wklejto.pl

Dodane przez: ~sas (2009-04-11 16:29) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
ComboFix 09-04-04.01 - Sasus 2009-04-11 16:40:17.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.1475 [GMT 2:00]
Uruchomiony z: d:\\instalki\\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
 * Utworzono nowy punkt przywracania
 * Resident AV is active
 
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\Microsoft\\Network\\Downloader\\qmgr0.dat
c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\Microsoft\\Network\\Downloader\\qmgr1.dat
c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\BITS
c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\BITS\\BITS.ini
c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\BITS\\DHTTable.dat
c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\BITS\\ProxyList.ini
c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\BITS\\UPnP.ini
c:\\windows\\services.exe
 
----- BITS: Możliwe zainfekowane strony -----
 
hxxp://banksguard com
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-03-11 do 2009-04-11  )))))))))))))))))))))))))))))))
.
 
2009-04-11 15:50 . 2009-04-11 15:50     280     --a------       c:\\windows\\game.ini
2009-04-10 18:47 . 2009-04-11 14:22     <DIR>   d--------       c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\Spybot - Search & Destroy
2009-04-10 13:30 . 2009-04-11 16:41     <DIR>   d--------       c:\\program files\\cFosSpeed
2009-04-10 13:30 . 2009-02-13 11:31     787,672 --a------       c:\\windows\\system32\\drivers\\cfosspeed.sys
2009-04-10 13:30 . 2009-02-13 11:31     290,008 --a------       c:\\windows\\system32\\cfosspeed.dll
2009-04-03 14:02 . 2009-03-09 15:27     4,178,264       --a------       c:\\windows\\system32\\D3DX9_41.dll
2009-04-03 14:02 . 2009-03-09 15:27     1,846,632       --a------       c:\\windows\\system32\\D3DCompiler_41.dll
2009-04-03 14:02 . 2009-03-16 14:18     517,448 --a------       c:\\windows\\system32\\XAudio2_4.dll
2009-04-03 14:02 . 2009-03-09 15:27     453,456 --a------       c:\\windows\\system32\\d3dx10_41.dll
2009-04-03 14:02 . 2009-03-16 14:18     235,352 --a------       c:\\windows\\system32\\xactengine3_4.dll
2009-04-03 14:02 . 2009-03-16 14:18     69,448  --a------       c:\\windows\\system32\\XAPOFX1_3.dll
2009-04-03 14:02 . 2009-03-16 14:18     22,360  --a------       c:\\windows\\system32\\X3DAudio1_6.dll
2009-03-31 18:55 . 2009-03-31 18:55     <DIR>   d--------       c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\NVIDIA
2009-03-31 16:20 . 2009-03-31 16:20     <DIR>   d--------       c:\\documents and settings\\Sasus.W-56FA654D2EB24\\.gstreamer-0.10
2009-03-29 19:16 . 2009-03-29 19:16     <DIR>   d--------       c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\nView_Profiles
2009-03-28 11:48 . 2009-03-28 11:50     <DIR>   d--------       c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\GetRightToGo
2009-03-23 14:49 . 2009-03-23 14:49     <DIR>   d--------       c:\\program files\\OO Software
2009-03-23 14:33 . 2009-03-23 14:33     <DIR>   d--------       c:\\windows\\system32\\AGEIA
2009-03-23 14:33 . 2009-03-23 14:33     <DIR>   d--------       c:\\program files\\AGEIA Technologies
2009-03-23 14:32 . 2009-03-23 14:32     <DIR>   d--------       c:\\windows\\nview
2009-03-23 14:32 . 2008-12-23 22:58     453,152 --a------       c:\\windows\\system32\\NVUNINST.EXE
2009-03-23 14:32 . 2008-12-26 01:08     453,152 --a------       c:\\windows\\system32\\nvudisp.exe
2009-03-23 14:32 . 2009-04-11 15:43     211,328 --a------       c:\\windows\\system32\\nvapps.xml
