Anonim / 8 lat, 6 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
ComboFix 09-06-26.02 - Właściciel 2009-06-29 16:30.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.2038.1445 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-05-28 do 2009-06-29  )))))))))))))))))))))))))))))))
.

2009-06-29 12:50 . 2009-06-29 12:50	--------	d-----w-	c:\windows\LastGood
2009-06-29 12:50 . 2009-06-29 12:50	--------	d-----w-	c:\program files\ESET
2009-06-28 18:17 . 2009-06-28 18:17	--------	dc----w-	c:\windows\system32\dllcache\cache
2009-06-28 17:42 . 2009-06-28 17:42	396288	----a-w-	C:\HijackThis.exe
2009-06-28 14:32 . 2008-07-10 13:29	101376	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-06-28 09:32 . 2009-06-28 09:32	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
2009-06-14 20:30 . 2009-06-28 10:06	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-14 20:30 . 2009-06-14 20:30	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-06-14 10:11 . 2009-06-14 10:11	--------	d-----w-	c:\windows\Google Earth Pro 4.2
2009-06-13 10:30 . 2001-10-26 14:57	12160	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2009-06-13 10:30 . 2001-10-26 14:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2009-06-13 10:30 . 2008-04-13 22:15	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2009-06-13 10:30 . 2008-04-13 22:15	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2009-06-13 10:27 . 2008-09-16 19:23	168448	----a-w-	c:\windows\system32\unrar.dll
2009-06-13 10:26 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2009-06-13 10:26 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2009-06-13 10:26 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2009-06-13 10:26 . 2009-05-01 21:02	90112	----a-w-	c:\windows\system32\dpl100.dll
2009-06-13 10:26 . 2008-11-06 16:37	3596288	----a-w-	c:\windows\system32\qt-dx331.dll
2009-06-13 10:26 . 2009-05-01 21:02	685056	----a-w-	c:\windows\system32\divx.dll
2009-06-13 10:26 . 2009-06-02 16:11	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-06-09 22:38 . 2009-06-09 22:38	--------	d-----w-	c:\program files\AskSearch
2009-06-09 22:38 . 2009-06-09 22:38	--------	d-----w-	c:\program files\AskBarDis
2009-06-09 19:05 . 2009-06-18 22:51	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-06-09 19:00 . 2009-06-09 19:00	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2009-06-09 17:21 . 2009-02-08 13:29	303104	----a-w-	c:\windows\Uninstall_tkexe.exe
2009-06-09 17:08 . 2009-06-09 17:08	--------	d-----w-	c:\program files\Common Files\Skype
2009-06-09 17:08 . 2009-06-09 17:08	--------	d-----r-	c:\program files\Skype
2009-06-09 17:07 . 2009-06-09 17:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
2009-06-08 17:08 . 2009-06-08 17:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-06-08 17:07 . 2009-06-08 17:07	--------	d-----w-	c:\program files\Ashampoo
2009-06-06 20:41 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2009-06-06 20:41 . 2009-06-06 20:41	--------	d-----w-	c:\program files\Real Alternative
2009-06-05 13:38 . 2009-06-05 13:38	--------	d-----w-	c:\program files\MSXML 4.0
2009-06-05 07:58 . 2008-04-13 22:15	26368	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2009-06-05 07:58 . 2008-04-13 22:17	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys
2009-06-05 07:58 . 2008-04-13 22:17	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2009-06-05 07:57 . 2009-06-05 07:57	50	----a-w-	c:\windows\system32\bridf07a.dat
2009-06-05 07:57 . 2007-02-01 11:19	1520640	----a-w-	c:\windows\system32\BrWia07a.dll
2009-06-05 07:57 . 2007-01-26 12:06	45568	----a-w-	c:\windows\system32\BrUsi07a.dll
2009-06-05 07:57 . 2004-10-15 10:50	15295	----a-w-	c:\windows\system32\drivers\BrScnUsb.sys
2009-06-05 07:57 . 2007-02-02 12:22	55808	----a-w-	c:\windows\system32\brinsstr.dll
2009-06-05 07:57 . 2007-01-25 15:16	94208	------r-	c:\windows\system32\BrDctF2.dll
2009-06-05 07:57 . 2007-01-15 19:54	12288	------r-	c:\windows\system32\BrDctF2S.dll
2009-06-05 07:57 . 2007-01-15 16:56	12288	------r-	c:\windows\system32\BrDctF2L.dll
2009-06-05 07:57 . 2006-12-28 11:39	176128	------w-	c:\windows\system32\BroSNMP.dll
2009-06-05 07:56 . 2009-06-05 07:57	--------	d-----w-	c:\program files\Brother
2009-06-05 07:56 . 2007-01-18 11:51	163840	------w-	c:\windows\system32\NSSearch.dll
2009-06-05 07:56 . 2007-02-15 11:54	131072	------w-	c:\windows\brunin03.dll
2009-06-05 07:56 . 2009-06-05 07:56	--------	d-----w-	c:\program files\Nuance
2009-06-05 07:55 . 2009-06-05 07:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-06-05 07:55 . 2009-06-05 07:55	--------	d-----w-	c:\program files\Common Files\ScanSoft Shared
2009-06-05 07:55 . 2009-06-05 07:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ScanSoft
2009-06-05 07:55 . 2009-06-05 07:55	--------	d-----w-	c:\program files\ScanSoft
2009-06-05 07:54 . 2009-06-05 07:54	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Brother
2009-06-01 06:21 . 2009-06-01 06:21	--------	d-----w-	c:\windows\system32\NtmsData
2009-05-30 17:25 . 2008-06-14 17:36	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-05-30 17:25 . 2008-06-14 17:36	273024	------w-	c:\windows\system32\drivers\bthport.sys
2009-05-30 17:24 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-05-30 17:24 . 2009-02-09 11:26	2190336	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-30 17:24 . 2009-02-09 11:26	2146816	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-30 17:24 . 2009-02-09 11:26	2025472	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-30 17:21 . 2008-07-09 07:57	26488	----a-w-	c:\windows\system32\spupdsvc.exe
2009-05-30 17:21 . 2009-06-11 13:07	--------	d--h--w-	c:\windows\$hf_mig$

