wklejto.pl

Dodane przez: karalahti (2009-03-02 15:23) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
ComboFix 09-03-01.01 - Dorota 2009-03-02 15:25:33.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.895.558 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Dorota\\Pulpit\\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090301-0] *On-access scanning disabled* (Updated)
 * Utworzono nowy punkt przywracania
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\recycler\\S-1-5-21-1482476501-1644491937-682003330-1013
c:\\recycler\\S-1-5-21-1482476501-1644491937-682003330-1013\\Desktop.ini
c:\\windows\\system32\\lsprst7.dll
c:\\windows\\system32\\serauth1.dll
c:\\windows\\system32\\serauth2.dll
c:\\windows\\system32\\ssprs.dll
D:\\Autorun.inf
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-02 do 2009-03-02  )))))))))))))))))))))))))))))))
.
 
2009-03-02 10:29 . 2008-08-25 12:36     81,288  --a------       c:\\windows\\system32\\drivers\\iksyssec.sys
2009-03-02 10:29 . 2008-08-25 12:36     66,952  --a------       c:\\windows\\system32\\drivers\\iksysflt.sys
2009-03-02 10:29 . 2008-08-25 12:36     40,840  --a------       c:\\windows\\system32\\drivers\\ikfilesec.sys
2009-03-02 10:29 . 2008-06-02 16:19     29,576  --a------       c:\\windows\\system32\\drivers\\kcom.sys
2009-03-02 10:28 . 2009-03-02 10:35     <DIR>   d--------       c:\\program files\\Spyware Doctor
2009-03-02 10:28 . 2009-03-02 10:28     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\PC Tools
2009-03-01 14:49 . 2009-03-01 14:50     <DIR>   d--------       c:\\program files\\Common Files\\Adobe
2009-02-23 23:45 . 2009-02-23 23:45     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\DAEMON Tools Pro
2009-02-23 23:45 . 2009-02-23 23:45     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\DAEMON Tools
2009-02-23 23:44 . 2009-02-23 23:44     <DIR>   d--------       c:\\program files\\DAEMON Tools Toolbar
2009-02-23 23:44 . 2009-02-24 10:24     <DIR>   d--------       c:\\program files\\DAEMON Tools Lite
2009-02-23 23:44 . 2009-02-23 23:44     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\DAEMON Tools Lite
2009-02-23 23:41 . 2009-02-23 23:46     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\DAEMON Tools Lite
2009-02-23 23:36 . 2009-02-23 23:36     24      ---hs----       c:\\windows\\S8AFE74CA.tmp
2009-02-23 23:35 . 2009-02-28 19:48     <DIR>   d--------       c:\\program files\\SlySoft
2009-02-21 11:39 . 2009-02-23 09:51     <DIR>   d--------       c:\\program files\\DAP
2009-02-21 11:39 . 2009-03-02 15:19     <DIR>   d-a------       c:\\documents and settings\\All Users\\Dane aplikacji\\TEMP
2009-02-21 11:39 . 2009-02-22 11:09     <DIR>   d--------       c:\\documents and settings\\All Users\\Dane aplikacji\\SpeedBit
2009-02-21 10:49 . 2009-02-21 11:48     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\DMCache
2009-02-19 15:57 . 2009-02-19 15:57     <DIR>   d--------       c:\\documents and settings\\Dorota\\.gstreamer-0.10
2009-02-19 14:53 . 2009-02-19 18:09     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\Nowe Gadu-Gadu
