wklejto.pl

Dodane przez: ~Anonim (2009-12-21 12:33) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
ComboFix 09-12-19.03 - Grzesiek 2009-12-20  21:37:17.5.4 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.3326.2541 [GMT 1:00]
Uruchomiony z: c:\\users\\Grzesiek\\Desktop\\ComboFix.exe
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-20 do 2009-12-20  )))))))))))))))))))))))))))))))
.
 
2009-12-20 20:42 . 2009-12-20 20:42     --------        d-----w-        c:\\users\\Public\\AppData\\Local\\temp
2009-12-07 09:50 . 2009-07-23 10:56     714752  ----a-w-        c:\\windows\\system32\\drivers\\SandBox.sys
2009-12-07 09:50 . 2009-07-13 12:17     317976  ----a-w-        c:\\windows\\system32\\drivers\\afwcore.sys
2009-12-07 09:49 . 2009-12-07 09:50     --------        d-----w-        c:\\windows\\system32\\Filt
2009-12-07 09:49 . 2009-02-18 16:27     29208   ----a-w-        c:\\windows\\system32\\drivers\\afw.sys
2009-12-07 09:49 . 2009-12-07 09:49     --------        d-----w-        c:\\program files\\Agnitum
2009-12-07 09:48 . 2009-12-07 09:48     --------        d-----w-        c:\\programdata\\Agnitum
2009-12-07 09:39 . 2009-12-07 09:39     --------        d-----w-        c:\\program files\\ESET
2009-12-05 17:25 . 2009-12-05 17:25     --------        d-----w-        c:\\program files\\Veetle
2009-12-05 14:07 . 2009-12-05 14:07     107888  ----a-w-        c:\\windows\\system32\\CmdLineExt.dll
2009-12-05 14:06 . 2008-05-30 13:19     507400  ----a-w-        c:\\windows\\system32\\XAudio2_1.dll
2009-12-05 14:06 . 2008-05-30 13:18     238088  ----a-w-        c:\\windows\\system32\\xactengine3_1.dll
2009-12-05 14:06 . 2008-05-30 13:17     65032   ----a-w-        c:\\windows\\system32\\XAPOFX1_0.dll
2009-12-05 14:06 . 2008-05-30 13:17     25608   ----a-w-        c:\\windows\\system32\\X3DAudio1_4.dll
2009-12-05 14:06 . 2008-05-30 13:11     467984  ----a-w-        c:\\windows\\system32\\d3dx10_38.dll
2009-12-05 14:06 . 2008-05-30 13:11     3850760 ----a-w-        c:\\windows\\system32\\D3DX9_38.dll
2009-12-05 14:06 . 2008-05-30 13:11     1491992 ----a-w-        c:\\windows\\system32\\D3DCompiler_38.dll
2009-12-05 14:06 . 2008-03-05 15:03     479752  ----a-w-        c:\\windows\\system32\\XAudio2_0.dll
2009-12-05 14:06 . 2008-03-05 15:03     238088  ----a-w-        c:\\windows\\system32\\xactengine3_0.dll
2009-12-05 14:06 . 2008-03-05 15:00     25608   ----a-w-        c:\\windows\\system32\\X3DAudio1_3.dll
2009-12-05 14:04 . 2008-03-05 14:56     3786760 ----a-w-        c:\\windows\\system32\\D3DX9_37.dll
2009-12-05 14:04 . 2008-03-05 14:56     1420824 ----a-w-        c:\\windows\\system32\\D3DCompiler_37.dll
2009-12-05 14:04 . 2008-02-05 22:07     462864  ----a-w-        c:\\windows\\system32\\d3dx10_37.dll
2009-12-04 09:00 . 2009-12-04 17:12     4844296 ----a-w-        c:\\programdata\\Malwarebytes\\Malwarebytes\' Anti-Malware\\mbam-setup.exe
2009-12-03 10:22 . 2009-12-18 19:55     --------        d-----w-        c:\\users\\Grzesiek\\.rainlendar2
2009-12-03 10:22 . 2009-12-03 10:29     --------        d-----w-        c:\\program files\\Rainlendar2
2009-12-03 10:15 . 2009-12-03 10:15     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\XemiComputers
2009-11-28 20:31 . 2009-11-28 20:31     --------        d-----w-        C:\\Tapety
2009-11-28 19:12 . 2009-11-28 19:12     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Local\\ElevatedDiagnostics
2009-11-27 09:00 . 2009-11-27 09:00     --------        d-----w-        c:\\program files\\MSXML 4.0
2009-11-26 19:17 . 2009-11-26 19:17     --------        d-----w-        c:\\program files\\Common Files\\Windows Live
