Anonim / 8 lat, 10 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
ComboFix 09-06-08.02 - Andrzej 2009-06-16  2:37.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.383.135 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Andrzej\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Andrzej\Moje dokumenty\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-05-16 do 2009-06-16  )))))))))))))))))))))))))))))))
.

2009-06-15 23:33 . 2009-06-15 23:33	--------	d-----w-	C:\e3741af21094efbb64f06938
2009-06-15 21:26 . 2009-06-15 21:26	0	----a-w-	c:\windows\nsreg.dat
2009-06-15 21:25 . 2009-06-15 21:25	--------	d-----w-	c:\documents and settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-06-15 20:34 . 2009-06-15 20:34	--------	d-sh--w-	c:\documents and settings\Andrzej\IECompatCache
2009-06-15 20:33 . 2009-06-15 20:33	--------	d-sh--w-	c:\documents and settings\Andrzej\PrivacIE
2009-06-15 20:12 . 2009-06-15 20:12	--------	d-----w-	c:\program files\ESET
2009-06-15 20:12 . 2009-06-15 20:12	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET
2009-06-15 20:08 . 2009-06-15 20:08	--------	d-----w-	c:\program files\IrfanView
2009-06-15 20:07 . 2009-06-15 20:07	--------	d-----w-	c:\program files\FastStone Capture
2009-06-15 20:07 . 2009-06-15 20:07	--------	d-----w-	c:\documents and settings\Andrzej\Dane aplikacji\Gadu-Gadu
2009-06-15 20:06 . 2009-06-15 22:31	--------	d-----w-	c:\documents and settings\Andrzej\Gadu-Gadu
2009-06-15 20:05 . 2009-06-15 20:06	--------	d-----w-	c:\program files\Gadu-Gadu
2009-06-15 19:32 . 2009-06-15 22:51	--------	d-----w-	c:\documents and settings\Andrzej\Dane aplikacji\Skype
2009-06-15 19:30 . 2009-06-15 19:30	--------	d-----w-	c:\program files\Common Files\Skype
2009-06-15 19:30 . 2009-06-15 19:31	--------	d-----r-	c:\program files\Skype
2009-06-15 19:29 . 2009-06-15 19:31	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
2009-06-15 19:17 . 2009-06-15 19:17	--------	d-sh--w-	c:\documents and settings\Andrzej\IETldCache
2009-06-15 19:07 . 2009-06-15 19:12	--------	d-----w-	c:\windows\system32\pl-PL
2009-06-15 19:07 . 2009-06-15 19:09	--------	dc-h--w-	c:\windows\ie8
2009-06-15 19:03 . 2009-06-15 19:03	--------	d-----w-	c:\program files\ATI Technologies
2009-06-15 19:03 . 2004-08-03 19:10	516096	------w-	c:\windows\system32\ati2sgag.exe
2009-06-15 19:00 . 2009-06-15 19:03	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-15 18:49 . 2009-06-15 18:59	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-06-15 18:48 . 2009-06-15 19:04	--------	d-----w-	c:\program files\DNA-drivers
2009-06-15 18:33 . 2009-06-15 18:34	--------	d-----w-	c:\program files\Real Alternative
2009-06-15 18:31 . 2009-06-15 20:40	--------	d-----w-	c:\program files\PokerStars
2009-06-15 18:30 . 2008-09-16 19:23	168448	----a-w-	c:\windows\system32\unrar.dll
2009-06-15 18:27 . 2009-06-15 18:27	--------	d-----w-	c:\program files\Astonsoft
2009-06-15 18:26 . 2009-06-15 18:26	--------	d-----w-	c:\program files\ALLPlayer
2009-06-15 18:24 . 2009-06-15 18:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-06-15 18:24 . 2009-06-15 18:24	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2009-06-15 18:24 . 2009-06-15 18:24	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-06-15 18:19 . 2009-06-15 18:19	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-06-15 18:18 . 2009-06-15 19:21	--------	d-----w-	c:\documents and settings\Andrzej\Dane aplikacji\DAEMON Tools Lite
2009-06-15 18:16 . 2009-06-15 18:16	--------	d-----w-	c:\program files\CCleaner
2009-06-15 18:00 . 2009-06-15 18:09	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-15 17:27 . 2004-08-03 22:44	221184	----a-w-	c:\windows\system32\wmpns.dll
2009-06-15 16:17 . 2004-08-03 21:08	26624	-c--a-w-	c:\windows\system32\dllcache\usbehci.sys
2009-06-15 16:17 . 2004-08-03 21:08	26624	----a-w-	c:\windows\system32\drivers\usbehci.sys
2009-06-15 16:17 . 2004-08-03 22:44	7168	-c--a-w-	c:\windows\system32\dllcache\hccoin.dll
2009-06-15 16:17 . 2004-08-03 22:44	7168	----a-w-	c:\windows\system32\hccoin.dll
2009-06-15 15:30 . 2008-06-14 18:01	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-06-15 15:30 . 2008-06-14 18:01	273024	------w-	c:\windows\system32\drivers\bthport.sys
2009-06-15 14:40 . 2009-01-07 16:21	26144	----a-w-	c:\windows\system32\spupdsvc.exe
2009-06-15 14:40 . 2009-06-15 23:30	--------	d--h--w-	c:\windows\$hf_mig$
2009-06-15 14:31 . 2009-06-15 14:31	12328	----a-w-	c:\documents and settings\Andrzej\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-15 14:11 . 2004-08-03 23:07	6400	----a-w-	c:\windows\system32\drivers\splitter.sys
2009-06-15 14:11 . 2004-08-03 23:07	2944	----a-w-	c:\windows\system32\drivers\drmkaud.sys
2009-06-15 14:11 . 2004-08-03 22:39	142464	----a-w-	c:\windows\system32\drivers\aec.sys
2009-06-15 14:11 . 2001-08-17 22:00	54272	----a-w-	c:\windows\system32\drivers\swmidi.sys
2009-06-15 14:11 . 2004-08-03 22:58	4992	----a-w-	c:\windows\system32\drivers\MSPQM.sys
2009-06-15 14:11 . 2004-08-03 23:15	82944	----a-w-	c:\windows\system32\drivers\wdmaud.sys
2009-06-15 14:11 . 2004-08-03 23:07	52864	----a-w-	c:\windows\system32\drivers\DMusic.sys
2009-06-15 14:11 . 2004-08-03 22:58	7552	----a-w-	c:\windows\system32\drivers\MSKSSRV.sys
2009-06-15 14:11 . 2004-08-03 23:07	171776	----a-w-	c:\windows\system32\drivers\kmixer.sys
2009-06-15 14:11 . 2004-08-03 23:15	60800	----a-w-	c:\windows\system32\drivers\sysaudio.sys
2009-06-15 14:11 . 2004-08-03 22:58	5376	----a-w-	c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-15 14:11 . 2001-08-17 21:59	3072	----a-w-	c:\windows\system32\drivers\audstub.sys
2009-06-15 14:10 . 2004-08-03 23:08	10624	----a-w-	c:\windows\system32\drivers\gameenum.sys
2009-06-15 14:10 . 2004-08-04 00:44	21504	----a-w-	c:\windows\system32\hidserv.dll
2009-06-15 14:10 . 2004-08-04 00:35	58624	----a-w-	c:\windows\system32\drivers\redbook.sys
2009-06-15 14:09 . 2004-08-25 11:25	2239328	----a-w-	c:\windows\system32\ati3duag.dll
2009-06-15 14:09 . 2004-08-25 11:15	476928	----a-w-	c:\windows\system32\ativvaxx.dll
2009-06-15 14:09 . 2004-09-13 15:53	787456	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2009-06-15 14:09 . 2004-08-04 00:43	870784	----a-w-	c:\windows\system32\ati3d1ag.dll
2009-06-15 14:09 . 2004-08-25 11:29	209408	----a-w-	c:\windows\system32\ati2dvag.dll
2009-06-15 14:09 . 2004-08-25 11:10	237568	----a-w-	c:\windows\system32\ati2cqag.dll
2009-06-15 14:09 . 2004-08-03 23:07	42240	----a-w-	c:\windows\system32\drivers\VIAAGP.SYS
2009-06-15 14:09 . 2004-08-03 22:32	84480	----a-w-	c:\windows\system32\drivers\ac97via.sys
2009-06-15 14:09 . 2004-08-04 00:44	4096	----a-w-	c:\windows\system32\ksuser.dll
2009-06-15 14:09 . 2004-08-03 23:15	145792	----a-w-	c:\windows\system32\drivers\portcls.sys
2009-06-15 14:09 . 2004-08-03 23:08	60288	----a-w-	c:\windows\system32\drivers\drmk.sys
2009-06-15 14:08 . 2004-08-03 22:31	20992	----a-w-	c:\windows\system32\drivers\RTL8139.sys
2009-06-15 14:08 . 2004-08-04 00:44	77312	----a-w-	c:\windows\system32\usbui.dll
2009-06-15 14:04 . 2004-08-04 00:44	75776	----a-w-	c:\windows\system32\storprop.dll
2009-06-15 14:04 . 2009-06-16 00:37	--------	d-----w-	c:\windows\system32\CatRoot2
2009-06-15 14:04 . 2009-06-15 13:35	--------	d-----w-	c:\windows\system32\CatRoot
2009-06-15 14:03 . 2009-06-15 12:31	--------	d-----w-	C:\Documents and Settings

