wklejto.pl

Dodane przez: ~peszek (2008-10-21 11:56) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
ComboFix 08-10-19.04 - PESZEK 2008-10-21 12:03:25.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.387 [GMT 2:00]
Uruchomiony z: G:\\ComboFix.exe
Użyto następujących komend :: G:\\CFScript.txt
 * Utworzono nowy punkt przywracania
 
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
 
FILE ::
C:\\Documents and Settings\\PESZEK\\nkp2.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\PESZEK\\nkp2.exe
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2008-09-21 do 2008-10-21  )))))))))))))))))))))))))))))))
.
 
2008-10-14 09:35 . 2008-10-14 09:54     <DIR>   d--------       C:\\WINDOWS\\system32\\CatRoot_bak
2008-10-04 13:34 . 2008-10-06 09:45     42      --a------       C:\\WINDOWS\\fiscprn.ini
2008-10-04 13:33 . 2008-10-04 13:33     <DIR>   d--------       C:\\Symfonia
2008-10-04 13:33 . 2008-10-04 13:33     63      --a------       C:\\WINDOWS\\mxreader.INI
2008-09-23 12:47 . 2008-09-23 12:47     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Nokia
2008-09-23 12:43 . 2008-09-23 12:43     <DIR>   d--------       C:\\Program Files\\MSXML 6.0
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 07:42        ---------       d-----w C:\\Program Files\\EuroFaktura 1.2
2008-10-20 15:16        ---------       d-----w C:\\Documents and Settings\\PESZEK\\Dane aplikacji\\FileZilla
2008-10-01 12:08        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\FLEXnet
2008-09-23 10:43        ---------       d-----w C:\\Program Files\\Nokia
2008-09-23 10:43        ---------       d-----w C:\\Program Files\\Common Files\\Nokia
2008-09-23 10:42        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Installations
2008-09-23 10:36        ---------       d-----w C:\\Documents and Settings\\PESZEK\\Dane aplikacji\\Nokia
2008-09-13 13:12        ---------       d-----w C:\\Documents and Settings\\PESZEK\\Dane aplikacji\\Gadu-Gadu
2008-08-27 05:48        ---------       d-----w C:\\Program Files\\Common Files\\PCSuite
2008-08-27 05:47        ---------       d-----w C:\\Program Files\\PC Connectivity Solution
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 15360]
\"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\"=\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\" [2006-11-16 139264]
\"PC Suite Tray\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" [2008-08-11 1124352]
\"H/PC Connection Agent\"=\"C:\\PROGRA~1\\MI3AA1~1\\wcescomm.exe\" [2005-11-15 1200128]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSync2.exe\" [2008-06-17 1249280]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"IAAnotif\"=\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\" [2007-03-21 174872]
\"IgfxTray\"=\"C:\\WINDOWS\\system32\\igfxtray.exe\" [2007-11-06 142104]
\"HotKeysCmds\"=\"C:\\WINDOWS\\system32\\hkcmd.exe\" [2007-11-06 162584]
\"Persistence\"=\"C:\\WINDOWS\\system32\\igfxpers.exe\" [2007-11-06 138008]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-11-06 888832]
\"ATKHOTKEY\"=\"C:\\Program Files\\ATK Hotkey\\Hcontrol.exe\" [2007-04-24 225280]
\"GrooveMonitor\"=\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 31016]
\"avast!\"=\"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-07-19 78008]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\" [2008-06-10 144784]
\"ISUSPM Startup\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" [2005-08-11 249856]
\"ISUSScheduler\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" [2005-08-11 81920]
\"PWRISOVM.EXE\"=\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\" [2007-08-07 200704]
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\qttask.exe\" [2008-05-27 413696]
\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2008-01-11 39792]
\"Acrobat Assistant 8.0\"=\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\" [2008-01-11 623992]
\"Adobe_ID0EYTHM\"=\"C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE\" [2007-03-20 1884160]
\"OrderReminder\"=\"C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe\" [2006-01-30 98304]
\"NeroFilterCheck\"=\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2006-01-12 155648]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-11-06 C:\\WINDOWS\\RTHDCPL.exe]
\"SkyTel\"=\"SkyTel.EXE\" [2007-11-06 C:\\WINDOWS\\SkyTel.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Logo Calibration Loader.lnk - C:\\Program Files\\GretagMacbeth\\i1\\Eye-One Match 3\\CalibrationLoader\\CalibrationLoader.exe [2008-05-12 708608]
ProfileReminder.lnk - C:\\Program Files\\GretagMacbeth\\i1\\Eye-One Match 3\\ProfileReminder.exe [2008-05-12 954368]
Wyszukiwanie z pulpitu systemu Windows.lnk - C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe [2007-02-05 118784]
 
[hkey_local_machine\\software\\microsoft\\windows\\currentversion\\explorer\\ShellExecuteHooks]
\"{56F9679E-7826-4C84-81F3-532071A8BCC5}\"= \"C:\\Program Files\\Windows Desktop Search\\MSNLNamespaceMgr.dll\" [2007-02-05 294400]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.avis\"= ff_acm.acm
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"C:\\\\Program Files\\\\Id\\\\Quake3\\\\quake3e.exe\"=
\"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe\"= C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"= C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
\"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe\"= C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
\"C:\\\\Program Files\\\\Azureus\\\\Azureus.exe\"=
\"C:\\\\Program Files\\\\Multi-Edit 9.10\\\\MeUpg.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"C:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"C:\\\\Program Files\\\\Common Files\\\\Adobe\\\\Adobe Version Cue CS3\\\\Server\\\\bin\\\\VersionCueCS3.exe\"=
\"C:\\\\Program Files\\\\Nokia\\\\Nokia Software Updater\\\\nsu_ui_client.exe\"=
\"C:\\\\Program Files\\\\Common Files\\\\Nokia\\\\Service Layer\\\\A\\\\nsl_host_process.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"26675:TCP\"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
\"3703:TCP\"= 3703:TCP:Adobe Version Cue CS3 Server
\"3704:TCP\"= 3704:TCP:Adobe Version Cue CS3 Server
\"50900:TCP\"= 50900:TCP:Adobe Version Cue CS3 Server
\"50901:TCP\"= 50901:TCP:Adobe Version Cue CS3 Server
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-07-19 78416]
R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;C:\\Program Files\\ABBYY FineReader 9.0\\NetworkLicenseServer.exe [2007-09-24 566560]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-07-19 20560]
R2 PDIHWCTL;PDIHWCTL;C:\\WINDOWS\\system32\\drivers\\pdihwctl.sys [2007-01-25 14416]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\\WINDOWS\\system32\\DRIVERS\\RTL8187B.sys [2007-11-06 264576]
S3 i1display;i1 Display;C:\\WINDOWS\\system32\\Drivers\\i1display.sys [2004-10-15 44344]
 
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 12:04:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesów ... 
 
skanowanie ukrytych wpisów autostartu ...
 
skanowanie ukrytych plików ... 
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
Czas ukończenia: 2008-10-21 12:04:58
ComboFix-quarantined-files.txt  2008-10-21 10:04:47
ComboFix2.txt  2008-10-21 09:43:03
 
Przed: 19 370 536 960 bajtów wolnych
Po: 19,360,145,408 bajtów wolnych
 
127     --- E O F ---   2008-09-24 18:33:29
 
Wygenerowano w 0.065s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!