wklejto.pl

Dodane przez: ~dyszel (2010-04-29 20:48) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
ComboFix 10-04-27.04 - xxx 2010-04-29  20:40:01.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.318 [GMT 2:00]
Uruchomiony z: c:\\documents and settings\\xxx\\Pulpit\\ComboFix.exe
Użyto następujących komend :: c:\\documents and settings\\xxx\\Pulpit\\CFScript.txt
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\documents and settings\\All Users\\Dane aplikacji\\avG
c:\\documents and settings\\LocalService\\Ustawienia lokalne\\Dane aplikacji\\avG
c:\\documents and settings\\LocalService\\Ustawienia lokalne\\Dane aplikacji\\iasmapDraw
c:\\documents and settings\\xxx\\Ustawienia lokalne\\Dane aplikacji\\avG
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2010-03-28 do 2010-04-29  )))))))))))))))))))))))))))))))
.
 
2010-04-28 09:59 . 2010-04-28 09:59     --------        d-----w-        c:\\windows\\Sun
2010-04-26 21:30 . 2010-04-26 21:30     1216176 ----a-w-        c:\\documents and settings\\xxx\\Dane aplikacji\\GameRanger\\GameRanger\\GameRanger.exe
2010-04-22 19:58 . 2010-04-13 07:02     922400  ----a-w-        c:\\documents and settings\\xxx\\Dane aplikacji\\Sun\\Java\\JRERunOnce.exe
2010-04-22 19:58 . 2010-04-22 19:58     --------        d-----w-        c:\\program files\\Common Files\\Java
2010-04-22 19:57 . 2010-04-22 19:57     79488   ----a-w-        c:\\documents and settings\\xxx\\Dane aplikacji\\Sun\\Java\\jre1.6.0_20\\gtapi.dll
2010-04-20 17:02 . 2010-04-20 17:08     --------        d-----w-        c:\\windows\\SxsCaPendDel
2010-04-03 19:25 . 2010-04-03 19:25     --------        d-----w-        c:\\documents and settings\\xxx\\Ustawienia lokalne\\Dane aplikacji\\Codemasters
2010-04-03 19:19 . 2010-04-03 19:19     --------        d-----w-        c:\\documents and settings\\All Users\\Documents
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 18:32 . 2009-12-19 09:43     --------        d-----w-        c:\\documents and settings\\xxx\\Dane aplikacji\\DNA
2010-04-29 16:42 . 2009-12-19 09:43     --------        d-----w-        c:\\program files\\DNA
2010-04-29 07:59 . 2010-01-23 14:01     --------        d-----w-        c:\\documents and settings\\All Users\\Dane aplikacji\\Z-Software
2010-04-28 10:28 . 2010-02-04 07:19     24      ----a-w-        c:\\program files\\Common Files\\userInit.dll
2010-04-17 17:53 . 2009-08-01 16:32     --------        d--h--w-        c:\\program files\\InstallShield Installation Information
2010-04-02 09:59 . 2010-02-03 16:16     --------        d-----w-        c:\\documents and settings\\xxx\\Dane aplikacji\\Tibia
2010-03-28 12:07 . 2010-02-22 16:01     --------        d---a-w-        c:\\documents and settings\\All Users\\Dane aplikacji\\TEMP
2010-03-28 08:32 . 2001-10-26 17:15     75486   ----a-w-        c:\\windows\\system32\\perfc015.dat
2010-03-28 08:32 . 2001-10-26 17:15     451352  ----a-w-        c:\\windows\\system32\\perfh015.dat
2010-02-18 23:52 . 2010-02-18 23:52     48816   ----a-w-        c:\\documents and settings\\xxx\\Dane aplikacji\\GameRanger\\GameRanger\\Data\\GameRangerLaunch.dll
2010-02-18 23:52 . 2010-02-18 23:52     155312  ----a-w-        c:\\documents and settings\\xxx\\Dane aplikacji\\GameRanger\\GameRanger\\Data\\GameRanger.dll
2010-02-04 08:01 . 2010-04-20 17:06     74072   ----a-w-        c:\\windows\\system32\\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-20 17:06     528216  ----a-w-        c:\\windows\\system32\\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-20 17:06     238936  ----a-w-        c:\\windows\\system32\\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-20 17:06     22360   ----a-w-        c:\\windows\\system32\\X3DAudio1_7.dll
2010-02-03 20:57 . 2010-02-03 20:57     27958   ----a-w-        c:\\program files\\Common Files\\logonInit.dll
.
 
