wklejto.pl

Dodane przez: ~Anonim (2013-02-20 15:37) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
ComboFix 13-02-18.02 - LS 2013-02-20  10:31:02.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1524 [GMT 1:00]
Uruchomiony z: c:\documents and settings\LS\Pulpit\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Temp
c:\windows\system32\Temp\KSKD87SFXS
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-01-20 do 2013-02-20  )))))))))))))))))))))))))))))))
.
.
2013-02-20 07:41 . 2013-02-20 07:41     --------        d-----w-        c:\windows\system32\wbem\Repository
2013-02-17 21:30 . 2013-02-17 21:30     558133  ----a-w-        c:\windows\system32\sqlite3.dll
2013-02-15 23:03 . 2013-02-15 23:03     --------        d-----w-        c:\documents and settings\LS\Ustawienia lokalne\Dane aplikacji\Black_Tree_Gaming
2013-02-15 23:02 . 2013-02-15 23:02     --------        d-----w-        c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\COMODO
2013-02-15 17:32 . 2013-02-15 17:32     --------        d-----w-        c:\windows\nvidia icons
2013-02-15 17:32 . 2008-05-03 04:46     442368  ----a-w-        c:\windows\system32\nvudisp.exe
2013-02-15 17:31 . 2008-04-30 16:27     442368  ----a-w-        c:\windows\system32\NVUNINST.EXE
2013-02-15 16:01 . 2013-02-15 17:32     --------        d-----w-        c:\windows\NVIEW
2013-02-15 15:25 . 2013-02-15 15:25     --------        d-----w-        c:\documents and settings\LS\jagexcache
2013-02-15 15:10 . 2013-02-15 15:10     292700  ----a-w-        c:\windows\system32\nvdrsdb0.bin
2013-02-15 15:10 . 2013-02-15 15:10     1       ----a-w-        c:\windows\system32\nvdrssel.bin
2013-02-15 15:10 . 2013-02-15 15:10     292700  ----a-w-        c:\windows\system32\nvdrsdb1.bin
2013-02-15 14:28 . 2013-02-15 14:28     --------        d-----w-        c:\program files\Your Company Name
2013-02-15 14:28 . 2001-11-28 02:58     1950    ----a-w-        c:\windows\system32\drivers\REGISTER.SYS
2013-02-09 01:50 . 2013-02-09 01:50     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\PassMark
2013-02-06 18:01 . 2013-02-19 17:17     --------        d-----w-        c:\documents and settings\LS\Dane aplikacji\XnView
2013-02-04 19:02 . 2013-02-04 19:04     --------        d-----w-        c:\windows\system32\Adobe
2013-02-02 01:06 . 2013-02-02 01:06     --------        d-----w-        c:\documents and settings\LS\Dane aplikacji\ASUS
2013-01-24 17:25 . 2013-01-24 17:25     47368   ----a-w-        c:\windows\system32\certsentry.dll
11747-11-13 19:58 . 2011-11-25 17:27    --------        d-sha-w-        c:\windows\xxclone.arc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 18:36 . 2012-05-01 15:12     697864  -c--a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-02-05 18:36 . 2012-02-03 11:26     74248   ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 03:27 . 2013-01-17 03:27     26984   ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2012-12-22 16:26 . 2012-12-22 16:26     242240  ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-15 17:36 . 2010-07-06 21:14     444952  ----a-w-        c:\windows\system32\wrap_oal.dll
2012-12-15 17:36 . 2010-07-06 21:14     109080  ----a-w-        c:\windows\system32\OpenAL32.dll
2012-12-14 23:19 . 2012-12-14 09:49     282104  ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-12-14 23:02 . 2012-12-14 03:45     282104  ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-12-14 03:45 . 2012-12-14 03:45     138056  ----a-w-        c:\documents and settings\LS\Dane aplikacji\PnkBstrK.sys
2012-12-10 14:22 . 2010-07-07 08:49     466008  ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-12-10 10:44 . 2012-12-10 10:44     1060864 ----a-w-        c:\windows\system32\mfc71.dll
2012-12-28 21:08 . 2012-05-01 13:47     262112  ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06        163328  --sha-r-        c:\windows\system32\flvDX.dll
2007-02-21 12:47        31232   -csha-r-        c:\windows\system32\msfDX.dll
2008-03-16 14:30        216064  -csha-r-        c:\windows\system32\nbDX.dll
2010-01-06 23:00        107520  -csha-r-        c:\windows\system32\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-06 . B0870DC4AE8A0A40C45EC66BCDE3E523 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2012-08-06 . B0870DC4AE8A0A40C45EC66BCDE3E523 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2012-08-06 . B0870DC4AE8A0A40C45EC66BCDE3E523 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
.