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 08:23 . 2009-05-28 18:45	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-12 17:37 . 2008-04-15 12:00	49910	----a-w-	c:\windows\system32\perfc015.dat
2009-06-12 17:37 . 2008-04-15 12:00	356068	----a-w-	c:\windows\system32\perfh015.dat
2009-06-07 22:22 . 2009-05-28 18:56	--------	d-----w-	c:\program files\Atheros
2009-06-05 07:55 . 2009-05-28 18:45	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-05-28 20:01 . 2009-05-28 20:01	--------	d-----w-	c:\program files\Common Files\Adobe
2009-05-28 19:50 . 2009-05-28 19:50	0	----a-w-	c:\windows\nsreg.dat
2009-05-28 19:32 . 2009-05-28 19:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET
2009-05-28 19:25 . 2009-05-28 19:25	--------	d-----w-	c:\program files\CONEXANT
2009-05-28 19:19 . 2009-05-28 19:19	--------	d-----w-	c:\program files\Apoint2K
2009-05-28 19:14 . 2009-05-28 19:14	--------	d-----w-	c:\program files\Launch Manager
2009-05-28 19:14 . 2009-05-28 17:33	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 19:06 . 2009-05-28 19:06	--------	d-----w-	c:\program files\Synaptics
2009-05-28 18:56 . 2009-05-28 18:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Atheros
2009-05-28 18:49 . 2009-05-28 18:49	--------	d-----w-	c:\program files\Intel
2009-05-28 18:45 . 2009-05-28 18:45	--------	d-----w-	c:\program files\Realtek
2009-05-28 17:34 . 2009-05-28 17:34	--------	d-----w-	c:\program files\microsoft frontpage
2009-05-28 17:33 . 2009-05-28 17:33	--------	d-----w-	c:\program files\Usługi online
2009-05-28 17:31 . 2009-05-28 17:31	21856	----a-w-	c:\windows\system32\emptyregdb.dat
2009-05-14 13:49 . 2009-05-14 13:49	94360	----a-w-	c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47	107256	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41	114472	----a-w-	c:\windows\system32\drivers\eamon.sys
2009-05-07 15:34 . 2008-04-15 12:00	347648	----a-w-	c:\windows\system32\localspl.dll
2009-04-29 04:35 . 2008-04-15 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-04-29 04:35 . 2008-04-15 12:00	669184	----a-w-	c:\windows\system32\wininet.dll
2009-04-19 19:51 . 2008-04-15 12:00	1847424	----a-w-	c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2008-04-15 12:00	585216	----a-w-	c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-18 827392]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-07-04 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\programy i aplikacje\\GG\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\programy i aplikacje\\torrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-06-10 234888]
S3 esihdrv;esihdrv;\??\c:\docume~1\WACICI~1\USTAWI~1\Temp\esihdrv.sys --> c:\docume~1\WACICI~1\USTAWI~1\Temp\esihdrv.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programy i aplikacje\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - EKRN
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-iPlusManager - d:\iplus\iPlusChecker.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\ncv8vvbd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 16:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\WACICI~1\USTAWI~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\programy i aplikacje\EVEREST Home Edition\kerneld.wnt"
.
Czas ukończenia: 2009-06-29 16:32
ComboFix-quarantined-files.txt  2009-06-29 14:32

Przed: 31 457 939 456 bajtów wolnych
Po: 31 479 599 104 bajtów wolnych

178	--- E O F ---	2009-06-11 13:07