(((((((((((((((((((((((((((((   SnapShot@2010-04-28_14.04.39   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-29 18:38 . 2010-04-29 18:38   16384              c:\\windows\\Temp\\Perflib_Perfdata_374.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"RocketDock\"=\"d:\\programy\\RocketDock\\RocketDock.exe\" [2007-09-02 495616]
\"BitTorrent DNA\"=\"c:\\program files\\DNA\\btdna.exe\" [2009-12-19 323392]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-26 31016]
\"HPDJ Taskbar Utility\"=\"c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\hpztsb12.exe\" [2005-03-08 176128]
\"HP Software Update\"=\"c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2005-05-11 49152]
\"SunJavaUpdateSched\"=\"c:\\program files\\Common Files\\Java\\Java Update\\jusched.exe\" [2010-02-18 248040]
\"BrMfcWnd\"=\"c:\\program files\\Brother\\Brmfcmon\\BrMfcWnd.exe\" [2007-03-12 663552]
\"ControlCenter3\"=\"c:\\program files\\Brother\\ControlCenter3\\brctrcen.exe\" [2007-01-26 65536]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
c:\\documents and settings\\xxx\\Menu Start\\Programy\\Autostart\\
csrss.exe [2010-3-10 547858]
GameRanger.lnk - c:\\documents and settings\\xxx\\Dane aplikacji\\GameRanger\\GameRanger\\GameRanger.exe [2010-4-26 1216176]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
HP Digital Imaging Monitor.lnk - c:\\program files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2005-5-11 282624]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\LogonInit]
logonInit.dll [BU]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"aux1\"=SMNT40.dll
\"mixer\"=SMNT40.dll
\"wave1\"=SMNT40.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
\"FirewallOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
\"DisableNotifications\"= 1 (0x1)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"d:\\\\Programy\\\\Gadu-Gadu\\\\gg.exe\"=
\"d:\\\\Gry\\\\FIFA 08\\\\FIFA08.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\dplaysvr.exe\"=
\"d:\\\\Gry\\\\Praetorians\\\\Praetorians.exe\"=
\"c:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\javaw.exe\"=
\"c:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\java.exe\"=
\"d:\\\\Gry\\\\Quake III Arena\\\\quake3.exe\"=
\"d:\\\\Gry\\\\Need for Speed Carbon\\\\NFSC.exe\"=
\"d:\\\\Gry\\\\FA 10\\\\FIFA10.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpofxm08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposfx08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqscnvw.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqCopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpfccopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpzwiz01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqPhUnl.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqDIA.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpoews01.exe\"=
\"d:\\\\Gry\\\\cs\\\\hl.exe\"=
\"d:\\\\Programy\\\\Opera\\\\opera.exe\"=
\"d:\\\\Gry\\\\Stronghold Crusader\\\\Stronghold Crusader.exe\"=
\"c:\\\\Program Files\\\\DNA\\\\btdna.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"d:\\\\Gry\\\\Imperial Glory\\\\ImperialGlory.exe\"=
\"d:\\\\Gry\\\\Metin2_PL\\\\metin2.bin\"=
\"d:\\\\Gry\\\\Metin2_PL\\\\metin2client.bin\"=
\"d:\\\\Gry\\\\cs\\\\hlds.exe\"=
 
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\\windows\\system32\\drivers\\pe3ah4nb.sys [2007-07-09 64616]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\\windows\\system32\\drivers\\ps6ah4nb.sys [2007-07-09 54896]
S0 sptd;sptd;c:\\windows\\system32\\drivers\\sptd.sys [2009-08-06 721904]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\\windows\\system32\\pr2ah4nb.exe svc --> c:\\windows\\system32\\pr2ah4nb.exe svc [?]
.
Zawartość folderu \'Zaplanowane zadania\'
 
2010-04-27 c:\\windows\\Tasks\\AppleSoftwareUpdate.job
- c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
Trusted Zone: darkorbit.pl
FF - ProfilePath - c:\\documents and settings\\xxx\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\q0ys9pin.default\\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - plugin: c:\\documents and settings\\All Users\\Dane aplikacji\\id Software\\QuakeLive\\npquakezero.dll
FF - plugin: c:\\documents and settings\\xxx\\Dane aplikacji\\Nowe Gadu-Gadu\\_userdata\\npgg.1.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npunagi2.dll
FF - plugin: d:\\programy\\Opera\\program\\plugins\\npdsplay.dll
FF - plugin: d:\\programy\\Opera\\program\\plugins\\NPMetaStream3.dll
FF - plugin: d:\\programy\\Opera\\program\\plugins\\NPOFF12.DLL
FF - plugin: d:\\programy\\Opera\\program\\plugins\\npwmsdrm.dll
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 20:45
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(524)
c:\\windows\\system32\\Ati2evxx.dll
.
Czas ukończenia: 2010-04-29  20:47:17
ComboFix-quarantined-files.txt  2010-04-29 18:47
ComboFix2.txt  2010-04-29 07:46
ComboFix3.txt  2010-04-28 14:08
 
Przed: 6 964 633 600 bajtów wolnych
Po: 6 935 367 680 bajtów wolnych
 
- - End Of File - - 408550EF148B80E15E31FF6649680009
 
Wygenerowano w 0.079s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to! Poinformuj znajomych przez E-mail

Nowy Komentarz:

Komentarze:

Brak Komentarzy!
mulberry bags mulberry outlet mulberry sale mulberry handbags mulberry bag mulberry bags mulberry outlet mulberry sale mulberry handbags mulberry bag mulberry purse mulberry bayswater mulberry outlet york mulberry factory shop mulberry uk mulberry purse mulberry bayswater mulberry outlet york mulberry factory shop mulberry uk sac longchamp saint francois longchamp sacs longchamp sac longchamp pliage longchamp pas cher Babyliss Pro Perfect Curl babyliss curl secret babyliss perfect curl babyliss babyliss pro