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 23:59 . 2001-10-26 18:15	397488	----a-w-	c:\windows\system32\perfh015.dat
2009-06-15 23:59 . 2001-10-26 18:15	64214	----a-w-	c:\windows\system32\perfc015.dat
2009-06-15 18:29 . 2009-06-15 18:29	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-06-15 13:02 . 2009-06-15 13:03	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-06-15 13:02 . 2009-06-15 13:02	--------	d-----w-	c:\program files\Java
2009-06-15 13:00 . 2009-06-15 13:00	152576	----a-w-	c:\documents and settings\Andrzej\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-15 12:52 . 2009-06-15 12:50	--------	d-----w-	c:\program files\PLAY ONLINE
2009-06-15 12:13 . 2009-06-15 12:13	--------	d-----w-	c:\program files\microsoft frontpage
2009-06-15 12:10 . 2009-06-15 12:10	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-15 12:07 . 2009-06-15 12:07	--------	d-----w-	c:\program files\Usługi online
2009-06-15 12:04 . 2009-06-15 11:20	21856	----a-w-	c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Andrzej\Menu Start\Programy\Autostart\
Bootminder 2.lnk - c:\windows\bootminder.exe [1997-4-8 213504]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{8B7C2D5E-2728-499E-91EC-C6BE6DB8DE4F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SafeBoot-procexp90.Sys


.
------- Skan uzupełniający -------
.
TCP: {78CAB49C-55A4-4537-89A2-EB0B22BAD71D} = 89.108.195.20 89.108.195.21
FF - ProfilePath - c:\documents and settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\p25f9k8x.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 02:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2632)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Czas ukończenia: 2009-06-16  2:51
ComboFix-quarantined-files.txt  2009-06-16 00:51

Przed: 55 552 077 824 bajtów wolnych
Po: 55 655 313 408 bajtów wolnych

166	--- E O F ---	2009-06-15 17:30