Anonim / 8 lat, 11 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
ComboFix 08-12-29.02 - Administrator 2008-12-30 18:50:35.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.114 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-30  )))))))))))))))))))))))))))))))
.

2008-12-29 02:23 . 2008-12-29 02:23	<DIR>	d--------	c:\program files\Trend Micro
2008-12-29 02:08 . 2008-12-29 02:22	327	--a------	c:\windows\RefreshLock.ini
2008-12-29 01:49 . 2008-12-29 01:49	<DIR>	d--------	c:\program files\HLTooLz
2008-12-29 01:49 . 2008-12-29 01:49	249,856	---------	c:\windows\Setup1.exe
2008-12-29 01:48 . 2008-12-29 01:48	73,216	--a------	c:\windows\ST6UNST.EXE
2008-12-29 01:36 . 2008-12-29 01:36	<DIR>	d--h-----	c:\windows\system32\GroupPolicy
2008-12-28 19:37 . 2008-12-28 19:39	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\teamspeak2
2008-12-28 19:35 . 2008-12-28 19:37	<DIR>	d--------	c:\program files\Teamspeak2_RC2
2008-12-28 19:35 . 2008-12-28 19:35	34,064	--a------	c:\windows\system32\lhacm.acm
2008-12-25 03:19 . 2008-12-30 17:34	<DIR>	d--------	c:\program files\mIRC
2008-12-25 03:19 . 2008-12-30 17:41	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\mIRC
2008-12-22 22:34 . 2008-12-22 22:37	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Ventrilo
2008-12-22 22:31 . 2008-12-22 22:31	<DIR>	d--------	c:\program files\Ventrilo
2008-12-22 22:30 . 2008-12-22 22:30	<DIR>	d--------	c:\program files\Common Files\Wise Installation Wizard
2008-12-17 18:00 . 2008-12-30 17:25	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\skypePM
2008-12-17 18:00 . 2008-12-17 18:00	56	--ah-----	c:\windows\system32\ezsidmv.dat
2008-12-17 17:59 . 2008-12-17 17:59	<DIR>	d--------	c:\program files\Skype
2008-12-17 17:59 . 2008-12-17 17:59	<DIR>	d--------	c:\program files\Common Files\Skype
2008-12-17 17:59 . 2008-12-30 17:41	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Skype
2008-12-17 17:58 . 2008-12-17 17:59	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Skype
2008-12-17 17:16 . 2008-12-30 17:37	74	--a------	c:\windows\wcx_ftp.ini
2008-12-17 00:26 . 2008-12-17 19:47	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\DivX
2008-12-16 23:25 . 2008-12-16 23:26	<DIR>	d--------	c:\program files\DivX
2008-12-16 23:21 . 2008-12-16 23:21	0	--a------	c:\windows\nsreg.dat
2008-12-16 22:01 . 2008-12-16 22:02	<DIR>	d--------	C:\totalcmd
2008-12-16 22:01 . 2008-12-30 17:39	2,194	--a------	c:\windows\wincmd.ini
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\UC.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\RAR.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\PKZIP.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\PKUNZIP.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\NOCLOSE.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\LHA.PIF
2008-12-16 22:01 . 2008-08-08 07:04	545	--a------	c:\windows\ARJ.PIF
2008-12-16 16:51 . 2008-12-16 16:51	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-12-16 15:19 . 2008-12-17 19:18	<DIR>	d--------	c:\program files\Valve
2008-12-16 15:16 . 2008-12-16 15:16	<DIR>	d--------	c:\program files\Gadu-Gadu
2008-12-16 15:12 . 2001-10-26 16:57	12,160	--a------	c:\windows\system32\drivers\mouhid.sys
2008-12-16 15:12 . 2001-10-26 16:57	12,160	--a--c---	c:\windows\system32\dllcache\mouhid.sys
2008-12-16 15:12 . 2001-08-17 22:02	9,600	--a------	c:\windows\system32\drivers\hidusb.sys
2008-12-16 15:12 . 2001-08-17 22:02	9,600	--a--c---	c:\windows\system32\dllcache\hidusb.sys
2008-12-16 14:33 . 2008-12-16 14:33	<DIR>	d--------	C:\games
