wklejto.pl

Dodane przez: ~Anonim (2009-12-07 22:51) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
ComboFix 09-12-07.01 - User 2009-12-07 22:24:55.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2037.1348 [GMT 1:00]
Uruchomiony z: C:\\Documents and Settings\\User\\Moje dokumenty\\Downloads\\Programs\\ComboFix.exe
Użyto następujących komend :: C:\\Documents and Settings\\User\\Moje dokumenty\\Downloads\\Programs\\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 
FILE ::
\"c:\\documents and settings\\LocalService\\Dane aplikacji\\fqpdsw.dat\"
\"c:\\documents and settings\\User\\Dane aplikacji\\avdrn.dat\"
\"c:\\windows\\system32\\config\\systemprofile\\Dane aplikacji\\fqpdsw.dat\"
\"c:\\windows\\system32\\drivers\\OLD58.tmp\"
\"c:\\windows\\system32\\drivers\\OLD67.tmp\"
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\documents and settings\\LocalService\\Dane aplikacji\\fqpdsw.dat
c:\\documents and settings\\User\\Dane aplikacji\\avdrn.dat
C:\\LOG.TXT
c:\\windows\\system32\\config\\systemprofile\\Dane aplikacji\\fqpdsw.dat
c:\\windows\\system32\\drivers\\OLD58.tmp
c:\\windows\\system32\\drivers\\OLD67.tmp
 
Zainfekowana kopia C:\\WINDOWS\\system32\\DRIVERS\\atapi.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - C:\\System Volume Information\\_restore{C52D6CA9-0A1A-41BE-ADEB-86DA458B5BCF}\\RP166\\A0136485.sys 
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-07 do 2009-12-07  )))))))))))))))))))))))))))))))
.
 