2009-02-19 14:51 . 2009-02-19 14:52     <DIR>   d--------       c:\\program files\\Nowe Gadu-Gadu
2009-02-06 22:32 . 2009-02-06 22:32     <DIR>   d--------       C:\\Albion
2009-02-06 10:48 . 2009-02-08 20:16     <DIR>   d--------       c:\\program files\\Anti Trojan Elite
2009-02-06 10:47 . 2009-02-05 19:07     <DIR>   d--------       c:\\program files\\Anti-Trojan Elite 4.2.3
2009-02-03 13:13 . 2009-02-03 13:13     3,761   --a------       c:\\windows\\jzdvzx64.ini
2009-02-03 13:13 . 2009-02-03 13:13     1,432   --a------       c:\\windows\\cxgn_rhs48.ini
2009-02-02 22:01 . 2009-02-02 22:02     <DIR>   d--------       c:\\program files\\mIRC
2009-02-02 22:01 . 2009-02-02 22:09     <DIR>   d--------       c:\\documents and settings\\Dorota\\Dane aplikacji\\mIRC
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 13:30        ---------       d-----w c:\\program files\\Advanced MP3 Sound Recorder
2009-03-01 13:28        ---------       d-----w c:\\program files\\SPSS
2009-02-28 22:15        ---------       d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Skype
2009-02-28 22:14        ---------       d-----w c:\\program files\\Heroes III
2009-02-28 22:13        ---------       d--h--w c:\\program files\\InstallShield Installation Information
2009-02-28 22:13        ---------       d-----w c:\\program files\\Corel
2009-02-28 18:50        ---------       d-----w c:\\program files\\Worms
2009-02-28 18:49        ---------       d-----w c:\\program files\\SimCity3000
2009-02-28 18:45        ---------       d-----w c:\\program files\\Monte Cristo
2009-02-23 22:41        717,296 ----a-w c:\\windows\\system32\\drivers\\sptd.sys
2009-02-21 21:12        ---------       d-----w c:\\documents and settings\\Dorota\\Dane aplikacji\\XnView
2009-02-05 18:13        ---------       d-----w c:\\program files\\eMule
2009-01-25 16:38        ---------       d-----w c:\\program files\\Jewel Quest II
2009-01-15 11:09        ---------       d-----w c:\\program files\\Sims
2008-08-28 13:28        88      --sh--r c:\\documents and settings\\All Users\\Dane aplikacji\\43973C9E8E.sys
2008-08-28 13:28        2,672   --sha-w c:\\documents and settings\\All Users\\Dane aplikacji\\KGyGaAvL.sys
2008-03-24 14:23        32      ----a-w c:\\documents and settings\\All Users\\Dane aplikacji\\ezsid.dat
2008-12-22 18:45        67,688  ----a-w c:\\program files\\mozilla firefox\\components\\jar50.dll
2008-12-22 18:45        54,368  ----a-w c:\\program files\\mozilla firefox\\components\\jsd3250.dll
2008-12-22 18:45        34,944  ----a-w c:\\program files\\mozilla firefox\\components\\myspell.dll
2008-12-22 18:45        46,712  ----a-w c:\\program files\\mozilla firefox\\components\\spellchk.dll
2008-12-22 18:45        172,136 ----a-w c:\\program files\\mozilla firefox\\components\\xpinstal.dll
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks]
\"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\"= \"c:\\program files\\AskTBar\\SrchAstt\\1.bin\\A5SRCHAS.DLL\" [2008-02-11 57344]
 
