wklejto.pl

Dodane przez: ~Rafi (2009-02-27 18:14) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
ComboFix 09-02-26.02 - Rafał 2009-02-27 18:17:46.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1279.891 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Rafał\\Pulpit\\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
 * Utworzono nowy punkt przywracania
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\windows\\system32\\AutoRun.inf
c:\\windows\\system32\\mcenspc.dll
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-27 do 2009-02-27  )))))))))))))))))))))))))))))))
.
 
2009-02-24 20:22 . 2009-02-24 20:22     <DIR>   d--------       c:\\windows\\Sun
2009-02-24 19:59 . 2009-01-09 20:19     1,089,883       -----c---       c:\\windows\\system32\\dllcache\\ntprint.cat
2009-02-20 22:10 . 2008-04-14 18:21     26,624  --a------       c:\\windows\\system32\\userinit.exe
2009-02-15 18:19 . 2009-02-15 18:36     <DIR>   d--------       c:\\documents and settings\\Rafał\\Dane aplikacji\\ipla
2009-02-15 18:19 . 2009-02-21 19:33     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\ipla
2009-02-10 16:16 . 2009-02-10 16:16     <DIR>   d--------       c:\\documents and settings\\NetworkService\\Dane aplikacji\\Xfire
2009-02-05 21:51 . 2009-02-05 21:51     42,320  --a------       c:\\windows\\system32\\xfcodec.dll
2009-01-28 21:16 . 2009-01-28 21:16     <DIR>   d--------       c:\\program files\\DivX
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 17:21        94,544,160      --sha-w c:\\windows\\system32\\drivers\\fidbox.dat
2009-02-27 17:21        2,000,672       --sha-w c:\\windows\\system32\\drivers\\fidbox2.dat
2009-02-27 16:06        189,672 ----a-w c:\\windows\\system32\\PnkBstrB.exe
2009-02-27 16:06        138,584 ----a-w c:\\windows\\system32\\drivers\\PnkBstrK.sys
2009-02-27 14:43        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2009-02-26 15:37        195,080 --sha-w c:\\windows\\system32\\drivers\\fidbox2.idx
2009-02-26 15:37        1,266,992       --sha-w c:\\windows\\system32\\drivers\\fidbox.idx
2009-02-12 19:04        ---------       d-----w c:\\documents and settings\\Rafał\\Dane aplikacji\\Hamachi
2009-02-11 13:36        70,968  ----a-w c:\\windows\\system32\\PnkBstrA.exe
2009-02-03 19:01        89,601  ----a-w c:\\windows\\system32\\drivers\\klick.dat
2009-02-03 19:01        101,287 ----a-w c:\\windows\\system32\\drivers\\klin.dat
2009-02-03 11:25        ---------       d-----w c:\\documents and settings\\Rafał\\Dane aplikacji\\Skype
2009-02-03 11:13        ---------       d-----w c:\\documents and settings\\Rafał\\Dane aplikacji\\skypePM
2009-01-24 15:11        ---------       d--h--w c:\\program files\\InstallShield Installation Information
2009-01-14 15:23        ---------       d-----w c:\\program files\\VIA
2009-01-03 11:39        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\InstallShield
2009-01-03 11:38        ---------       d-----w c:\\program files\\Common Files\\InstallShield
2008-12-20 23:03        826,368 ----a-w c:\\windows\\system32\\wininet.dll
2008-11-28 14:27        682,280 ----a-w c:\\windows\\system32\\pbsvc.exe
2008-11-28 14:27        22,328  ----a-w c:\\documents and settings\\Rafał\\Dane aplikacji\\PnkBstrK.sys
