1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 | ComboFix 09-07-03.03 - Administrator 2009-07-04 15:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.446.238 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\abc.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycled\Recycled
c:\windows\system32\drivers\UACmxodagir.sys
c:\windows\system32\UACastakwbn.dll
c:\windows\system32\UACfoawehwb.dll
c:\windows\system32\UAChitpkxik.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpclubvcv.log
c:\windows\system32\UACpwcmqlhf.dll
c:\windows\system32\UACqltobwwr.dll
c:\windows\system32\UACrievjaap.log
c:\windows\system32\UACrulovdvw.log
c:\windows\system32\UACsvjcbqev.db
c:\windows\system32\uactmp.db
c:\windows\system32\UACwbmkltki.dat
c:\windows\system32\UACylyprrbw.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Pliki utworzone od 2009-06-04 do 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-03 08:15 . 2009-07-03 08:26 -------- d-----w- C:\logi
2009-07-03 07:40 . 2009-07-03 07:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-13 08:50 . 2009-06-13 08:53 -------- d-----w- c:\program files\Vehicle Simulator
2009-06-10 13:16 . 2009-06-10 13:33 -------- d-----w- C:\Filmy
2009-06-10 12:16 . 2009-06-30 13:57 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\foobar2000
2009-06-10 12:14 . 2009-06-10 12:14 -------- d-----w- c:\program files\foobar2000
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 11:49 . 2008-11-04 23:09 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\mIRC
2009-07-03 07:43 . 2008-11-04 23:09 -------- d-----w- c:\program files\mIRC
2009-06-19 12:04 . 2009-01-11 13:28 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2009-06-09 12:13 . 2008-11-23 22:56 -------- d-----w- c:\program files\Burn4Free
2009-06-04 12:44 . 2009-06-04 12:44 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-04 12:40 . 2009-06-04 12:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-06-03 10:06 . 2009-06-03 10:06 -------- d-----w- c:\program files\Sunbelt Software
2009-05-31 10:58 . 2009-05-31 10:41 -------- d-----w- c:\program files\SkanerOnline
2009-05-21 08:08 . 2009-01-12 12:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-21 08:07 . 2009-05-21 08:07 -------- d-----w- c:\program files\Microsoft.NET
2009-05-17 06:55 . 2008-11-13 05:38 1 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-17 06:55 . 2008-11-08 00:04 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\OpenOffice.org2
2009-05-15 19:13 . 2001-10-26 16:15 49690 ----a-w- c:\windows\system32\perfc015.dat
2009-05-15 19:13 . 2001-10-26 16:15 355724 ----a-w- c:\windows\system32\perfh015.dat
2009-05-07 12:53 . 2009-05-03 18:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-07 12:53 . 2009-05-03 18:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-04-07 17:27 . 2009-04-07 17:27 152576 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-07 16:56 . 2009-04-07 16:56 1878984 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-07 16:51 . 2009-04-07 16:51 45056 ----a-r- c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2005-03-04 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-02-23 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-4 331776]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\dlaglx3k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\dlaglx3k.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 15:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\System32\BCMLogon.dll
.
Czas ukończenia: 2009-07-04 15:09
ComboFix-quarantined-files.txt 2009-07-04 13:09
Przed: 16 478 154 752 bajtów wolnych
Po: 16 539 951 104 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
145
|
