Anonim / 8 lat, 2 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
ComboFix 09-10-24.01 - bujacz 2009-10-25 12:52.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1456 [GMT 1:00]
Uruchomiony z: c:\documents and settings\bujacz\Pulpit\Ściągniete z Mozilli\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ 
c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Amcap.lnk
c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Uninstall.lnk
c:\windows\system32\micr0st.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-09-25 do 2009-10-25  )))))))))))))))))))))))))))))))
.

2009-10-25 10:45 . 2009-10-25 10:45	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-10-25 08:57 . 2009-10-25 08:57	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Malwarebytes
2009-10-25 08:57 . 2009-09-10 13:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 08:57 . 2009-10-25 08:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-25 08:57 . 2009-10-25 08:57	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-10-25 08:57 . 2009-09-10 13:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-10-24 17:28 . 2009-10-24 17:28	304160	----a-w-	C:\PA207.DAT
2009-10-24 15:32 . 2009-10-24 15:32	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\GRETECH
2009-10-24 15:32 . 2009-10-24 15:32	--------	d-----w-	c:\program files\Real Alternative
2009-10-24 15:29 . 2009-10-24 15:29	--------	d-----w-	c:\program files\GRETECH
2009-10-17 18:30 . 2007-10-04 15:42	48128	------w-	c:\windows\system32\Remove.exe
2009-10-17 18:30 . 2008-02-13 11:17	618112	----a-w-	c:\windows\system32\drivers\PFC027.SYS
2009-10-17 18:30 . 2007-11-02 09:07	6656	----a-w-	c:\windows\system32\CoInst_080213.dll
2009-10-17 18:30 . 2009-10-17 18:30	--------	d-----w-	c:\program files\Salix
2009-10-17 18:30 . 2009-10-17 18:30	--------	d-----w-	c:\program files\Common Files\PAC207
2009-10-17 18:30 . 2009-10-17 18:30	--------	d-----w-	c:\windows\PixArt
2009-10-17 18:30 . 2006-10-12 09:57	14336	----a-w-	c:\windows\system32\P207USD.dll
2009-10-17 18:29 . 2009-10-17 18:29	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\InstallShield
2009-10-17 18:00 . 2009-10-17 18:00	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\ArcSoft
2009-10-17 17:59 . 2009-10-17 17:59	--------	d-----w-	c:\program files\Common Files\ArcSoft
2009-10-17 17:59 . 2005-02-23 12:58	11776	----a-w-	c:\windows\system32\drivers\afc.sys
2009-10-17 17:59 . 2005-04-27 14:36	245408	----a-r-	c:\windows\system32\unicows.dll
2009-10-17 17:59 . 1995-08-01 02:44	212480	----a-w-	c:\windows\PCDLIB32.DLL
2009-10-16 18:25 . 2009-10-23 19:58	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Hamachi
2009-10-10 16:59 . 2008-09-30 06:22	57344	-c----w-	c:\windows\system32\dllcache\uexfat.dll
2009-10-10 16:59 . 2008-09-30 06:22	57344	------w-	c:\windows\system32\uexfat.dll
2009-10-10 16:59 . 2008-09-29 10:21	133632	-c----w-	c:\windows\system32\dllcache\exfat.sys
2009-10-10 16:59 . 2008-09-29 10:21	133632	------w-	c:\windows\system32\drivers\exfat.sys
2009-10-10 12:35 . 1997-07-10 22:00	31744	----a-w-	c:\windows\system32\HLP95EN.DLL
2009-10-10 12:35 . 1996-12-12 12:30	64512	----a-w-	c:\windows\system32\drivers\SENTINEL.SYS
2009-10-10 12:35 . 1996-12-12 12:30	38400	------w-	c:\windows\system32\SNTI386.DLL
2009-10-10 12:35 . 1996-12-12 12:30	16896	----a-w-	c:\windows\system32\RNBOVDD.DLL
2009-10-10 12:34 . 2009-10-10 12:34	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2009-10-10 12:34 . 2006-05-21 21:00	401408	----a-w-	c:\windows\system32\regacad.dll
2009-10-10 12:34 . 2006-05-21 21:00	24576	----a-w-	c:\windows\system32\hdimon.dll
2009-10-10 12:34 . 2006-05-21 21:00	45315	----a-w-	c:\windows\system32\mtstack.exe
2009-10-10 12:34 . 2006-05-21 21:00	290816	----a-w-	c:\windows\system32\acadficn.dll
2009-10-10 12:34 . 2006-05-21 21:00	28672	----a-w-	c:\windows\system32\adresc.dll
2009-10-10 12:32 . 1996-11-06 10:07	302080	----a-w-	c:\windows\unin0415.exe
2009-10-01 18:40 . 2009-10-01 18:40	--------	d-----w-	c:\program files\directx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 11:50 . 2009-06-02 12:17	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Auto-Backup
2009-10-25 11:12 . 2009-06-02 21:25	--------	d-----w-	c:\program files\USDownloader
2009-10-25 10:32 . 2009-06-02 12:01	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\uTorrent
2009-10-25 08:52 . 2001-10-26 16:15	83660	----a-w-	c:\windows\system32\perfc015.dat
2009-10-25 08:52 . 2001-10-26 16:15	490284	----a-w-	c:\windows\system32\perfh015.dat
2009-10-24 15:30 . 2009-06-09 21:25	--------	d-----w-	c:\program files\NAPI-PROJEKT
2009-10-24 14:59 . 2009-06-02 10:55	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\foobar2000
2009-10-23 20:08 . 2009-06-02 11:12	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-10-23 20:05 . 2009-06-02 09:50	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-10-23 20:01 . 2009-06-02 09:53	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-18 09:59 . 2009-08-31 18:04	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Skype
2009-10-17 13:14 . 2009-07-24 11:07	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\WoDBO
2009-10-16 18:25 . 2009-09-23 08:41	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys
2009-10-11 19:15 . 2009-08-31 18:59	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\DBKO
2009-10-11 17:32 . 2009-09-12 18:02	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\ipla
2009-10-10 19:50 . 2009-06-17 16:25	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-10-10 19:50 . 2009-06-17 16:26	--------	d-----w-	c:\program files\AGEIA Technologies