2008-07-19 12:41        32      ----a-w c:\\documents and settings\\All Users\\Dane aplikacji\\ezsid.dat
2008-10-14 18:05        32,768  --sha-w c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\MSHist012008101420081015\\index.dat
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"AlcoholAutomount\"=\"e:\\program files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" [2007-12-22 221568]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gainward\"=\"c:\\program files\\VDOTool\\TBPanel.exe\" [2007-06-26 2165272]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2007-07-23 8466432]
\"Jet Detection\"=\"c:\\program files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\" [2001-11-29 28672]
\"HP Software Update\"=\"c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2007-03-11 49152]
\"WinFast Schedule\"=\"c:\\program files\\WinFast\\WFTVFM\\WFWIZ.exe\" [2004-08-02 176128]
\"NeroFilterCheck\"=\"c:\\windows\\system32\\NeroCheck.exe\" [2001-07-09 155648]
\"Adobe Reader Speed Launcher\"=\"e:\\program files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2008-01-11 39792]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2007-07-23 81920]
\"Ptipbmf\"=\"ptipbmf.dll\" [2003-06-05 c:\\windows\\system32\\ptipbmf.dll]
\"nwiz\"=\"nwiz.exe\" [2007-07-23 c:\\windows\\system32\\nwiz.exe]
\"CTHelper\"=\"CTHELPER.EXE\" [2003-08-28 c:\\windows\\system32\\CTHELPER.EXE]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
c:\\documents and settings\\Rafaˆ\\Menu Start\\Programy\\Autostart\\
Kalendarz.lnk - e:\\program files\\Kalendarz XP\\Kalendarz.exe [2006-06-17 882176]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Gamma Loader.lnk - c:\\program files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2008-06-13 113664]
HP Digital Imaging Monitor.lnk - c:\\program files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2007-03-11 210520]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
\"AppInit_DLLs\"=e:\\progra~1\\KASPER~1.0\\adialhk.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.ctmp3\"= c:\\windows\\system32\\ctmp3.acm
\"VIDC.XFR1\"= xfcodec.dll
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\session manager]
BootExecute     REG_MULTI_SZ    autocheck autochk *\\[u]0[/u]lsdelete\\[u]0[/u]OODBS
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
\"FirewallOverride\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"i:\\\\Gry\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"=
\"i:\\\\Gry\\\\Sports Interactive\\\\Football Manager 2009\\\\fm.exe\"=
\"i:\\\\Gry\\\\Call of Duty - World at War\\\\CoDWaW.exe\"=
\"i:\\\\Gry\\\\Call of Duty - World at War\\\\CoDWaWmp.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\\windows\\system32\\drivers\\wf88vcap.sys [2008-05-31 209171]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\\windows\\system32\\drivers\\WF88XBAR.sys [2008-05-31 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\\windows\\system32\\drivers\\wf88tune.sys [2008-05-31 36261]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\\windows\\system32\\drivers\\klim5.sys [2007-04-04 24344]
R3 WFIOCTL;WFIOCTL;c:\\program files\\WinFast\\WFTVFM\\WFIOCTL.sys [2008-05-31 9510]
S3 cpuz130;cpuz130;\\??\\c:\\docume~1\\RAFA~1\\USTAWI~1\\Temp\\cpuz130\\cpuz_x32.sys --> c:\\docume~1\\RAFA~1\\USTAWI~1\\Temp\\cpuz130\\cpuz_x32.sys [?]
 