2008-12-16 14:33 . 2008-12-23 00:41	<DIR>	d--------	c:\documents and settings\Administrator\Gadu-Gadu
2008-12-16 12:43 . 2008-12-16 12:43	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\OpenOffice.org
2008-12-16 12:30 . 2008-12-16 12:30	<DIR>	d--------	c:\program files\OpenOffice.org 3
2008-12-16 09:38 . 2004-08-03 23:08	26,496	--a--c---	c:\windows\system32\dllcache\usbstor.sys
2008-12-15 18:08 . 2004-08-04 00:07	171,776	--a------	c:\windows\system32\drivers\kmixer.sys
2008-12-15 18:08 . 2004-08-03 23:39	142,464	--a------	c:\windows\system32\drivers\aec.sys
2008-12-15 18:08 . 2004-08-04 00:15	82,944	--a------	c:\windows\system32\drivers\wdmaud.sys
2008-12-15 18:08 . 2004-08-04 00:15	60,800	--a------	c:\windows\system32\drivers\sysaudio.sys
2008-12-15 18:08 . 2001-08-17 23:00	54,272	--a------	c:\windows\system32\drivers\swmidi.sys
2008-12-15 18:08 . 2004-08-04 00:07	52,864	--a------	c:\windows\system32\drivers\DMusic.sys
2008-12-15 18:08 . 2004-08-03 23:58	7,552	--a------	c:\windows\system32\drivers\MSKSSRV.sys
2008-12-15 18:08 . 2004-08-04 00:07	6,400	--a------	c:\windows\system32\drivers\splitter.sys
2008-12-15 18:08 . 2004-08-03 23:58	4,992	--a------	c:\windows\system32\drivers\MSPQM.sys
2008-12-15 18:08 . 2004-08-04 00:07	2,944	--a------	c:\windows\system32\drivers\drmkaud.sys
2008-12-15 18:07 . 2004-08-04 01:35	58,624	--a------	c:\windows\system32\drivers\redbook.sys
2008-12-15 18:07 . 2004-08-03 23:31	20,992	--a------	c:\windows\system32\drivers\RTL8139.sys
2008-12-15 18:07 . 2004-08-03 23:58	5,376	--a------	c:\windows\system32\drivers\MSPCLOCK.sys
2008-12-15 18:07 . 2001-08-17 22:59	3,072	--a------	c:\windows\system32\drivers\audstub.sys
2008-12-15 18:05 . 2008-12-15 18:05	<DIR>	d--------	c:\program files\Real Alternative
2008-12-15 18:05 . 2008-12-15 18:05	<DIR>	d--------	c:\program files\QuickTime Alternative
2008-12-15 18:05 . 2008-12-15 18:05	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-12-15 18:05 . 2003-03-19 04:14	499,712	--a------	c:\windows\system32\msvcp71.dll
2008-12-15 18:05 . 2004-01-11 23:00	348,160	--a------	c:\windows\system32\msvcr71.dll
2008-12-15 18:05 . 2007-10-19 20:16	65,536	--a------	c:\windows\system32\QuickTimeVR.qtx
2008-12-15 18:05 . 2007-10-19 20:16	49,152	--a------	c:\windows\system32\QuickTime.qts
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--------	c:\program files\Intel
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	dr-h-----	c:\documents and settings\Default User\Ustawienia lokalne
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--------	c:\documents and settings\Default User\Ulubione
2008-12-15 18:04 . 2008-12-15 17:15	<DIR>	d--h-----	c:\documents and settings\Default User\Szablony
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--------	c:\documents and settings\Default User\Pulpit
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--------	c:\documents and settings\Default User\Moje dokumenty
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	dr-------	c:\documents and settings\Default User\Menu Start
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--------	c:\documents and settings\All Users\Ulubione
2008-12-15 18:04 . 2008-12-15 18:04	<DIR>	d--h-----	c:\documents and settings\All Users\Szablony
2008-12-15 18:04 . 2008-12-25 03:19	<DIR>	d--------	c:\documents and settings\All Users\Pulpit
2008-12-15 18:04 . 2008-12-15 17:24	<DIR>	dr-------	c:\documents and settings\All Users\Menu Start
2008-12-15 18:04 . 2008-12-15 17:16	<DIR>	dr-------	c:\documents and settings\All Users\Dokumenty
