lololulu / 8 lat, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
ComboFix 09-02-19.01 - user 2009-02-20 12:22:01.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1015.445 [GMT 1:00]
Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090219-0] *On-access scanning disabled* (Updated)
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-20 do 2009-02-20  )))))))))))))))))))))))))))))))
.

2009-02-18 17:58 . 2009-02-20 11:58	<DIR>	d--------	c:\documents and settings\user\DoctorWeb
2009-02-18 17:56 . 2009-02-18 17:56	<DIR>	d--------	c:\program files\CCleaner
2009-02-15 20:26 . 2009-02-15 20:26	<DIR>	d--------	c:\windows\system32\IOSUBSYS
2009-02-15 20:24 . 2009-02-15 20:25	9,934,392	--a------	c:\program files\picasa3-setup.exe
2009-02-03 20:04 . 2009-02-20 08:08	<DIR>	d--------	c:\documents and settings\user\Dane aplikacji\skypePM
2009-02-03 20:04 . 2009-02-03 20:04	56	--ah-----	c:\windows\system32\ezsidmv.dat
2009-02-03 20:02 . 2009-02-14 21:43	<DIR>	dr-------	c:\program files\Skype
2009-02-03 20:02 . 2009-02-03 20:02	<DIR>	d--------	c:\program files\Common Files\Skype
2009-02-03 20:02 . 2009-02-20 08:09	<DIR>	d--------	c:\documents and settings\user\Dane aplikacji\Skype
2009-02-03 20:02 . 2009-02-03 20:02	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-01 21:29 . 2009-02-01 21:29	<DIR>	d--------	c:\program files\VirtualDub-1.8.8
2009-02-01 21:27 . 2009-02-01 21:27	1,379,946	--a------	c:\program files\VirtualDub-1.8.8.zip
2009-02-01 21:07 . 2009-02-01 21:07	<DIR>	d--------	c:\program files\RADVideo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 20:38	---------	d-----w	c:\documents and settings\user\Dane aplikacji\Winamp
2009-02-15 19:26	---------	d-----w	c:\program files\Google
2009-02-14 20:53	---------	d-----w	c:\program files\SubEdit-Player
2009-02-14 20:52	---------	d-----w	c:\program files\Fotosik Manager
2009-02-14 20:48	---------	d-----w	c:\program files\QuickTime
2009-02-14 20:47	---------	d-----w	c:\program files\Gadu-Gadu
2009-01-16 17:53	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\hps
2009-01-10 12:20	---------	d-----w	c:\program files\kED
2009-01-05 22:33	3,751,995	----a-w	c:\windows\system32\GPhotos.scr
2008-10-23 18:46	1,851,544	----a-w	c:\program files\install_flash_player.exe
2008-03-06 13:02	13,413,048	----a-w	c:\program files\Google_Earth_BZXD.exe
2007-12-27 15:44	1,204,401	----a-w	c:\program files\NBR6606PLK.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-02 20560]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - DwShield00000329

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 12:23:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-20 12:24:34
ComboFix-quarantined-files.txt  2009-02-20 11:24:25
ComboFix2.txt  2009-02-18 09:44:16

Przed: 9 382 780 928 bajtów wolnych
Po: 9,372,577,792 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

112