MJ / 9 lat, 6 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
ComboFix 08-10-24.02 - Administrator 2008-10-25  9:34:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.87 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts
C:\WINDOWS\system32\AutoRun.inf

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNDMSS
-------\Legacy_LSIVS
-------\Service_BNDMSS
-------\Service_LSIVS


(((((((((((((((((((((((((   Pliki utworzone od 2008-09-25 do 2008-10-25  )))))))))))))))))))))))))))))))
.

2008-10-25 08:31 . 2008-10-15 18:36	337,408	-----c---	C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-21 16:53 . 2008-10-21 16:53	<DIR>	d--------	C:\Program Files\RealVNC
2008-10-17 19:27 . 2008-09-08 12:41	333,824	-----c---	C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 19:26 . 2008-08-14 15:26	2,190,464	-----c---	C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 19:26 . 2008-08-14 15:26	2,146,816	-----c---	C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 19:26 . 2008-08-14 15:26	2,067,328	-----c---	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 19:26 . 2008-08-14 15:26	2,025,472	-----c---	C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 19:26 . 2008-09-15 17:27	1,846,656	-----c---	C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-06 06:55 . 2008-10-06 06:55	<DIR>	d--------	C:\WINDOWS\system32\pl
2008-10-06 06:55 . 2008-10-06 06:55	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-10-06 06:55 . 2008-10-06 06:55	<DIR>	d--------	C:\WINDOWS\l2schemas
2008-10-06 06:53 . 2008-10-06 06:56	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-09-29 18:07 . 2004-08-04 00:35	701,440	---------	C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-29 18:04 . 2008-09-29 18:04	16,368	--a------	C:\Documents and Settings\Administrator\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-09-26 22:23 . 2008-09-26 22:23	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack
2008-09-26 22:23 . 2008-07-23 18:50	3,596,288	--a------	C:\WINDOWS\system32\qt-dx331.dll
2008-09-26 21:41 . 2008-09-26 21:41	<DIR>	d--------	C:\Program Files\NAPI-PROJEKT
2008-09-26 21:41 . 2008-09-26 21:41	<DIR>	d--------	C:\Program Files\ALLPlayer

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 07:20	1,635	----a-w	C:\Documents and Settings\Administrator\skp66.exe
2008-10-23 18:55	---------	d-----w	C:\Program Files\DScaler
2008-10-18 14:17	---------	d-----w	C:\Program Files\easyMule
2008-10-08 18:24	24,576	----a-w	C:\Documents and Settings\Administrator\diss.exe
2008-09-21 13:31	28,160	----a-w	C:\Documents and Settings\Administrator\poxy5.exe
2008-09-21 04:23	28,160	------w	C:\WINDOWS\system32\bndmss.exe
2008-09-19 15:26	6,656	----a-w	C:\Documents and Settings\Administrator\pla.exe
2008-09-19 15:26	16,827	----a-w	C:\WINDOWS\system32\drivers\hosts
2008-09-15 15:27	1,846,656	----a-w	C:\WINDOWS\system32\win32k.sys
2008-09-14 12:35	45,056	----a-w	C:\WINDOWS\system32\UTSCSI.EXE
2008-09-13 07:56	172,032	--sh--r	C:\WINDOWS\system32\lsivs.exe
2008-09-08 10:41	333,824	----a-w	C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 04:52	6,656	----a-w	C:\Documents and Settings\Administrator\planet.exe
2008-08-26 16:39	---------	d-----w	C:\Documents and Settings\Administrator\Dane aplikacji\IEPro
2008-08-26 08:27	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-08-25 18:53	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-08-14 13:26	2,190,464	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26	2,067,328	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 06:41	16,538	----a-w	C:\Documents and Settings\Administrator\servi32.exe
2008-08-14 06:34	44,032	----a-w	C:\Documents and Settings\Administrator\service2.exe
2008-07-25 08:34	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34	683,520	----a-w	C:\WINDOWS\system32\divx.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2008-07-30 10:58	149040	--a------	C:\Program Files\easyMule\modules\IE2EM.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Administrator\\service2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lsivs.exe"=
"C:\\WINDOWS\\system32\\bndmss.exe"=
"C:\\Documents and Settings\\Administrator\\poxy5.exe"=poxy5.exe
"poxy5.exe"= poxy5.exe:BNDMSS
"C:\\Documents and Settings\\Administrator\\skp66.exe"=skp66.exe
"skp66.exe"= skp66.exe:BNDMSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 BT848;bt848 tweaked WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-07-16 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-10-08 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2001-10-08 8193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a9c68e-7395-11dd-90a1-0008741899bb}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O8 -: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 09:40:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-25  9:42:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-10-25 07:42:10

Przed: 1 714 823 168 bajtów wolnych
Po: 2,340,208,640 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

147	--- E O F ---	2008-10-25 06:31:48