2009-12-07 16:10:45 . 2009-12-07 16:10:45       0       d-----w-        C:\\_OTL
2009-12-07 12:29:53 . 2009-12-07 12:29:53       0       d-----w-        C:\\Program Files\\SkanerOnline
2009-12-07 10:47:51 . 2009-12-07 10:49:47       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\HPAppData
2009-12-07 09:51:53 . 2009-12-07 09:51:53       152576  ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_17\\lzma.dll
2009-12-07 09:51:33 . 2009-12-07 09:51:33       79488   ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_17\\gtapi.dll
2009-12-06 20:37:55 . 2009-12-07 12:36:33       0       d-----w-        C:\\backups
2009-12-06 20:33:58 . 2009-12-06 20:33:58       396288  ----a-w-        C:\\HijackThis.exe
2009-12-04 22:01:39 . 2009-12-04 22:01:39       198064  ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\IDM\\idmmzcc3\\components\\idmmzcc.dll
2009-12-04 21:52:58 . 2009-12-06 20:45:53       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\IDM
2009-12-04 21:52:53 . 2009-12-04 22:09:18       0       d-----w-        C:\\Program Files\\Internet Download Manager
2009-12-04 21:49:11 . 2009-12-04 21:49:11       80400   ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\fssync.dll
2009-12-04 21:49:11 . 2009-12-04 21:49:11       315408  ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\sys\\i386\\5.1\\klif.sys
2009-12-04 21:49:11 . 2009-12-04 21:49:11       109072  ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\mzvkbd3.dll
2009-12-04 21:49:10 . 2009-12-04 21:49:10       109072  ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\mzvkbd3.dll
2009-12-04 21:49:09 . 2009-12-04 21:49:09       80400   ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\fssync.dll
2009-12-04 21:49:07 . 2009-12-04 21:49:07       315408  ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\sys\\i386\\5.1\\klif.sys
2009-12-04 21:38:04 . 2009-12-04 21:38:04       95259   ----a-w-        C:\\WINDOWS\\system32\\drivers\\klick.dat
2009-12-04 21:38:04 . 2009-12-04 21:38:04       108059  ----a-w-        C:\\WINDOWS\\system32\\drivers\\klin.dat
2009-12-04 21:37:01 . 2009-12-07 21:39:30       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2009-12-04 21:37:01 . 2009-12-04 21:37:01       0       d-----w-        C:\\Program Files\\Kaspersky Lab
2009-12-04 19:23:37 . 2009-12-04 19:23:37       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files
2009-12-03 12:02:18 . 2009-06-30 08:37:16       28552   ----a-w-        C:\\WINDOWS\\system32\\drivers\\pavboot.sys
2009-12-03 12:02:11 . 2009-12-03 12:02:11       0       d-----w-        C:\\Program Files\\Panda Security
2009-12-02 20:00:05 . 2009-12-03 18:12:08       0       d-----w-        C:\\Program Files\\Unlocker
2009-12-01 20:13:13 . 2009-12-01 20:14:00       1024    ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\imgpdf2.dll
2009-12-01 20:12:59 . 2009-12-01 20:12:59       0       d-----w-        C:\\Program Files\\PDF-Convert
2009-12-01 20:12:56 . 2009-12-01 20:12:57       0       d-----w-        C:\\WINDOWS\\system32\\psconv
2009-12-01 20:12:56 . 2009-12-01 20:12:56       0       d-----w-        C:\\Program Files\\psconvert
2009-12-01 08:19:39 . 2009-12-01 08:19:39       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Uniblue
2009-12-01 06:33:43 . 2009-12-01 06:33:43       0       d-sh--w-        C:\\WINDOWS\\system32\\config\\systemprofile\\IETldCache
2009-11-27 17:51:29 . 2009-11-27 17:51:29       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\URSoft
2009-11-22 21:54:19 . 2009-11-22 21:54:19       0       d-----w-        C:\\Documents and Settings\\User\\Ustawienia lokalne\\Dane aplikacji\\ChemTable Software
2009-11-22 21:53:45 . 2009-11-22 21:57:31       20576   ----a-w-        C:\\WINDOWS\\system32\\RODefargBin.dat
2009-11-22 21:53:45 . 2009-11-22 21:53:45       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\ChemTable Software
2009-11-22 20:45:26 . 2009-11-22 20:45:26       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Search Settings
2009-11-22 20:45:20 . 2009-11-22 20:45:40       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Dealio
2009-11-22 20:42:59 . 2008-09-24 20:33:44       484352  ----a-w-        C:\\WINDOWS\\system32\\lame_enc.dll
2009-11-22 10:26:11 . 2009-12-02 08:59:07       0       d-----w-        C:\\MP3
2009-11-17 11:47:31 . 2009-11-29 19:08:47       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Any Video Converter
2009-11-17 11:47:28 . 2009-11-18 08:36:16       0       d-----w-        C:\\Program Files\\Any Video Converter
2009-11-17 11:34:53 . 2009-11-17 11:34:54       0       d-----w-        C:\\Program Files\\PhotoInstrument
2009-11-17 08:58:50 . 2009-12-02 08:53:58       0       d-----w-        C:\\videooutput
2009-11-16 20:10:01 . 2009-11-16 20:10:02       0       d-----w-        C:\\Documents and Settings\\User\\Ustawienia lokalne\\Dane aplikacji\\Ares
2009-11-13 13:34:04 . 2009-11-13 13:34:04       0       d-----w-        C:\\Program Files\\Common Files\\Skype
