wklejto.pl

Dodane przez: ~Anonim (2009-02-26 21:01) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
ComboFix 09-02-26.01 - Administrator 2009-02-26 21:08:46.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1023.706 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania
.
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-26 do 2009-02-26  )))))))))))))))))))))))))))))))
.
 
2009-02-11 15:24 . 2009-02-11 15:24     <DIR>   d--------       c:\program files\Common Files\Vbox
2009-02-08 17:44 . 2009-02-08 17:44     <DIR>   d--------       c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-02-08 12:49 . 2009-02-08 12:49     <DIR>   d--------       c:\program files\Common Files\Adobe Systems Shared
2009-02-07 15:44 . 2009-02-07 15:44     <DIR>   d--------       c:\program files\Macromedia
2009-02-07 15:42 . 2009-02-07 15:42     <DIR>   d--------       c:\program files\Common Files\Macromedia
2009-02-05 21:48 . 2009-02-05 21:48     <DIR>   d--------       c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-05 21:32 . 2007-02-20 16:04     2,463,976       --a------       c:\windows\system32\NPSWF32.dll
2009-02-05 21:32 . 2007-02-20 16:04     190,696 --a------       c:\windows\system32\NPSWF32_FlashUtil.exe
2009-02-03 17:56 . 2009-02-03 17:56     38,503,990      --a------       C:\backup_2009-02-03 17-56-16.odb
2009-02-03 14:00 . 2009-02-03 14:42     <DIR>   d--------       c:\documents and settings\Administrator\Dane aplikacji\Winamp
2009-02-03 13:35 . 2009-02-03 13:35     <DIR>   d--------       c:\program files\Windows Media Connect 2
2009-02-03 13:34 . 2009-02-03 13:34     <DIR>   d--------       c:\windows\system32\drivers\UMDF
2009-02-02 19:04 . 2009-02-02 19:08     <DIR>   d--------       c:\program files\Xvid
2009-02-02 16:42 . 2009-02-02 16:42     <DIR>   d--------       C:\3gptemp
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 13:42        ---------       d-----w c:\documents and settings\Administrator\Dane aplikacji\gtk-2.0
2009-02-16 10:04        ---------       d--h--w c:\program files\InstallShield Installation Information
2009-02-13 15:06        ---------       d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-08 11:50        ---------       d-----w c:\program files\Common Files\Adobe
2009-02-07 16:50        ---------       d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
2009-02-03 16:56        ---------       d-----w c:\program files\Zabytki
2009-02-03 13:01        ---------       d-----w c:\program files\Winamp
2009-01-19 20:59        ---------       d-----w c:\program files\neostrada tp
2009-01-14 17:28        ---------       d-----w c:\documents and settings\Administrator\Dane aplikacji\ESET
2009-01-14 15:24        ---------       d-----w c:\documents and settings\All Users\Dane aplikacji\ESET
2009-01-13 19:36        ---------       d-----w c:\program files\TeamViewer
2009-01-10 21:49        ---------       d-----w c:\documents and settings\Administrator\Dane aplikacji\TeamViewer
2009-01-04 19:14        ---------       d-----w c:\program files\Common Files\INCA Shared
2008-12-31 20:41        410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-31 20:41        ---------       d-----w c:\program files\Java
2008-12-15 15:58        183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-04 20:46        180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 20:42        815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-11-26 18:59        2,827   ----a-w C:\drmHeader.bin
2008-03-19 15:18        1       ----a-w c:\documents and settings\Administrator\Dane aplikacji\bin.dll
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 15:05        398776  --a------       c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="d:\programy\Nero\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"PcSync"="d:\programy\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
"NoAds"="d:\programy\NoAds 2006.07.28\NoAds.exe" [2008-12-02 151552]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-04-23 2165536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608]
"DAEMON Tools"="d:\programy\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PCSuiteTrayApplication"="d:\programy\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-12-20 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 c:\windows\system32\stmctrl.dll]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
 
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
 
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\programy\Adobe\Reader\reader_sl.exe [2005-09-24 29696]
Fantastic Flame Agent.lnk - d:\programy\Flame\Fantastic Flame Screensaver\FantasticFlameAgent.exe [2006-05-11 22528]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"d:\\Gry\\NFS Carbon\\nfsc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Programy\\GG New\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Gry\\FIFA 09\\FIFA09.exe"=
"d:\\Gry\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=
"d:\\Programy\\Ares\\Ares.exe"=
 
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-05-09 6656]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2008-05-09 28672]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2008-07-17 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2008-07-17 684265]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe
.
- - - - USUNITO PUSTE WPISY - - - -
 
HKCU-Run-Odkurzacz-MCD - i:\odkurzacz\odk_mcd.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
 
 
.
------- Skan uzupeniajcy -------
.
uStart Page = hxxp://www.neostrada.pl
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B14D9332-631C-490E-BD6C-359DBA0D4DE9} = 194.204.159.1 217.98.63.164
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6nbrax1g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6nbrax1g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\DivV 6.5\DivX Content Uploader\npUpload.dll
FF - plugin: d:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programy\DivX\DivX Web Player\npdivx32.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 21:09:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesw ...  
 
skanowanie ukrytych wpisw autostartu ... 
 
skanowanie ukrytych plikw ...  
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
 
[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,0d,8a,4f,4c,35,17,2e,61,11,0e,dc,11,15,29,df,69,bd,0e,fc,01,ee,07,
   cd,e6,ab,d9,e8,1f,79,0e,21,9b,b0,8b,66,0b,78,71,08,cc,fb,73,2f,c6,c0,a9,6e,\
"??"=hex:a1,41,7b,2c,e5,89,a5,e9,45,ea,3c,31,82,31,ad,53
 
[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:5d,63,36,6f,a2,8a,43,72,fb,c0,ad,1a,72,e9,94,c2,a8,16,b1,df,d9,
   01,f2,3f,60,e1,5c,25,72,78,5a,5a,16,e4,f1,f3,4f,96,4a,ef,c2,6b,41,9a,2c,fc,\
"rkeysecu"=hex:43,df,b0,80,b9,c2,77,18,67,94,b5,8a,d2,50,c2,d8
.
Czas ukoczenia: 2009-02-26 21:10:09
ComboFix-quarantined-files.txt  2009-02-26 20:10:07
ComboFix2.txt  2008-12-13 19:45:21
 
Przed: 3210276864 bajtw wolnych
Po: 3,807,596,544 bajtw wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut
 
160     --- E O F ---   2008-07-10 13:07:56
 
Wygenerowano w 0.068s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!