wklejto.pl

Dodane przez: ~vito9961 (2009-02-24 18:36) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
ComboFix 09-02-21.01 - PAULINKA 2009-02-24 17:19:03.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.3326.2801 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\PAULINKA\\Desktop\\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090224-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*
 * Utworzono nowy punkt przywracania
.
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-24 do 2009-02-24  )))))))))))))))))))))))))))))))
.
 
2009-02-24 17:23 .      53,248          c:\\temp\\catchme.dll
2009-02-24 17:19 . 2009-02-24 17:19     <DIR>   d--------       c:\\temp\\WPDNSE
2009-02-24 15:00 . 2009-02-24 16:47     <DIR>   d--------       c:\\temp\\_avast4_
2009-02-19 18:48 . 2009-02-21 11:15     217     --a------       c:\\windows\\wininit.ini
2009-02-04 22:14 . 2009-02-04 22:14     <DIR>   d--------       C:\\ERDNT
2009-02-04 22:13 . 2009-02-04 22:13     <DIR>   d--------       c:\\windows\\ERUNT
2009-02-04 22:12 . 2009-02-04 22:14     <DIR>   d--------       C:\\!FixIEDef
2009-02-01 21:24 . 2009-02-01 21:24     <DIR>   d--------       c:\\documents and settings\\PAULINKA\\DoctorWeb
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 15:38        1,125,958       ----a-w c:\\windows\\system32\\drivers\\fwdrv.err
2009-02-22 18:02        ---------       d-----w c:\\program files\\Windows Live Safety Center
2009-02-21 11:08        ---------       d-----w c:\\documents and settings\\All Users\\Application Data\\Spybot - Search & Destroy
2009-02-08 17:21        ---------       d-----w c:\\documents and settings\\PAULINKA\\Application Data\\Skype
2009-02-01 08:49        ---------       d-----w c:\\documents and settings\\PAULINKA\\Application Data\\Image Zone Express
2008-12-27 13:03        ---------       d-----w c:\\documents and settings\\PAULINKA\\Application Data\\DAEMON Tools Pro
2008-12-20 23:15        826,368 ----a-w c:\\windows\\system32\\wininet.dll
2008-12-18 18:15        111,928 ----a-w c:\\windows\\system32\\PnkBstrB.exe
2008-12-16 17:29        22,328  ----a-w c:\\documents and settings\\PAULINKA\\Application Data\\PnkBstrK.sys
2008-12-16 17:28        682,280 ----a-w c:\\windows\\system32\\pbsvc.exe
2008-12-14 15:16        107,888 ----a-w c:\\windows\\system32\\CmdLineExt.dll
2008-12-01 16:01        66,872  ----a-w c:\\windows\\system32\\PnkBstrA.exe
2007-12-25 13:32        92,064  ----a-w c:\\documents and settings\\PAULINKA\\mqdmmdm.sys
2007-12-25 13:32        9,232   ----a-w c:\\documents and settings\\PAULINKA\\mqdmmdfl.sys
2007-12-25 13:32        79,328  ----a-w c:\\documents and settings\\PAULINKA\\mqdmserd.sys
2007-12-25 13:32        66,656  ----a-w c:\\documents and settings\\PAULINKA\\mqdmbus.sys
2007-12-25 13:32        6,208   ----a-w c:\\documents and settings\\PAULINKA\\mqdmcmnt.sys
2007-12-25 13:32        5,936   ----a-w c:\\documents and settings\\PAULINKA\\mqdmwhnt.sys
2007-12-25 13:32        4,048   ----a-w c:\\documents and settings\\PAULINKA\\mqdmcr.sys
2007-12-25 13:32        25,600  ----a-w c:\\documents and settings\\PAULINKA\\usbsermptxp.sys
2007-12-25 13:32        22,768  ----a-w c:\\documents and settings\\PAULINKA\\usbsermpt.sys
2008-08-26 16:39        32,768  --sha-w c:\\windows\\system32\\config\\systemprofile\\Local Settings\\History\\History.IE5\\MSHist012008082620080827\\index.dat
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360]
\"DAEMON Tools Lite\"=\"d:\\daemon tools lite\\daemon.exe\" [2008-12-10 216520]
\"WMPNSCFG\"=\"c:\\program files\\Windows Media Player\\WMPNSCFG.exe\" [2006-12-01 204288]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ehTray\"=\"c:\\windows\\ehome\\ehtray.exe\" [2005-08-05 64512]
\"UpdReg\"=\"c:\\windows\\UpdReg.EXE\" [2000-05-11 90112]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2006-11-03 7700480]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2006-11-03 86016]
\"avast!\"=\"c:\\program files\\Alwil Software\\Avast4\\ashDisp.exe\" [2009-02-05 81000]
\"AVFX Engine\"=\"e:\\creative\\Creative Live! Cam\\VideoFX\\StartFX.exe\" [2006-06-09 24576]
\"V0230Mon.exe\"=\"c:\\windows\\system32\\V0230Mon.exe\" [2006-07-19 36961]
\"NeroFilterCheck\"=\"c:\\program files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2006-01-12 155648]
\"HP Software Update\"=\"c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2006-02-19 49152]
\"TkBellExe\"=\"c:\\program files\\Common Files\\Real\\Update_OB\\realsched.exe\" [2007-04-12 180269]
\"a-winpoet-service\"=\"d:\\dialnet\\winpppoverethernet.exe\" [2007-07-06 405504]
\"CTHelper\"=\"CTHELPER.EXE\" [2006-05-24 c:\\windows\\CTHELPER.EXE]
\"CTxfiHlp\"=\"CTXFIHLP.EXE\" [2006-05-24 c:\\windows\\system32\\CTXFIHLP.EXE]
\"nwiz\"=\"nwiz.exe\" [2006-11-03 c:\\windows\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
\"DWQueuedReporting\"=\"c:\\progra~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" [2007-03-22 39264]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\"=
\"e:\\\\Ochrona darmowa\\\\Sunbelt Software\\\\Personal Firewall\\\\kpf4gui.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpofxm08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposfx08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqscnvw.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqCopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpfccopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpzwiz01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpoews01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqnrs08.exe\"=
\"e:\\\\Torrent\\\\utorrent.exe\"=
\"c:\\\\Program Files\\\\Activision\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"d:\\\\Call of Duty - World at War\\\\CoDWaWmp.exe\"=
\"d:\\\\Call of Duty - World at War\\\\CoDWaW.exe\"=
\"e:\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"c:\\\\Program Files\\\\SightSpeed\\\\SightSpeed.exe\"=
 