2009-11-26 15:36 . 2009-11-26 15:36     --------        d-----w-        C:\\Sounds
2009-11-26 15:32 . 2008-11-11 12:42     24832   ----a-w-        c:\\windows\\system32\\drivers\\lgusbmodem.sys
2009-11-26 15:32 . 2008-11-11 12:41     19968   ----a-w-        c:\\windows\\system32\\drivers\\lgusbdiag.sys
2009-11-26 15:32 . 2008-11-11 12:41     13056   ----a-w-        c:\\windows\\system32\\drivers\\lgusbbus.sys
2009-11-26 15:32 . 2009-11-26 15:33     --------        d-----w-        c:\\program files\\LG Electronics
2009-11-26 15:31 . 2007-11-08 15:26     1164728 ----a-w-        c:\\windows\\system32\\NMSDVDXU.dll
2009-11-26 15:31 . 2009-12-17 18:04     --------        d-----w-        c:\\program files\\LG PC Suite II
2009-11-26 15:31 . 2009-11-26 15:31     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\LG Electronics
2009-11-26 15:31 . 2009-11-26 15:31     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\InstallShield
2009-11-26 09:59 . 2009-11-26 09:59     2554680 ----a-w-        c:\\users\\Grzesiek\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gczaicmm.default\\extensions\\firefox@tvunetworks.com\\plugins\\npTVUAx.dll
2009-11-25 22:29 . 2009-11-25 22:29     --------        d-----w-        c:\\program files\\Microsoft Silverlight
2009-11-25 22:20 . 2009-11-25 22:20     --------        d-----w-        c:\\program files\\Microsoft
2009-11-25 06:37 . 2009-10-29 07:22     2048    ----a-w-        c:\\windows\\system32\\tzres.dll
2009-11-24 12:09 . 2009-11-24 12:09     --------        d-----w-        c:\\program files\\TVAnts
2009-11-24 11:42 . 2009-11-24 11:42     --------        d-----w-        c:\\program files\\SopCast
2009-11-21 13:28 . 2009-12-18 07:18     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Local\\Diagnostics
2009-11-21 08:41 . 2009-11-21 08:41     --------        d-----w-        c:\\users\\Default\\AppData\\Local\\Microsoft Help
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 20:41 . 2009-07-14 08:07     546818  ----a-w-        c:\\windows\\system32\\perfc015.dat
2009-12-20 20:41 . 2009-07-14 08:07     1922832 ----a-w-        c:\\windows\\system32\\perfh015.dat
2009-12-20 20:34 . 2009-11-14 10:54     16608   ----a-w-        c:\\windows\\gdrv.sys
2009-12-20 18:57 . 2009-11-14 11:03     85496   ----a-w-        c:\\users\\Grzesiek\\AppData\\Local\\GDIPFONTCACHEV1.DAT
2009-12-20 18:18 . 2009-11-14 19:28     --------        d-----w-        c:\\programdata\\ipla
2009-12-20 18:16 . 2009-11-14 19:28     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\ipla
2009-12-20 18:16 . 2009-11-14 19:28     --------        d-----w-        c:\\program files\\ipla
2009-12-20 16:05 . 2009-11-16 10:02     --------        d-----w-        c:\\program files\\JDownloader
2009-12-20 13:54 . 2009-11-14 10:54     --------        d-----w-        c:\\program files\\Common Files\\InstallShield
2009-12-20 13:54 . 2009-11-14 10:54     --------        d--h--w-        c:\\program files\\InstallShield Installation Information
2009-12-19 14:40 . 2009-12-19 14:40     --------        d-----w-        c:\\programdata\\TVU Networks
2009-12-19 14:40 . 2009-12-19 14:39     --------        d-----w-        c:\\program files\\TVUPlayer
2009-12-19 10:22 . 2009-11-14 19:39     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\AIMP
2009-12-15 17:16 . 2009-12-15 17:16     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\Media Player Classic
2009-12-12 09:45 . 2009-12-20 19:17     880624  ----a-w-        C:\\SPTDinst-v162-x86.exe
2009-12-09 12:49 . 2009-11-20 11:39     --------        d-----w-        c:\\programdata\\Microsoft Help
2009-12-04 17:13 . 2009-11-14 11:40     --------        d-----w-        c:\\program files\\Malwarebytes\' Anti-Malware