2009-11-11 17:19:45 . 2009-11-11 17:19:45       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\vsosdk
2009-11-08 11:56:02 . 2009-12-02 08:59:07       0       d-----w-        C:\\Most
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 21:41:40 . 2009-02-02 18:53:40       0       d---a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2009-12-07 21:39:35 . 2009-02-20 14:19:02       0       d-----w-        C:\\Program Files\\Kalendarz XP
2009-12-07 21:39:31 . 2009-10-22 19:10:43       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\DMCache
2009-12-07 21:19:32 . 2008-04-15 12:00:00       148768  ----a-w-        C:\\WINDOWS\\system32\\drivers\\atapi.sys
2009-12-07 21:15:22 . 2009-02-03 20:05:57       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Skype
2009-12-07 16:13:15 . 2009-02-03 20:07:15       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\skypePM
2009-12-07 09:57:19 . 2009-04-01 08:03:30       0       d-----w-        C:\\Program Files\\Spyware Doctor
2009-12-07 09:53:28 . 2009-02-03 20:21:21       0       d-----w-        C:\\Program Files\\Java
2009-12-07 09:35:28 . 2009-03-23 09:43:06       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Google Updater
2009-12-06 21:08:00 . 2009-02-01 21:18:46       0       d-----w-        C:\\Program Files\\Common Files\\Adobe
2009-12-06 20:28:48 . 2009-03-05 13:28:51       0       d-----w-        C:\\Program Files\\English Translator 3
2009-12-06 11:54:46 . 2009-02-07 20:04:53       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Nero
2009-12-04 19:35:10 . 2009-02-01 21:07:13       0       d-----w-        C:\\Program Files\\AVG
2009-12-04 19:34:21 . 2009-02-01 21:07:13       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\avg8
2009-12-04 14:02:35 . 2009-02-02 20:29:08       0       d-----w-        C:\\Program Files\\Recognita Plus 4.0
2009-12-02 12:03:22 . 2009-02-02 19:45:05       0       d-----w-        C:\\Program Files\\Odkurzacz
2009-11-30 22:16:11 . 2008-04-15 12:00:00       14336   ------w-        C:\\WINDOWS\\system32\\svchost.exe
2009-11-29 18:46:24 . 2009-09-10 16:34:05       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\HpUpdate
2009-11-27 20:09:37 . 2009-02-01 21:07:21       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\AVGTOOLBAR
2009-11-24 22:21:53 . 2009-02-15 20:14:16       0       d-----w-        C:\\Program Files\\Common Files\\ACD Systems
2009-11-22 21:21:35 . 2009-02-03 20:21:42       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\LimeWire
2009-11-22 20:43:02 . 2009-11-22 20:42:59       0       d-----w-        C:\\Program Files\\Free Audio Pack
2009-11-18 08:37:32 . 2009-02-22 19:44:00       0       d-----w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Vso
2009-11-17 19:38:47 . 2009-02-02 21:20:09       77752   ----a-w-        C:\\Documents and Settings\\User\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2009-11-16 13:48:20 . 2009-02-22 19:44:01       47360   ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\pcouffin.sys
2009-11-16 13:48:20 . 2009-02-22 19:44:01       47360   ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\pcouffin.sys
2009-11-13 13:34:25 . 2009-02-03 20:05:48       0       d-----r-        C:\\Program Files\\Skype
2009-11-13 13:34:01 . 2009-02-03 20:05:44       0       d-----w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Skype
2009-11-08 12:42:50 . 2009-04-16 14:03:12       0       d-----w-        C:\\Program Files\\PWN
2009-11-05 12:28:37 . 2009-11-05 12:28:29       0       d-----w-        C:\\Program Files\\FLV Player
2009-11-02 15:02:04 . 2009-11-02 15:02:04       59976   ----a-w-        C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2010 9.0.0.736\\Polish\\setup.exe
2009-10-25 07:40:24 . 2008-04-15 12:00:00       85136   ----a-w-        C:\\WINDOWS\\system32\\perfc015.dat
2009-10-25 07:40:24 . 2008-04-15 12:00:00       493844  ----a-w-        C:\\WINDOWS\\system32\\perfh015.dat
2009-10-20 18:34:56 . 2009-10-20 18:34:56       219664  ----a-w-        C:\\WINDOWS\\system32\\klogon.dll
2009-10-14 19:18:34 . 2009-10-14 19:18:34       36880   ----a-w-        C:\\WINDOWS\\system32\\drivers\\klbg.sys
2009-10-11 03:17:27 . 2009-02-03 20:21:27       411368  ----a-w-        C:\\WINDOWS\\system32\\deploytk.dll
2009-10-02 17:39:44 . 2009-10-02 17:39:44       19472   ----a-w-        C:\\WINDOWS\\system32\\drivers\\klmouflt.sys
2009-09-21 18:32:52 . 2009-03-30 17:51:49       3690    ----a-w-        C:\\WINDOWS\\unins000.dat
2009-09-16 17:26:26 . 2009-09-16 17:26:26       45056   ----a-w-        C:\\WINDOWS\\system32\\sstunst3.exe
2009-09-14 12:42:46 . 2009-09-14 12:42:46       32272   ----a-w-        C:\\WINDOWS\\system32\\drivers\\klim5.sys
2009-09-11 14:19:43 . 2008-04-15 12:00:00       136192  ----a-w-        C:\\WINDOWS\\system32\\msv1_0.dll
2009-09-09 18:23:36 . 2009-09-09 18:23:36       152576  ----a-w-        C:\\Documents and Settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_15\\lzma.dll
2009-09-09 17:01:40 . 2009-09-09 17:01:40       27675   ----a-w-        C:\\WINDOWS\\system32\\drivers\\klopp.dat
.
 