2009-03-23 14:32 . 2008-12-26 01:08     18,725  --a------       c:\\windows\\system32\\nvdisp.nvu
2009-03-21 00:25 . 2009-03-21 00:25     41,808  --a------       c:\\windows\\system32\\xfcodec.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 14:00        ---------       d--h--w c:\\program files\\InstallShield Installation Information
2009-04-11 10:51        189,768 ----a-w c:\\windows\\system32\\PnkBstrB.exe
2009-04-11 10:44        137,928 ----a-w c:\\windows\\system32\\drivers\\PnkBstrK.sys
2009-04-11 10:33        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Xfire
2009-04-11 09:51        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\teamspeak2
2009-04-10 14:48        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\mIRC
2009-04-09 14:46        ---------       d---a-w c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\TEMP
2009-04-02 14:53        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Skype
2009-04-02 14:24        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\skypePM
2009-03-23 12:33        ---------       d-----w c:\\program files\\Common Files\\Wise Installation Wizard
2009-03-23 11:46        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Nowe Gadu-Gadu
2009-03-20 15:14        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\FileZilla
2009-03-07 10:55        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\XnView
2009-03-03 16:08        75,064  ----a-w c:\\windows\\system32\\PnkBstrA.exe
2009-02-28 09:23        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Mobipocket
2009-02-26 18:21        ---------       d-----w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\dyyno-vlc
2009-02-26 12:50        ---------       d-----w c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\Microsoft Help
2009-02-25 20:59        730,368 ----a-w c:\\windows\\system32\\oodsvct.exe
2009-02-25 20:59        1,352,960       ----a-w c:\\windows\\system32\\oodag.exe
2009-02-25 20:59        1,316,096       ----a-w c:\\windows\\system32\\ooscrsav.scr
2009-02-25 20:58        2,553,088       ----a-w c:\\windows\\system32\\oodtray.exe
2009-02-25 20:57        194,816 ----a-w c:\\windows\\system32\\oodbs.exe
2009-02-25 20:53        951,552 ----a-w c:\\windows\\system32\\oodtrrs.dll
2009-02-25 20:53        9,984   ----a-w c:\\windows\\system32\\oodbsrs.dll
2009-02-25 20:53        8,448   ----a-w c:\\windows\\system32\\OODAGRS.DLL
2009-02-25 20:53        541,952 ----a-w c:\\windows\\system32\\oodssrs.dll
2009-02-25 20:52        15,616  ----a-w c:\\windows\\system32\\OODAGMG.DLL
2009-02-24 13:36        ---------       d-----w c:\\program files\\SkanerOnline
2009-02-23 19:05        37,896  ----a-w c:\\windows\\system32\\drivers\\oobctm.sys
2009-02-23 19:03        15,104  ----a-w c:\\windows\\system32\\ootmapi.dll
2009-02-11 18:09        ---------       d-----w c:\\program files\\Microsoft.NET
2009-02-11 18:07        ---------       d-----w c:\\program files\\Microsoft Visual Studio 8
2009-02-11 14:49        ---------       d-----w c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\Avery
2009-01-30 15:09        73,216  ----a-w c:\\windows\\ST6UNST.EXE
2009-01-30 15:09        286,720 ------w c:\\windows\\Setup1.exe
2009-01-21 16:11        473,600 ----a-w c:\\windows\\system32\\SkanerOnline.dll
2008-11-16 14:18        32      ----a-w c:\\documents and settings\\All Users.WINDOWS\\Dane aplikacji\\ezsid.dat
2008-11-11 08:53        22,328  ----a-w c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\PnkBstrK.sys
2008-09-27 08:39        32,768  --sha-w c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\MSHist012008092720080928\\index.dat
.
 