c:\documents and settings\LS\Menu Start\Programy\Autostart\
tclock2.lnk - c:\programy\tclock2_120\tclock2.exe [2011-6-7 90624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute     REG_MULTI_SZ    autocheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
2004-04-26 15:21        270336  ----a-w-        c:\programy\Stardock\WinCustomize\BootSkin\BootSkin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46        3673728 ----a-w-        c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2013-02-17 21:22        116648  ----atw-        c:\documents and settings\LS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 16:30        249856  -c--a-w-        c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\System32\CTFMON.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programy\\Gadu-Gadu 10\\gg.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programy\\Opera\\opera.exe"=
"c:\\Programy\\uTorrentt\\uTorrent.exe"=
"e:\\Gry\\Cryptic Studios ST ON\\Star Trek Online.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16806:TCP"= 16806:TCP:*:Disabled:utor
"16806:UDP"= 16806:UDP:*:Disabled:utor
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-01-17 26984]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-08 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-22 242240]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [2010-07-06 136360]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2013-01-24 2074256]
R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-07-06 2034304]
S3 cpuz130;cpuz130; [x]
S3 EagleXNt;EagleXNt; [x]
S3 esgiguard;esgiguard; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
--- Inne Usugi/Sterowniki w Pamici ---
.
*Deregistered* - project
.
Zawarto folderu 'Zaplanowane zadania'
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:36]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core1ce0d589114a7fa.job
- c:\documents and settings\LS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2013-02-17 21:22]
.
.
------- Skan uzupeniajcy -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: ????3??
IE: ????3??????
IE: Download with &Media Finder
IE: ????3??
IE: ????3??????
TCP: Interfaces\{C1F346AE-C4C5-4F95-8794-A833C810A87F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\LS\Dane aplikacji\Mozilla\Firefox\Profiles\vjjct0ps.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://pl.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2013-02-16 00:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-20 10:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skanowanie ukrytych procesw ...  
.
skanowanie ukrytych wpisw autostartu ... 
.
skanowanie ukrytych plikw ...  
.
skanowanie pomylnie ukoczone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(u_f3*N}]
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(u_f3*N}hQc]
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,cf,74,9d,d8,0a,5e,f2,fa,96,92,7a,40,0c,eb,f2,d2,9c,bf,47,68,
   74,4e,1a,cd,eb,fb,9c,98,b7,75,d3,32,cf,66,bc,aa,ec,49,b0,b7,ff,72,e0,dc,23,\
"rkeysecu"=hex:d2,c4,6a,ba,f7,e6,95,c5,72,e1,9f,f6,2a,12,3f,bc
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(524)
c:\windows\system32\cmdcsr.dll
.
Czas ukoczenia: 2013-02-20  10:36:20
ComboFix-quarantined-files.txt  2013-02-20 09:36
ComboFix2.txt  2013-01-30 23:17
.
Przed: 11575111680 bajtw wolnych
Po: 11552903168 bajtw wolnych
.
- - End Of File - - 61AE4538719E04CDA7F59AF406EFEB4A
 
Wygenerowano w 0.070s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!