------- Sigcheck -------
 
[-] 2009-12-07 21:19:32 . D4A4C6D31E6D1F758F6C8D0CC63CA39C . 148768 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\\WINDOWS\\system32\\drivers\\atapi.sys
[-] 2009-12-07 16:43:45 . 1D54E0455BB16C1D064EE782476C9B58 . 96512 . . [------] . . C:\\WINDOWS\\system32\\dllcache\\atapi.sys
 
[7] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\\WINDOWS\\$hf_mig$\\KB951748\\SP3QFE\\tcpip.sys
[7] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\\WINDOWS\\system32\\dllcache\\tcpip.sys
[-] 2008-06-20 11:51:12 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\\WINDOWS\\system32\\drivers\\tcpip.sys
[7] 2008-04-15 12:00:00 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\\WINDOWS\\$NtUninstallKB951748$\\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2009-12-07_17.43.05   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 21:39:59 . 2009-12-07 21:39:59     16384              C:\\WINDOWS\\Temp\\Perflib_Perfdata_594.dat
+ 2009-12-07 21:39:08 . 2009-12-07 21:39:08     16384              C:\\WINDOWS\\Temp\\Perflib_Perfdata_1c0.dat
- 2009-02-01 20:27:40 . 2009-12-07 17:22:06     32768              C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat
+ 2009-02-01 20:27:40 . 2009-12-07 21:21:00     32768              C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat
+ 2009-02-01 20:27:40 . 2009-12-07 21:21:00     32768              C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat
- 2009-02-01 20:27:40 . 2009-12-07 17:22:06     32768              C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat
+ 2009-12-01 06:33:43 . 2009-12-07 21:21:00     16384              C:\\WINDOWS\\system32\\config\\systemprofile\\IETldCache\\index.dat
- 2009-12-01 06:33:43 . 2009-12-07 17:22:06     16384              C:\\WINDOWS\\system32\\config\\systemprofile\\IETldCache\\index.dat
+ 2009-02-01 20:27:40 . 2009-12-07 21:21:00     16384              C:\\WINDOWS\\system32\\config\\systemprofile\\Cookies\\index.dat
- 2009-02-01 20:27:40 . 2009-12-07 17:22:06     16384              C:\\WINDOWS\\system32\\config\\systemprofile\\Cookies\\index.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Odkurzacz-MCD\"=\"C:\\Program Files\\Odkurzacz\\odk_mcd.exe\" [2008-08-16 15:01:10 264704]
\"ccleaner\"=\"C:\\Program Files\\CCleaner\\CCleaner.exe\" [2009-11-24 21:49:10 1738040]
\"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2009-10-09 12:11:12 25623336]
\"IDMan\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\" [2009-08-19 12:00:59 3114416]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 09:50:42 155648]
\"RemoteControl\"=\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2004-11-02 19:24:46 32768]
\"IgfxTray\"=\"C:\\WINDOWS\\system32\\igfxtray.exe\" [2007-09-05 09:13:40 141848]
\"HotKeysCmds\"=\"C:\\WINDOWS\\system32\\hkcmd.exe\" [2007-09-05 09:13:26 166424]
\"Persistence\"=\"C:\\WINDOWS\\system32\\igfxpers.exe\" [2007-09-05 09:13:34 137752]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2008-02-13 06:31:34 16857600]
\"ISTray\"=\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\" [2008-12-08 12:33:48 1173384]
\"DemonStarter\"=\"C:\\Program Files\\PWN\\Definicje\\Bin\\Starter.exe\" [1999-12-01 11:47:24 36864]
\"HP Software Update\"=\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2007-10-14 19:17:32 49152]
\"hpqSRMon\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe\" [2007-08-22 14:31:16 80896]
\"UnlockerAssistant\"=\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\" [2009-10-26 07:33:41 15872]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\" [2009-10-11 03:17:36 149280]
\"avp\"=\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2010\\avp.exe\" [2009-10-20 18:39:28 340456]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2008-04-15 12:00:00 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Gamma Loader.exe.lnk - C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2009-2-2 108544]
HP Digital Imaging Monitor.lnk - C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2008-3-25 214360]
Kalendarz XP.lnk - C:\\Program Files\\Kalendarz XP\\Kalendarz.exe [2009-2-20 882176]
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\sdauxservice]
@=\"\"
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\sdcoreservice]
@=\"\"
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^User^Menu Start^Programy^Autostart^wintjo32.exe]
path=C:\\Documents and Settings\\User\\Menu Start\\Programy\\Autostart\\wintjo32.exe
backup=C:\\WINDOWS\\pss\\wintjo32.exeStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpiscnapp.exe\"=
\"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Plugin Manager\\\\skypePM.exe\"=
\"C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\javaw.exe\"=
\"C:\\\\Program Files\\\\Kyodai Mahjongg 2006\\\\kmj.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\\WINDOWS\\system32\\drivers\\klbg.sys [2009-10-14 20:18:34 36880]
R0 pavboot;pavboot;C:\\WINDOWS\\system32\\drivers\\pavboot.sys [2009-12-03 13:02:18 28552]
R0 PCTCore;PCTools KDS;C:\\WINDOWS\\system32\\drivers\\PCTCore.sys [2009-04-01 09:03:41 130936]
R2 sdAuxService;PC Tools Auxiliary Service;C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe [2009-04-01 09:03:32 348752]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\\WINDOWS\\system32\\drivers\\AVerBDA3x.sys [2009-02-01 21:54:33 1176192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\\WINDOWS\\system32\\drivers\\klim5.sys [2009-09-14 13:42:46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\\WINDOWS\\system32\\drivers\\klmouflt.sys [2009-10-02 18:39:44 19472]
S0 sptd;sptd;C:\\WINDOWS\\system32\\drivers\\sptd.sys [2009-02-07 22:20:31 717296]
S2 gupdate1c9ab9c38b76c04;Usługa Google Update (gupdate1c9ab9c38b76c04);C:\\Program Files\\Google\\Update\\GoogleUpdate.exe [2009-03-23 10:46:19 133104]
 