------- Sigcheck -------
 
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8      c:\\windows\\$hf_mig$\\KB941644\\SP2QFE\\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48      c:\\windows\\$hf_mig$\\KB951748\\SP2QFE\\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d      c:\\windows\\$hf_mig$\\KB951748\\SP3GDR\\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e      c:\\windows\\$hf_mig$\\KB951748\\SP3QFE\\tcpip.sys
2008-06-20 12:45  360320  bcfabafe7b7d141e7ff7f07ee0ca309c      c:\\windows\\$NtServicePackUninstall$\\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c      c:\\windows\\$NtUninstallKB941644$\\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733      c:\\windows\\$NtUninstallKB951748$\\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178      c:\\windows\\$NtUninstallKB951748_0$\\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733      c:\\windows\\ServicePackFiles\\i386\\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733      c:\\windows\\SoftwareDistribution\\Download\\dd64aa87403cfac627c6c8f37d245aa4\\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d      c:\\windows\\system32\\dllcache\\tcpip.sys
2008-06-20 13:51  361600  a1e5f364cbf3dfd4ca276774e29df896      c:\\windows\\system32\\drivers\\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=\"c:\\program files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" [2009-02-06 2021400]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2008-12-26 13680640]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2008-12-26 86016]
\"cFosSpeed\"=\"c:\\program files\\cFosSpeed\\cFosSpeed.exe\" [2009-02-13 876760]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-04-12 c:\\windows\\RTHDCPL.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.HFYU\"= huffyuv.dll
\"vidc.DIV3\"= DivXc32.dll
\"vidc.DIV4\"= DivXc32f.dll
\"msacm.divxa32\"= DivXa32.acm
\"VIDC.XFR1\"= xfcodec.dll
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\session manager]
BootExecute     REG_MULTI_SZ    autocheck autochk *\\[u]0[/u]lsdelete\\[u]0[/u]OODBS
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 d:\\program files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AdobeUpdater]
--a------ 2008-11-24 20:00 2356088 c:\\program files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 c:\\program files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Creative WebCam Tray]
--------- 2005-10-27 12:00 299008 c:\\program files\\Creative\\Shared Files\\CamTray.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 d:\\program files\\DAEMON Tools Lite\\daemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DeviceDiscovery]
--a------ 2002-12-02 20:56 40960 c:\\program files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
-ra------ 2002-12-17 11:40 49152 c:\\program files\\Hewlett-Packard\\HP Software Update\\hpwuSchd.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HPDJ Taskbar Utility]
--a------ 2003-03-11 10:08 172032 c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--------- 2008-04-14 22:51 1695232 c:\\program files\\Messenger\\msmsgs.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\\program files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Nowe Gadu-Gadu]
--a------ 2009-02-27 18:12 9339496 d:\\program files\\Nowe Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvMediaCenter]
--a------ 2008-12-26 01:08 86016 c:\\windows\\system32\\nvmctray.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\OODefragTray]
--a------ 2009-02-25 22:58 2553088 c:\\windows\\system32\\oodtray.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\\program files\\QuickTime\\QTTask.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 d:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 c:\\program files\\Java\\jre1.6.0_06\\bin\\jusched.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2008-04-01 20:49 36352 d:\\program files\\Winamp\\winampa.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\nwiz]
--a------ 2008-12-26 01:08 1657376 c:\\windows\\system32\\nwiz.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"d:\\\\Program Files\\\\Nowe Gadu-Gadu\\\\gg.exe\"=
\"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"c:\\\\Program Files\\\\BitSpirit\\\\BitSpirit.exe\"=
\"d:\\\\Program Files\\\\Xfire\\\\xfire.exe\"=
\"c:\\\\Program Files\\\\SopCast\\\\adv\\\\SopAdver.exe\"=
\"c:\\\\Program Files\\\\SopCast\\\\SopCast.exe\"=
\"c:\\\\totalcmd\\\\TOTALCMD.EXE\"=
\"d:\\\\Program Files\\\\Activision\\\\Call of Duty 2\\\\CoD2MP_s.exe\"=
\"d:\\\\Program Files\\\\mIRC\\\\mirc.exe\"=
\"d:\\\\Program Files\\\\phpDesigner 2008\\\\phpDesigner2008.exe\"=
\"d:\\\\Instalki\\\\winscp417.exe\"=
\"d:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"c:\\\\Documents and Settings\\\\Sasus.W-56FA654D2EB24\\\\Ustawienia lokalne\\\\Dane aplikacji\\\\Dyyno Receiver\\\\DPPM.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"8461:TCP\"= 8461:TCP:GoD High Port
\"8462:TCP\"= 8462:TCP:GoD Low Port
 
R1 ehdrv;ehdrv;c:\\windows\\system32\\drivers\\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\\windows\\system32\\drivers\\epfwtdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\\program files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-02-06 727720]
R3 V0260VID;Live! Cam Vista IM;c:\\windows\\system32\\drivers\\V0260Vid.sys [2008-08-03 162176]
S2 .EsetTrialReset;Eset Trial Reset;c:\\windows\\system32\\regedt32.exe [2001-10-26 3584]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\\windows\\system32\\regedt32.exe [2001-10-26 3584]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
HKLM-Run-V-System - c:\\windows\\Services.exe
MSConfigStartUp-AlcoholAutomount - d:\\program files\\Alcohol Soft\\Alcohol 120\\axcmd.exe
MSConfigStartUp-ares - d:\\program files\\Ares\\Ares.exe
MSConfigStartUp-BearShare - d:\\program files\\BearShare\\BearShare.exe
MSConfigStartUp-Expressivo - d:\\program files\\ivo\\Expressivo\\expressivo.exe
MSConfigStartUp-Flashget - d:\\progra~1\\FlashGet\\FlashGet.exe
MSConfigStartUp-Gadu-Gadu - d:\\program files\\Gadu-Gadu\\gg.exe
MSConfigStartUp-No-IP Client 1 - d:\\program files\\No-IP Client\\noipclient.exe
MSConfigStartUp-RGSC - d:\\program files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe
 
