Iluvathar / 8 lat, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
ComboFix 09-01-16.03 - Piter 2009-01-17 12:33:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.258 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piter\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-17 do 2009-01-17  )))))))))))))))))))))))))))))))
.

2009-01-17 12:15 . 2009-01-17 12:15	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Gadu-Gadu
2009-01-17 11:38 . 2009-01-17 11:39	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-01-17 11:38 . 2009-01-17 11:38	<DIR>	d--------	c:\program files\CCleaner
2009-01-17 11:38 . 2009-01-17 11:38	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Malwarebytes
2009-01-17 11:38 . 2009-01-17 11:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-01-17 11:38 . 2009-01-14 16:11	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 11:38 . 2009-01-14 16:11	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-01-17 11:35 . 2009-01-17 11:35	<DIR>	d--------	c:\program files\Gadu-Gadu
2009-01-17 11:35 . 2009-01-17 11:35	<DIR>	d--------	c:\documents and settings\Piter\Gadu-Gadu
2009-01-17 09:27 . 2009-01-17 09:27	<DIR>	d--------	c:\program files\Trend Micro
2009-01-17 04:24 . 2009-01-17 04:24	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Ahead
2009-01-17 04:22 . 2009-01-17 04:22	<DIR>	d--------	c:\program files\Nero
2009-01-17 04:22 . 2009-01-17 04:26	<DIR>	d--------	c:\program files\Common Files\Ahead
2009-01-17 03:26 . 2009-01-17 03:30	<DIR>	d--------	c:\program files\AutoCAD 2008
2009-01-17 03:26 . 2009-01-17 03:26	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Autodesk
2009-01-17 03:26 . 2009-01-17 03:32	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Autodesk
2009-01-17 03:25 . 2009-01-17 03:31	<DIR>	d--------	c:\program files\Common Files\Autodesk Shared
2009-01-17 03:25 . 2009-01-17 03:25	<DIR>	d--------	c:\program files\Autodesk
2009-01-17 03:19 . 2009-01-17 03:19	<DIR>	d--------	c:\program files\SubEdit-Player
2009-01-17 02:49 . 2009-01-17 02:49	<DIR>	d--------	C:\dc++
2009-01-17 02:47 . 2009-01-17 02:47	<DIR>	d--------	c:\program files\Microsoft Works
2009-01-17 02:44 . 2009-01-17 02:44	<DIR>	d--------	c:\windows\SHELLNEW
2009-01-17 02:43 . 2009-01-17 02:43	<DIR>	dr-h-----	C:\MSOCache
2009-01-17 02:43 . 2009-01-17 02:48	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-17 02:40 . 2009-01-17 02:40	<DIR>	d--------	c:\program files\AskBarDis
2009-01-17 02:40 . 2009-01-17 02:40	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Foxit
2009-01-17 02:39 . 2009-01-17 02:39	<DIR>	d--------	c:\program files\Foxit Software
2009-01-17 02:38 . 2009-01-17 02:38	<DIR>	d--------	c:\program files\Winamp
2009-01-17 02:38 . 2009-01-17 02:38	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\Winamp
2009-01-17 02:32 . 2009-01-17 02:33	<DIR>	d--------	c:\program files\Opera
2009-01-17 02:31 . 2009-01-17 02:31	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\DAEMON Tools Pro
2009-01-17 02:31 . 2009-01-17 02:31	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\DAEMON Tools
2009-01-17 02:30 . 2009-01-17 02:30	<DIR>	d--------	c:\program files\DAEMON Tools Toolbar
2009-01-17 02:30 . 2009-01-17 02:30	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2009-01-17 02:30 . 2009-01-17 02:30	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-01-17 02:26 . 2009-01-17 02:41	<DIR>	d--------	c:\documents and settings\Piter\Dane aplikacji\DAEMON Tools Lite
2009-01-17 02:26 . 2009-01-17 02:26	717,296	--a------	c:\windows\system32\drivers\sptd.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 10:44	15,200	--sha-w	c:\windows\system32\drivers\fidbox.idx
2009-01-17 10:44	1,404,960	--sha-w	c:\windows\system32\drivers\fidbox.dat
2009-01-17 10:39	5,232	--sha-w	c:\windows\system32\drivers\fidbox2.idx
2009-01-17 10:39	294,944	--sha-w	c:\windows\system32\drivers\fidbox2.dat
2009-01-17 10:25	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-16 23:38	---------	d-----w	c:\program files\Analog Devices
2009-01-16 23:35	96,976	----a-w	c:\windows\system32\drivers\klin.dat
2009-01-16 23:35	87,855	----a-w	c:\windows\system32\drivers\klick.dat
2009-01-16 23:22	---------	d-----w	c:\program files\Kaspersky Lab
2009-01-16 23:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-16 23:17	---------	d-----w	c:\program files\DIFX
2009-01-16 23:15	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-16 23:13	---------	d-----w	c:\program files\Common Files\InstallShield
2009-01-16 23:03	---------	d-----w	c:\program files\microsoft frontpage
2009-01-16 23:01	---------	d-----w	c:\program files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58	333192	--a------	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 10:22 7618560 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-07-20 22:04 847872 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-06-01 10:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 10:22 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-SoundMAX - c:\program files\Analog Devices\SoundMAX\Smax4.exe


.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7F2565CD-5259-43D3-9741-F9D69D7388A4} = 150.254.5.4,150.254.5.11
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:34:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\klogon.dll
.
Czas ukończenia: 2009-01-17 12:35:26
ComboFix-quarantined-files.txt  2009-01-17 11:35:24

Przed: 6 728 658 944 bajtów wolnych
Po: 7,344,308,224 bajtów wolnych

140