wklejto.pl

Dodane przez: ~lukasz19c (2011-01-28 18:58) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
ComboFix 11-01-28.01 - lukasz 2011-01-28  18:41:32.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1535.1232 [GMT 1:00]
Uruchomiony z: c:documents and settingslukaszPulpitComboFix1.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
 
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:windowsAlcmtr.exe
c:windowssystem32setup.ini
 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------Legacy_AIC32P
-------Service_aic32p
 
 
(((((((((((((((((((((((((   Pliki utworzone od 2010-12-28 do 2011-01-28  )))))))))))))))))))))))))))))))
.
 
2011-01-28 14:35 . 2011-01-28 14:53     4331014 ----a-w-        C:ComboFix.exe
2011-01-16 16:22 . 2011-01-16 16:22     --------        d-----w-        C:pcduke
2011-01-10 17:19 . 2011-01-10 17:19     --------        d-----w-        C:ckis
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
 
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Gadu-Gadu 10"="c:program filesGadu-Gadu 10gg.exe" [2010-12-16 13046368]
"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-15 15360]
 
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1589248]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2006-02-19 110592]
"OrangeDeamon"="c:program filesOrangeOrange.exe" [2008-05-16 20398080]
"AdslTaskBar"="stmctrl.dll" [2008-04-23 167936]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2010-09-23 97200]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2010-09-20 993728]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-05-14 309992]
 
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-15 15360]
 
c:documents and settingsAll UsersMenu StartProgramyAutostart
HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imagingbinhpqtra08.exe [2006-2-19 349912]
 
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Anti Trojan Elite"=c:program filesAnti Trojan EliteTJEnder.exe :NO
"Malware Defender"=c:program filesmalware defendermalwaredefender.exe
 
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"e:\odzyskane\New folder\Pobierania\Kaspersky7.0.1.325 PL.exe"=
"c:\Program Files\Gadu-Gadu 10\gg.exe"=
"c:\Program Files\Winamp\winamp.exe"=
"c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"=
"c:\WINDOWS\system32\taskmgr.exe"=
"c:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=
"c:\WINDOWS\system32\wuauclt.exe"=
"c:\Program Files\Orange\Orange.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\Common Files\Java\Java Update\jusched.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe"=
"c:\Program Files\Sony Ericsson\Update Service\Update Service.exe"=
"c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"=
"c:\program files\malware defender\mdservice.exe"=
 
R1 mmckkhne;mmckkhne;c:windowssystem32driversmmckkhne.sys [2011-01-28 258048]
R2 ATE_PROCMON;ATE_PROCMON;c:program filesAnti Trojan EliteATEPMON.sys [2011-01-28 9984]
R2 CLPSLS;COMODO livePCsupport Service;c:program filesCOMODOCOMODO livePCsupportCLPSLS.exe [2010-02-19 148744]
R2 MalwareDefenderService;Malware Defender Service;c:program filesMalware Defendermdservice.exe [2010-08-13 152576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2011-01-23 24592]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:windowssystem32driversseehcri.sys [2011-01-28 27632]
R3 Stmatm;ATM/ADSL miniport;c:windowssystem32driversstmatm.sys [2011-01-15 60533]
R3 TaurusUsb;Siemens ADSL Modem USB Service;c:windowssystem32driverstorususb.sys [2011-01-15 688864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
S3 EnumProcessesDriver;EnumProcessesDriver;c:windowssystem32driversEnumProcessesDriver.sys [2011-01-28 15888]
S3 ggflt;SEMC USB Flash Driver Filter;c:windowssystem32driversggflt.sys [2011-01-28 13224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [2010-03-18 753504]
 
--- Inne Usugi/Sterowniki w Pamici ---
 
*NewlyCreated* - AIC32P
.
Zawarto folderu 'Zaplanowane zadania'
 
2011-01-28 c:windowsTasksCOMODO Cloud Scanner Update.job
- c:program filesCOMODOCOMODO Cloud ScannerUpdateApplications.exe [2010-03-10 10:52]
.
.
------- Skan uzupeniajcy -------
.
uStart Page = hxxp://allegro.pl/
.
- - - - USUNITO PUSTE WPISY - - - -
 
AddRemove-18 Wheels of Steel American Long Haul 1.00 - g:gry18 Wheels of Steel American Long HaulUninstall.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 18:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesw ...  
 
skanowanie ukrytych wpisw autostartu ... 
 
skanowanie ukrytych plikw ...  
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"
 
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
 
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > 'winlogon.exe'(1492)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll
 
- - - - - - - > 'lsass.exe'(1548)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
 
- - - - - - - > 'explorer.exe'(3464)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0scrchpg.dll
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
------------------------ Pozostae uruchomione procesy ------------------------
.
c:windowsMicrosoft.NETFrameworkv4.0.30319aspnet_state.exe
c:program filesJavajre6binjqs.exe
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32RunDLL32.exe
c:windowsRTHDCPL.EXE
c:windowssystem32rundll32.exe
c:program filesHPDigital ImagingbinhpqSTE08.exe
c:windowsTEMPwinxawhy.exe
.
**************************************************************************
.
Czas ukoczenia: 2011-01-28  18:51:43 - komputer zosta uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-01-28 17:51
 
Przed: 32471879680 bajtw wolnych
Po: 32409636864 bajtw wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 
- - End Of File - - 7E4AFDCA6B57D075EEF942A47B6D96BF
 
Wygenerowano w 0.061s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!