 
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.bearshare.com/pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &Pobierz wszystko przez FlashGet - d:\\program files\\FlashGet Network\\FlashGet universal\\ComDlls\\Bhoall.htm
IE: &Pobrane przez FlashGet - d:\\program files\\FlashGet Network\\FlashGet universal\\ComDlls\\Bholink.htm
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MI1933~1\\Office12\\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - c:\\program files\\BitSpirit\\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {28ABCDA2-2E8E-4229-A3D5-83B8FB970C8C} = 194.204.159.1 217.98.63.164
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\c7l8qp1z.default\\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/
FF - plugin: c:\\documents and settings\\Sasus.W-56FA654D2EB24\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\c7l8qp1z.default\\extensions\\NPDyyno@dyyno.com\\plugins\\npDyyno.dll
FF - plugin: d:\\program files\\Adobe\\Reader 8.0\\Reader\\browser\\nppdf32.dll
FF - plugin: d:\\program files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nppl3260.dll
FF - plugin: d:\\program files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nprpjplug.dll
FF - plugin: d:\\program files\\Mozilla Firefox\\plugins\\np-mswmp.dll
FF - plugin: d:\\program files\\Mozilla Firefox\\plugins\\NPMyGlSh.dll
.
 
**************************************************************************
 
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 16:41:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows\\CurrentVersion\\System*]
\"OODEFRAG11.00.00.01WORKSTATION\"=\"F1751FCE974B04A89C7AF5C5349C37D426991F75E8631DBC506F2EE2E948EE9DAA78A90815C385A47E563951066DECB885A41F27F0D94943F4658609560A8A9A53EEA0B686E8F56E20FA8CEB6958F052D2371CAA29D42F469AEF58161D1F2061FBC1E25B09F9B87F39639EADB17E840489FDB0D03B750C32208EC9345A4607860B5FC498D2F96431D2908FD3C8C21B13F7A8EA90669FD0D33DC1F6B2C2094F013BBB0EB8AA30C346CB84F33FACCCDBA7C36CCB04FB7C225C7810ED841E2FB72D994DFBA6EE2855E1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933A710EF07515DD7C03D9BC1950582332AD5738D223B2AB726DA9D5E432676D8B4C5D1B4F34FC9E410EDF127C020408E9EB78F4D02AEBBB9748B7F7EA6DD8928E89A075A8D4E0A69367D8B28F0A0F11F2D97DB836103999576538A56CC93DAA1E7274CA8A090FEDAE571F43A6AD93C1E501F7AEF1B40C76110A28F934C237058214044D99A684F69B425C1C3953506746A4C8DC9B2038DE28C3D62D85D7F128EE48E931D10BBE476204488217C2D7AC1BE72BCB84BFD769617B95C3B5F2FCC3EEA0E6595B6876E1507D1E4A351530957F5383459ADF6552C42845945D2CCF2934E91E6DA695A5E91AC23738DE6CAE4BB1C1923BD4844BB07845FBAF55F06996E0C3BC8F7A7576968B8E1D89734CD842B22623D69AA5602BDB45B65BD4E9C19648785C16A14B68B4BB50DBAEED6A6A291DBB83BD78AADC59D136041038BE70FBD063D0AA67542019E14F4C3B18DB6BF94821157F3405EE5A43FACBB9F2CD1DCF533816113B65A4D7EA640A274BCF11F8731B7D09FC8920886BD4D44E2E3D827BF1CC8070BE672B5B5A4680ABFEAE04677E9C96CAF4687122C7A28D08E8D0F567CB45CC25DB81145472B3AB18FC6200221903C72EC7B0FB1AF4173D8D627991948D257DCCD83D1496837D9D2D31E5EDFF76CD32D95528C576044BB5A67D135606CB02B259242E354022D3BACF066E0B4232BADEC5958FB364218DFD45ED32E60EBEC1CE956130BBD335528013EB58097FB5DB5055DBC68470E36954D4C17E793F989C40339B89D9DCB593F1887C829621175B0CDBBD57446ADFCE24D39AAD6B500EC8FC94E1C0853524A723B8DFE5B3526CE34A2001D5433C1AC24DF9D3E08C898E1BE9B9A46C700801B85B9845E2AF1B0A32C622C2ED1D11DEA091769A817921716E65A9BE5728BC22295E6938BBE41DA9456F1B5C9CA2C47C116867BE4389AFD1EEF6CBF4FAD1F3B1C8D9757D5558D84A646B784D5AF8B7B1F21C72C8F312E866D98B9687836283FA730A760A9BE86BEC2E220F5DA0682AA52D876466BDBDF1D5FEEB06EFCD95959C8\"
.
Czas ukończenia: 2009-04-11 16:41:54
ComboFix-quarantined-files.txt  2009-04-11 14:41:52
 
Przed: 39 269 720 064 bajtów wolnych
Po: 39,256,821,760 bajtów wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professional\" /noexecute=optin /fastdetect
 
261     --- E O F ---   2008-10-24 13:13:35
 
Wygenerowano w 0.150s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!