[HKEY_CLASSES_ROOT\\clsid\\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2004-08-04 15360]
\"StartCCC\"=\"c:\\program files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" [2006-11-10 90112]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATKOSD2\"=\"c:\\program files\\ATKOSD2\\ATKOSD2.exe\" [2007-10-17 7737344]
\"StartCCC\"=\"c:\\program files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" [2006-11-10 90112]
\"snp2std\"=\"c:\\windows\\vsnp2std.exe\" [2006-09-15 675840]
\"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-11-26 81000]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 144784]
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2008-01-11 39792]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-06-13 c:\\windows\\RTHDCPL.exe]
\"SkyTel\"=\"SkyTel.EXE\" [2007-06-16 c:\\windows\\SkyTel.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\System32\\CTFMON.EXE\" [2004-08-04 15360]
 
c:\\documents and settings\\Dorota\\Menu Start\\Programy\\Autostart\\
CCC.lnk - c:\\program files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe [2006-09-29 49152]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"vidc.3iv2\"= 3ivxVfWCodec.dll
\"VIDC.VP31\"= vp31vfw.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\\program files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 c:\\program files\\DAEMON Tools Lite\\daemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\\program files\\Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\\program files\\Messenger\\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\\program files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Nowe Gadu-Gadu]
--a------ 2009-02-16 15:06 9302632 c:\\program files\\Nowe Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SMSERIAL]
--a------ 2006-11-22 16:31 630784 c:\\program files\\Motorola\\SMSERIAL\\sm56hlpr.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 c:\\program files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\eMule\\\\emule.exe\"=
\"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"c:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
\"c:\\\\Program Files\\\\Gadu-Gadu\\\\ggphone\\\\ggphone.exe\"=
\"c:\\\\Documents and Settings\\\\Dorota\\\\Ustawienia lokalne\\\\Dane aplikacji\\\\Octoshape\\\\Octoshape Streaming Services\\\\OctoshapeClient.exe\"=
\"c:\\\\Program Files\\\\Nowe Gadu-Gadu\\\\gg.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"16884:TCP\"= 16884:TCP:BitComet 16884 TCP
\"16884:UDP\"= 16884:UDP:BitComet 16884 UDP
\"8461:TCP\"= 8461:TCP:GoD High Port
\"8462:TCP\"= 8462:TCP:GoD Low Port
 
R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2008-05-21 111184]
R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2008-05-21 20560]
S3 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\program files\\Anti Trojan Elite\\ATEPMon.sys --> c:\\program files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\\??\\c:\\docume~1\\Dorota\\USTAWI~1\\Temp\\RarSFX0\\kerneld.wnt --> c:\\docume~1\\Dorota\\USTAWI~1\\Temp\\RarSFX0\\kerneld.wnt [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\\program files\\Spyware Doctor\\pctsAuxs.exe [2009-03-02 356920]
 
--- Inne Usługi/Sterowniki w Pamięci ---
 
*Deregistered* - mchInjDrv
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{155f3e7e-c698-11dd-a15c-0015af42c51c}]
\\Shell\\AutoRun\\command - G:\\jeorels.cmd
\\Shell\\open\\Command - G:\\jeorels.cmd
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ad56e370-308d-11dd-9fc7-0015af42c51c}]
\\Shell\\AutoRun\\command - d.cmd
\\Shell\\explore\\Command - d.cmd
\\Shell\\open\\Command - d.cmd
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c5f41168-8d1e-11dd-a0b4-0015af42c51c}]
\\Shell\\AutoRun\\command - G:\\jeorels.cmd
\\Shell\\open\\Command - G:\\jeorels.cmd
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c6dac5c2-c112-11dd-a14f-0015af42c51c}]
\\Shell\\AutoRun\\command - eb.bat
\\Shell\\explore\\Command - eb.bat
\\Shell\\open\\Command - eb.bat
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
\"c:\\program files\\Common Files\\LightScribe\\LSRunOnce.exe\"
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - c:\\progra~1\\DAP\\SBSearch.dll
HKCU-Run-Active Desktop Calendar - c:\\program files\\XemiComputers\\Active Desktop Calendar\\ADC.exe
HKLM-Run-Apoint - c:\\program files\\Apoint2K\\Apoint.exe
HKLM-Run-Anti Trojan Elite - c:\\program files\\Anti Trojan Elite\\TJEnder.exe
 
 
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.speedbit.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\\program files\\BitComet\\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\\program files\\BitComet\\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\\program files\\BitComet\\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
TCP: {14DA0D79-88F8-470F-AB8D-CF1D8FD4E8D8} = 194.204.159.1,194.204.152.34
FF - ProfilePath - c:\\documents and settings\\Dorota\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\vbw6bebv.default\\
FF - component: c:\\documents and settings\\Dorota\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\vbw6bebv.default\\extensions\\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\\components\\IBitCometExtension.dll
FF - component: c:\\program files\\DAEMON Tools Toolbar\\FirefoxDTT\\components\\DTToolbarFF.dll
FF - component: c:\\program files\\Mozilla Firefox\\components\\xpinstal.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 15:27:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\EverestDriver]
\"ImagePath\"=\"\\??\\c:\\docume~1\\Dorota\\USTAWI~1\\Temp\\RarSFX0\\kerneld.wnt\"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(620)
c:\\windows\\system32\\Ati2evxx.dll
.
Czas ukończenia: 2009-03-02 15:29:40
ComboFix-quarantined-files.txt  2009-03-02 14:29:37
 
Przed: 13 173 940 224 bajtów wolnych
Po: 13,347,848,192 bajtów wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professional\" /fastdetect /NoExecute=OptIn
 
206     --- E O F ---   2009-02-26 08:38:21
 
Wygenerowano w 0.032s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!