--- Inne Usługi/Sterowniki w Pamięci ---
 
*Deregistered* - mchInjDrv
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - C:\\Program Files\\Google\\Google Toolbar\\Component\\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Ściągnij przez IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 22:41:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
 
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5EF618]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\\Driver\\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\\Driver\\ACPI -> ACPI.sys @ 0xb9f7ecb8
\\Driver\\atapi -> atapi.sys @ 0xb9e1e852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\\Device\\Harddisk0\\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d07bb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9d14a21
 SendHandler -> NDIS.sys @ 0xb9cf287b
user & kernel MBR OK 
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{450dbffd-ea0c-487b-b644-1ae275a75eed}]
@Denied: (Full) (Everyone)
\"Model\"=dword:00000143
\"Therad\"=dword:0000001e
\"MData\"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,ab,9e,50,1b,eb,77,d1,ab,69,8c,ba,e9,8c,1c,cb,7c,83,e0,8b,c5,07,bb,\\
 
[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
\"scansk\"=hex(0):ad,a1,36,57,8a,6c,e7,93,91,b5,f0,18,28,c9,64,ac,28,19,24,88,c9,
   0a,3b,47,cb,b0,2a,a8,a6,0e,ec,f7,fc,3f,34,08,cd,bc,83,67,00,00,00,00,00,00,\\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(1008)
C:\\WINDOWS\\system32\\WININET.dll
 
- - - - - - - > \'lsass.exe\'(1072)
C:\\WINDOWS\\system32\\WININET.dll
 
- - - - - - - > \'explorer.exe\'(1120)
C:\\WINDOWS\\system32\\WININET.dll
C:\\Program Files\\Internet Download Manager\\idmmkb.dll
C:\\WINDOWS\\system32\\webcheck.dll
C:\\WINDOWS\\system32\\WPDShServiceObj.dll
C:\\WINDOWS\\system32\\PortableDeviceTypes.dll
C:\\WINDOWS\\system32\\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Common Files\\Nero\\Nero BackItUp 4\\NBService.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe
C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-07 22:49:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-12-07 21:49:19
ComboFix2.txt  2009-12-07 20:24:41
ComboFix3.txt  2009-12-07 18:00:21
 
Wygenerowano w 0.164s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!