2009-12-03 15:14 . 2009-11-14 11:40     38224   ----a-w-        c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-12-03 15:13 . 2009-11-14 11:40     19160   ----a-w-        c:\\windows\\system32\\drivers\\mbam.sys
2009-11-25 22:26 . 2009-11-20 11:41     --------        d-----w-        c:\\program files\\Microsoft Works
2009-11-21 11:19 . 2009-11-21 11:19     0       ---ha-w-        c:\\windows\\system32\\drivers\\Msft_User_WpdFs_01_09_00.Wdf
2009-11-20 11:40 . 2009-11-20 11:40     --------        d-----w-        c:\\program files\\Microsoft.NET
2009-11-16 08:06 . 2009-11-16 08:06     95896   ----a-w-        c:\\windows\\system32\\drivers\\epfwwfpr.sys
2009-11-16 08:03 . 2009-11-16 08:03     108792  ----a-w-        c:\\windows\\system32\\drivers\\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56     116520  ----a-w-        c:\\windows\\system32\\drivers\\eamon.sys
2009-11-15 12:16 . 2009-11-14 16:03     411368  ----a-w-        c:\\windows\\system32\\deploytk.dll
2009-11-15 12:16 . 2009-11-15 12:16     --------        d-----w-        c:\\program files\\Java
2009-11-14 22:02 . 2009-11-14 22:02     --------        d-----w-        c:\\program files\\Trend Micro
2009-11-14 21:12 . 2009-11-14 16:04     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\Nowe Gadu-Gadu
2009-11-14 21:04 . 2009-11-14 21:04     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\TVU Networks
2009-11-14 19:39 . 2009-11-14 19:38     --------        d-----w-        c:\\program files\\AIMP2
2009-11-14 19:37 . 2009-11-14 19:37     --------        d-----w-        c:\\program files\\NAPI-PROJEKT
2009-11-14 19:27 . 2009-11-14 19:27     348160  ----a-w-        c:\\windows\\system32\\Msvcr71.dll
2009-11-14 19:27 . 2009-11-14 19:27     1700352 ----a-w-        c:\\windows\\system32\\gdiplus.dll
2009-11-14 19:27 . 2009-11-14 19:27     1060864 ----a-w-        c:\\windows\\system32\\mfc71.dll
2009-11-14 16:06 . 2009-11-14 16:04     --------        d-----w-        c:\\program files\\Nowe Gadu-Gadu
2009-11-14 15:58 . 2009-11-14 15:58     --------        d-----w-        c:\\program files\\Common Files\\Adobe
2009-11-14 15:54 . 2009-11-14 15:54     --------        d-----w-        c:\\program files\\CCleaner
2009-11-14 11:40 . 2009-11-14 11:40     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\Malwarebytes
2009-11-14 11:40 . 2009-11-14 11:40     --------        d-----w-        c:\\programdata\\Malwarebytes
2009-11-14 11:03 . 2009-11-14 11:03     --------        d-----w-        c:\\users\\Grzesiek\\AppData\\Roaming\\ATI
2009-11-14 11:03 . 2009-11-14 11:03     --------        d-----w-        c:\\programdata\\ATI
2009-11-14 11:02 . 2009-11-14 11:02     0       ----a-w-        c:\\windows\\ativpsrm.bin
2009-11-14 11:01 . 2009-11-14 11:00     --------        d-----w-        c:\\program files\\ATI Technologies
2009-11-14 11:00 . 2009-11-14 11:00     --------        d-----w-        c:\\program files\\ATI
2009-11-14 11:00 . 2009-11-14 11:00     10134   ----a-r-        c:\\users\\Grzesiek\\AppData\\Roaming\\Microsoft\\Installer\\{EA5EF963-5264-BCFF-F700-E45F7094C98B}\\ARPPRODUCTICON.exe
2009-11-14 10:55 . 2009-11-14 10:55     --------        d--h--w-        c:\\program files\\Temp
2009-11-14 10:55 . 2009-11-14 10:55     319456  ----a-w-        c:\\windows\\DIFxAPI.dll
2009-11-14 10:55 . 2009-11-14 10:55     --------        d-----w-        c:\\program files\\Realtek
2009-11-14 10:54 . 2009-11-14 10:54     --------        d-----w-        c:\\program files\\Gigabyte
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Szablony
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Menu Start
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Dokumenty