2009-10-10 14:48 . 2009-06-02 10:14	75168	----a-w-	c:\documents and settings\bujacz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-05 18:46 . 2009-06-14 21:19	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\gtk-2.0
2009-09-26 14:00 . 2009-09-01 18:11	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\teamspeak2
2009-09-20 13:22 . 2009-09-20 13:13	--------	d-----w-	c:\program files\Super DVD Ripper
2009-09-20 13:04 . 2009-09-20 13:04	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\GetRightToGo
2009-09-19 21:16 . 2009-06-10 08:58	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-09-15 18:23 . 2009-06-29 09:24	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Nokia
2009-09-15 12:15 . 2009-09-15 12:15	--------	d-----w-	c:\program files\Amadis Software
2009-09-15 11:10 . 2009-09-15 11:09	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Moyea
2009-09-15 10:15 . 2009-08-30 17:52	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-09-12 18:02 . 2009-09-12 18:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ipla
2009-09-12 18:02 . 2009-09-12 18:02	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2009-09-11 14:19 . 2008-04-14 20:50	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-09 20:04 . 2009-07-22 14:33	--------	d-----w-	c:\program files\Common Files\YDP
2009-09-09 18:15 . 2009-06-02 12:33	91856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2009-09-09 18:15 . 2009-06-02 12:33	41424	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2009-09-09 18:15 . 2009-06-02 12:33	115856	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2009-09-09 18:15 . 2009-09-09 18:15	133648	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll
2009-09-09 18:15 . 2009-09-09 18:15	100368	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2009-09-05 14:08 . 2009-09-04 09:01	--------	d-----w-	c:\program files\SignSIS-GUI
2009-09-05 13:26 . 2009-09-05 13:26	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-05 13:26 . 2009-09-05 13:26	--------	d-----w-	c:\program files\Common Files\Real
2009-09-05 11:44 . 2009-09-05 11:44	--------	d-----w-	c:\program files\Common Files\PCSuite
2009-09-05 11:44 . 2009-09-05 11:44	--------	d-----w-	c:\program files\Common Files\Nokia
2009-09-05 11:43 . 2009-06-29 09:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Installations
2009-09-05 10:56 . 2009-09-05 10:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-09-05 10:53 . 2009-09-05 10:53	--------	d-----w-	c:\program files\Nokia
2009-09-04 21:05 . 2008-04-14 20:50	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-09-02 21:18 . 2009-09-02 21:18	--------	d-----w-	c:\documents and settings\bujacz\Dane aplikacji\Mael
2009-09-01 22:01 . 2009-09-01 22:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Nokia
2009-09-01 21:59 . 2009-09-01 21:59	--------	d-----w-	c:\program files\MSXML 6.0
2009-09-01 08:36 . 2009-09-01 08:36	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-08-31 18:04 . 2009-08-31 18:03	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
2009-08-29 07:58 . 2008-04-14 20:50	916480	----a-w-	c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-14 20:50	247326	----a-w-	c:\windows\system32\strmdll.dll
2009-08-14 11:36 . 2009-08-14 11:36	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
2009-08-06 17:24 . 2009-06-02 09:42	327896	----a-w-	c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-06-02 09:42	209632	----a-w-	c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-06-02 09:42	35552	----a-w-	c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09	44768	----a-w-	c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-06-02 09:42	53472	----a-w-	c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-14 20:50	96480	----a-w-	c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-06-02 09:42	575704	----a-w-	c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-06-02 09:42	1929952	----a-w-	c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 20:50	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 19:59	2146816	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 21:59	2025472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-08-02 22:21 . 2009-08-02 22:21	23320	----a-w-	c:\windows\system32\PhysXDevice.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto-Backup"="d:\program files\Auto-Backup\Auto-Backup.exe" [2009-09-08 1400832]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Steam\\steamapps\\q7582887\\counter-strike\\hl.exe"=
"d:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-04-09 107256]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-06-02 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-06-02 41424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-10-17 618112]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-06-02 91856]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-09-09 100368]
S3 cpuz130;cpuz130;\??\c:\docume~1\bujacz\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\bujacz\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-06-02 31952]
.
Zawartość folderu 'Zaplanowane zadania'

2009-10-22 c:\windows\Tasks\Idle Time Backup.job
- d:\program files\Itbackup\itbackup.exe [2009-06-11 12:55]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\bujacz\Dane aplikacji\Mozilla\Firefox\Profiles\ltfp0lsj.domyslny\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnmozillainterface.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 12:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-10-25 12:55
ComboFix-quarantined-files.txt  2009-10-25 11:55

Przed: 26 500 321 280 bajtów wolnych
Po: 28 049 997 824 bajtów wolnych

- - End Of File - - EEAFF6794EB5AE42CB8B504775F5252A