Anonim / 9 lat, 5 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
ComboFix 08-11-07.01 - Admin 2008-11-08 13:26:33.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.778 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
 * Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\Admin\USTAWI~1\Temp\delself.bat
C:\explore.exe
c:\windows\Config\csrss.exe
c:\windows\system\mmtaskclean.log
c:\windows\system\svchost.exe
c:\windows\system\win32in.dll
c:\windows\system\win32out.dll
c:\windows\system\wupdmgr.exe
c:\windows\system32\explorxp.exe
c:\windows\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}
c:\windows\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}\winlogon.dll
c:\windows\system32\settings.dll
D:\Autorun.inf
D:\explore.exe
E:\Autorun.inf
E:\explore.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CREATEPROCESS
-------\Service_CreateProcess


(((((((((((((((((((((((((   Pliki utworzone od 2008-10-08 do 2008-11-08  )))))))))))))))))))))))))))))))
.

2008-10-27 21:31 . 2008-10-27 21:31	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\FarmingSimulator2008
2008-10-27 21:30 . 2008-10-27 21:30	<DIR>	d--------	c:\windows\system32\AGEIA
2008-10-27 21:30 . 2008-10-27 21:31	<DIR>	d--------	c:\program files\AGEIA Technologies
2008-10-18 16:42 . 2005-12-15 18:37	86,095	--a------	c:\windows\system32\ImageDrive.cpl
2008-10-14 13:50 . 2008-10-14 13:57	<DIR>	d--------	c:\program files\Grafik

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 11:45	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-08 08:25	---------	d-----w	c:\documents and settings\Admin\Dane aplikacji\The Bat!
2008-11-06 20:38	---------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Hamachi
2008-11-05 17:24	---------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype
2008-10-27 21:41	---------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Azureus
2008-10-27 20:30	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2008-09-26 21:39	---------	d-----w	c:\program files\Gadu-Gadu
2008-09-26 21:14	---------	d-----w	c:\program files\Common Files\NSV
2008-08-13 07:39	188,928	------w	c:\windows\system32\mwgfx.dll
2008-06-04 17:26	14,275	-c--a-w	c:\program files\settings.dat
2008-04-22 17:19	952	--sha-w	c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard driver\StartAutorun.exe" [2005-11-30 94208]
"AtiPTA"="atiptaxx.exe" [2005-11-23 c:\windows\system32\atiptaxx.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-06-10 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 73728]
Kalendarz XP.lnk - e:\kalendarz xp\Kalendarz.exe [2007-07-28 882176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0"= MyFlashZip0.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Microsoft Games\\Midtown Madness 2\\midtown2.icd"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 axwhisky;axwhisky;c:\windows\system32\DRIVERS\axwhisky.sys [2003-07-02 5248]
R0 axwskbus;axwskbus;c:\windows\system32\DRIVERS\axwskbus.sys [2003-07-02 124160]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-06-12 75904]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};c:\windows\TEMP\136.tmp [ ]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\magix\Common\Database\bin\fbserver.exe [ ]
S3 usbscan;Sterownik skanera USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2006-02-10 402944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ebd956c-4a3e-11dc-8b3e-000c765dabe6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f134a0dc-93d2-11dd-8f3b-000c765dabe6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AQQ - c:\progra~1\WapSter\AQQ\AQQ.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 13:29:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\136.tmp"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Multimedia Keyboard driver\PS2USBKbdDrv.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-08 13:31:34 - komputer został uruchomiony ponownie [Admin]
ComboFix-quarantined-files.txt  2008-11-08 12:31:30
ComboFix2.txt  2008-07-28 17:02:24

Przed: 3 148 943 360 bajtów wolnych
Po: 3,314,192,384 bajtów wolnych

166