--- Inne Usługi/Sterowniki w Pamięci ---
 
*NewlyCreated* - PNKBSTRB
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\J]
\\Shell\\AutoRun\\command - J:\\LaunchU3.exe -a
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download with GetRight - e:\\program files\\GetRight\\GRdownload.htm
IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
IE: Open with GetRight Browser - e:\\program files\\GetRight\\GRbrowse.htm
TCP: {8F875A92-1578-4175-8847-8E4DF9F3439B} = 192.168.1.1
TCP: {D99F1598-FE17-4449-BE76-D977D5CBAA3F} = 192.168.1.1
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 18:21:12
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows\\CurrentVersion\\System*]
\"OODEFRAG08.00.00.01WORKSTATION\"=\"DA101164FD63181A8A118A0ACA05F1DBAAFD4CBE79DF4E24623DA8098934B2021F289FAE58F69D68B6AE893E6BF29587DB000AB709840333DACBD23F1FDB5FE42B91385AFC572D40CEFD9AC9DE63CA2E84D792653E7A888CC7027C1282239962A1874AC4768CCEAC483BA5138FB024390FE46B55888B9C12A800E75C49E5ECF4B70B71309DA4FA612DE848E4BFB72AB1F9C74FFCB00774C491A60D5ADF82DAB7B56004C124B020351CCB526D04DA56C75B68AA324EBFB7CD2C1F952A83DC586DFA8E88020C43A09F48EBC840C4FE184ED7EE9E31CF0C827A33D25F53C75ECEF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D67942B906F136203F5DFDC8305657F8BEDB54E3440C2D086362DFB5D4E00CF9D01ACB1A828D94DD008DB82A897E91200F15F23670CA8D90298A0848940801F4A8DAA43772E6E2D1E7892EE9C50388E5C4874133ABAAAC155A6FB9ABFFDECC32F4DFD813D5A6667DA9EA7D564452D002110B2058EBF0C55B0EDB3FBE27612F1CB5C759E82B93636F93FE180C5C289C5D0E179F60DC3793BC9EF63FC1DCFA43328C885620F10BAA77298AD494D46EF9173434EF9A3217E685723C7835C613AE34C96C2A7F1D0B31CBD591BA2C881E9EB95335AB47F678CAA18724388D1B8CCB5473D685D7DA6C4CBDAA6DD0F4C5CE4ADC522EADE985A799FCBBA5B9AF0163BACA926D708486D73BDCD96CD28AEF02F079774EF47A372FD3EB6CF3A5DF46DC7A0893190BDABB8AD519AB767990B8D7FF9A3057FCD1E5AB84B2175AE065967984080313C2A46CDC0374F09CAA2BF356BDC041F516748F1A9E3596629DD6061380BABECA30C7924E1F6F7FD3A9A719D72DC5A04431F274C37782FD0BFC48F6B1555ADA0B7386C6B276827FE9E6607B1F275C96AD49001B0AACBF6572EAD2E4A81C92C7B0A1408048CBAF4E70504AA90B07BF8F8ACEE631BB1F4890F4F1DCAF435E3CE1ED01DFB05EF6FFB899A83CC0CD69514CD137D9DBBDC624482282D3699487446A169603A3697DBD927B68920AAEF3ECAF9F49644F421D00730DB0E06193B20C110D081F795A8AA3278CECC1BA66CC4D003E2262FDE5AD5B508368092876E6078692A393054AFD7AAA97E9BF86F214ADEE091307B454459BAF325DBF92BAA022320BC5120599BB6EEDB87D53927C5C6AE025A478727FE1502C9B9899D8497A4001BF22BCABCC0ECAC23CCEE9F25788500463A167AB7121C7B5AA98621C046BECFB45C3775CDD4F31705566EB2F2B7A49782D159B86066CE9C66CF68ED46A79759BD2C7EAB0C731A658050F2BDCEE716BD00E563F03A4867DDA429D332AC924C66F7381BB92E1D00510489AA502BD2A23C7CE0\"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(1216)
e:\\program files\\Kaspersky Internet Security 7.0\\miscr3.dll
c:\\windows\\system32\\klogon.dll
 
- - - - - - - > \'lsass.exe\'(1272)
e:\\program files\\Kaspersky Internet Security 7.0\\dnsq.dll
e:\\program files\\Kaspersky Internet Security 7.0\\miscr3.dll
.
Czas ukończenia: 2009-02-27 18:22:50
ComboFix-quarantined-files.txt  2009-02-27 17:22:48
 
Przed: 16 202 616 832 bajtów wolnych
Po: 24,778,256,384 bajtów wolnych
 
152     --- E O F ---   2009-02-24 21:44:09
 
Wygenerowano w 0.130s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!