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Dane aplikacji
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Ulubione
2009-11-14 10:51 . 2009-11-14 10:51     --------        d-sh--we        c:\\programdata\\Pulpit
2009-11-02 19:42 . 2009-11-14 15:26     195456  ------w-        c:\\windows\\system32\\MpSigStub.exe
2009-10-02 04:06 . 2009-11-14 15:25     728648  ----a-w-        c:\\windows\\system32\\drivers\\dxgkrnl.sys
2009-06-10 21:26 . 2009-07-14 02:04     9633792 --sha-r-        c:\\windows\\Fonts\\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42     396800  --sha-w-        c:\\windows\\winsxs\\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\\WinMail.exe
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Nowe Gadu-Gadu\"=\"c:\\program files\\Nowe Gadu-Gadu\\gg.exe\" [2009-08-31 11391592]
\"Sidebar\"=\"c:\\program files\\Windows Sidebar\\sidebar.exe\" [2009-07-14 1173504]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=\"c:\\program files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" [2009-11-16 2054360]
\"OutpostMonitor\"=\"c:\\progra~1\\Agnitum\\OUTPOS~1\\op_mon.exe\" [2009-07-28 1257800]
\"OutpostFeedBack\"=\"c:\\program files\\Agnitum\\Outpost Firewall Pro\\feedback.exe\" [2009-07-24 436552]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"ConsentPromptBehaviorAdmin\"= 5 (0x5)
\"ConsentPromptBehaviorUser\"= 3 (0x3)
\"EnableUIADesktopToggle\"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
\"AppInit_DLLs\"=c:\\progra~1\\Agnitum\\OUTPOS~1\\wl_hook.dll
 
R1 afw;Agnitum Firewall Driver;c:\\windows\\System32\\drivers\\afw.sys [2009-12-07 29208]
R1 ehdrv;ehdrv;c:\\windows\\System32\\drivers\\ehdrv.sys [2009-11-16 108792]
R1 SandBox;SandBox;c:\\windows\\System32\\drivers\\SandBox.sys [2009-12-07 714752]
R2 acssrv;Agnitum Client Security Service;c:\\progra~1\\Agnitum\\OUTPOS~1\\acs.exe [2009-12-07 1312584]
R2 AMD External Events Utility;AMD External Events Utility;c:\\windows\\System32\\atiesrxx.exe [2009-06-14 176128]
R2 ekrn;ESET Service;c:\\program files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\\windows\\System32\\drivers\\epfwwfpr.sys [2009-11-16 95896]
R2 ES lite Service;ES lite Service for program management.;c:\\program files\\Gigabyte\\EasySaver\\essvr.exe [2009-11-14 68136]
R3 afwcore;afwcore;c:\\windows\\System32\\drivers\\afwcore.sys [2009-12-07 317976]
R3 RTL8167;Realtek 8167 NT Driver;c:\\windows\\System32\\drivers\\Rt86win7.sys [2009-03-01 139776]
S3 ASWFilt;ASWFilt;c:\\windows\\System32\\Filt\\ASWFilt.dll [2009-12-07 33920]
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
FF - ProfilePath - c:\\users\\Grzesiek\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gczaicmm.default\\
FF - prefs.js: browser.startup.homepage - www.blaugrana.pl
FF - plugin: c:\\program files\\Microsoft\\Office Live\\npOLW.dll
FF - plugin: c:\\program files\\Veetle\\Player\\npvlc.dll
FF - plugin: c:\\program files\\Veetle\\plugins\\npVeetle.dll
FF - plugin: c:\\users\\Grzesiek\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gczaicmm.default\\extensions\\firefox@tvunetworks.com\\plugins\\npTVUAx.dll
FF - plugin: c:\\users\\Grzesiek\\AppData\\Roaming\\Nowe Gadu-Gadu\\_userdata\\npgg.1.dll
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
\"BlindDial\"=dword:00000000
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PCW\\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2009-12-20  21:43:41
ComboFix-quarantined-files.txt  2009-12-20 20:43
 
Przed: 117 726 007 296 bajtów wolnych
Po: 118 067 634 176 bajtów wolnych
 
- - End Of File - - 565986FBEFA90AE9B6BC9820AE517AB7
 
Wygenerowano w 0.100s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!