\npTVUAx.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npganymedenet.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\NPPOKER.dll
FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\npdsplay.dll
FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\NPSWF32.dll
FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\npwmsdrm.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 10:28:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\\System\\ControlSet004\\Services\\vsdatant]
\"ImagePath\"=\"\"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\G*e*n*i*e*\"!\\FM Genie Scout 2009 XE]
\"GameDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\\\\games\"
\"ShortlistDir\"=\"\"
\"ScreenshotsDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\"
\"SaveDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\\\\\"
\"HistoryDir\"=\"h:\\\\FM Genie Scout 2009 XE\\\\History Points\"
\"LangDB\"=\"d:\\\\Gry\\\\Sports Interactive\\\\Football Manager 2009\\\\data\\\\updates\\\\update-910\\\\db\\\\910\\\\lang_db.dat\"
\"LastSaveGame\"=\"\"
\"Language\"=\"English\"
\"LoadLangDB\"=dword:00000001
\"CompressHistoryPoints\"=dword:00000000
\"HighlightedAttributes\"=dword:00000000
\"MinCondition\"=dword:00000050
\"SkinName\"=\"Champions League\"
\"LastUpdateCheck\"=dword:00000000
\"HighQualityGUI\"=dword:00000001
\"AutomaticallyUpdateCheck\"=dword:00000001
\"AdvancedGeneration\"=dword:00000000
\"TranslateStaffSkills\"=dword:00000001
\"TranslatePlayerSkills\"=dword:00000001
\"TranslatePositions\"=dword:00000001
\"ShowHistory\"=dword:00000001
\"Version\"=dword:00000066
\"UniqueID\"=\"84-8600-E22F\"
\"Currency\"=dword:00000056
\"UseProxy\"=dword:00000000
\"ProxyHost\"=\"\"
\"ProxyPort\"=\"\"
\"UseAuthentication\"=dword:00000000
\"UserName\"=\"\"
\"UserPassword\"=\"\"
 
[HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\SecuROM\\!CAUTION! NEVER A OR CHANGE ANY KEY*]
\"??\"=hex:65,e3,a8,0e,60,34,fe,d2,d9,8e,0c,3f,38,26,fb,c6,18,0b,28,52,2d,fb,29,
   4d,17,c5,12,14,29,79,a3,26,57,81,a0,99,d7,8c,0a,c9,58,e7,57,81,a9,94,6e,e6,\\
\"??\"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
 
[HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\SecuROM\\License information*]
\"datasecu\"=hex:a7,93,ae,ac,38,42,09,53,0f,b6,5a,da,ca,1a,f4,2c,e8,1b,78,c0,2a,
   f7,f9,3a,c0,e1,99,48,f0,4f,2b,d1,77,41,93,c8,45,a3,48,96,b1,7b,b0,5d,8f,9a,\\
\"rkeysecu\"=hex:cc,d9,41,8c,96,6a,05,20,7e,04,7e,21,78,5f,d3,28
.
Czas ukończenia: 2009-02-24 10:30:30
ComboFix-quarantined-files.txt  2009-02-24 09:30:28
ComboFix2.txt  2008-07-17 09:11:49
 
Przed: 4 515 590 144 bajtów wolnych
Po: 4,743,720,960 bajtów wolnych
 
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
221
 
Wygenerowano w 0.101s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!