R0 pe3alucb;Wildlife Park 2 AddOn3 Marine Park Environment Driver (pe3alucb);c:\\windows\\system32\\drivers\\pe3alucb.sys [2007-11-05 65192]
R0 ps7alucb;Wildlife Park 2 AddOn3 Marine Park Synchronization Driver (ps7alucb);c:\\windows\\system32\\drivers\\ps7alucb.sys [2007-11-05 68784]
R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2008-03-31 114768]
R1 fwdrv;Firewall Driver;c:\\windows\\system32\\drivers\\fwdrv.sys [2007-03-16 302000]
R1 khips;Kerio HIPS Driver;c:\\windows\\system32\\drivers\\khips.sys [2007-03-16 72496]
R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2008-03-31 20560]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\\windows\\system32\\drivers\\WrKPoET2000.sys [2008-06-19 52214]
R2 WinDefend;Windows Defender;c:\\program files\\Windows Defender\\MsMpEng.exe [2006-11-03 13592]
R3 FPD;Fine Point Packet Service;c:\\windows\\system32\\drivers\\fpd.sys [2008-06-19 30336]
R3 GWHid;VL807 Hidmini driver;c:\\windows\\system32\\drivers\\GWHid.sys [2008-12-18 18992]
R3 V0230Vfx;V0230Vfx;c:\\windows\\system32\\drivers\\V0230Vfx.sys [2007-04-13 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\\windows\\system32\\drivers\\V0230VID.sys [2007-04-13 498464]
R3 VL807;VL807 Filter;c:\\windows\\system32\\drivers\\VL807.sys [2008-12-18 27184]
R3 WrKPoET2000;WrKPoET2000;d:\\dialnet\\WrKPoET2000.sys [2008-06-19 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;c:\\windows\\system32\\drivers\\WrKPoETNic2000.sys [2008-06-19 65604]
S2 pr2alucb;Wildlife Park 2 AddOn3 Marine Park Drivers Auto Removal (pr2alucb);c:\\windows\\system32\\pr2alucb.exe svc --> c:\\windows\\system32\\pr2alucb.exe svc [?]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\G]
\\Shell\\AutoRun\\command - G:\\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3cbd9668-7463-11dd-b6f5-0019d1018012}]
\\Shell\\AutoRun\\command - G:\\LaunchU3.exe -a
.
Zawartość folderu \'Zaplanowane zadania\'
 
2009-02-24 c:\\windows\\Tasks\\MP Scheduled Scan.job
- c:\\program files\\Windows Defender\\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
HKU-Default-RunOnce-Second run install - c:\\install\\2ndrun.bat
 
 
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.vobis.pl/
IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\Microsoft Office\\OFFICE11\\EXCEL.EXE/3000
TCP: {135BB3E1-FCF6-4553-997E-D500635FBB13} = 217.30.129.149,217.30.137.200
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\\progra~1\\Crawler\\ctbr.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 17:23:13
Windows 5.1.2600 Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
Czas ukończenia: 2009-02-24 17:25:53
ComboFix-quarantined-files.txt  2009-02-24 16:25:48
 
Przed: 96 498 135 040 bytes free
Po: 96,518,119,424 bajtów wolnych
 
150     --- E O F ---   2009-02-11 16:21:24
 
Wygenerowano w 0.042s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!