2008-12-15 18:03 . 2008-12-30 17:43	<DIR>	d--------	c:\windows\system32\CatRoot2
2008-12-15 18:03 . 2008-12-15 18:03	<DIR>	d--------	c:\windows\system32\CatRoot
2008-12-15 18:03 . 2008-12-15 18:03	<DIR>	d--------	c:\program files\SubEdit-Player
2008-12-15 18:03 . 2008-12-15 18:04	<DIR>	dr-h-----	c:\documents and settings\Default User\Dane aplikacji
2008-12-15 18:03 . 2008-12-15 17:20	<DIR>	d--h-----	c:\documents and settings\Default User
2008-12-15 18:03 . 2008-12-17 17:58	<DIR>	dr-h-----	c:\documents and settings\All Users\Dane aplikacji
2008-12-15 18:03 . 2008-12-15 17:19	<DIR>	d--------	c:\documents and settings\All Users
2008-12-15 18:03 . 2008-12-15 17:26	<DIR>	d--------	C:\Documents and Settings
2008-12-15 18:03 . 2004-08-04 00:27	1,086,058	-ra------	c:\windows\SET4.tmp
2008-12-15 18:03 . 2004-08-04 00:32	1,014,483	-ra------	c:\windows\SET3.tmp
2008-12-15 18:02 . 2008-12-15 18:02	<DIR>	d--------	c:\program files\Realtek Sound Manager
2008-12-15 18:02 . 2008-12-15 18:02	<DIR>	d--------	c:\program files\Realtek AC97
2008-12-15 18:02 . 2008-12-16 17:45	<DIR>	d--h-----	c:\program files\InstallShield Installation Information
2008-12-15 18:02 . 2008-12-15 18:02	<DIR>	d--------	c:\program files\AvRack
2008-12-15 18:02 . 2006-08-17 08:11	18,804,736	--a------	c:\windows\system32\alsndmgr.cpl
2008-12-15 18:02 . 2006-08-10 07:27	10,528,768	--a------	c:\windows\system32\RTLCPL.exe
2008-12-15 18:02 . 2006-08-18 13:52	4,017,536	-ra------	c:\windows\system32\drivers\alcxwdm.sys
2008-12-15 18:02 . 2006-08-03 05:12	577,536	--a------	c:\windows\soundman.exe
2008-12-15 18:02 . 2006-07-31 11:19	315,392	--a------	c:\windows\alcupd.exe
2008-12-15 18:02 . 2006-07-31 11:27	217,088	--a------	c:\windows\Alcrmv.exe
2008-12-15 18:02 . 2006-08-01 14:58	143,360	--a------	c:\windows\system32\RtlCPAPI.dll
2008-12-15 18:02 . 2002-02-05 13:54	141,016	--a------	c:\windows\system32\alsndmgr.wav
2008-12-15 18:02 . 2006-08-01 15:02	49,152	--a------	c:\windows\system32\ChCfg.exe
2008-12-15 18:02 . 2008-12-15 17:24	261	--a------	c:\windows\system32\$winnt$.inf
2008-12-15 18:02 . 2001-07-06 00:19	164	--a------	c:\windows\avrack.ini
2008-12-15 18:01 . 2008-12-15 18:04	<DIR>	d--------	c:\program files\Common Files\InstallShield

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 16:53	---------	d-----w	c:\program files\Common Files\Adobe
2008-12-15 16:51	97,928	----a-w	c:\windows\system32\drivers\avgldx86.sys
2008-12-15 16:51	76,040	----a-w	c:\windows\system32\drivers\avgtdix.sys
2008-12-15 16:51	10,520	----a-w	c:\windows\system32\avgrsstx.dll
2008-12-15 16:51	---------	d-----w	c:\program files\AVG
2008-12-15 16:51	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\avg8
2008-12-15 16:21	---------	d-----w	c:\program files\microsoft frontpage
2008-12-15 16:18	---------	d-----w	c:\program files\Usługi online
2008-11-21 21:47	9,464	------w	c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47	9,336	------w	c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47	524,288	----a-w	c:\windows\system32\DivXsm.exe
2008-11-21 21:47	43,528	------w	c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47	3,596,288	----a-w	c:\windows\system32\qt-dx331.dll
2008-11-21 21:47	129,784	------w	c:\windows\system32\pxafs.dll
2008-11-21 21:47	120,056	------w	c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47	118,520	------w	c:\windows\system32\pxinsi64.exe
2008-11-21 21:46	200,704	----a-w	c:\windows\system32\ssldivx.dll
2008-11-21 21:46	1,044,480	----a-w	c:\windows\system32\libdivx.dll
2008-11-21 21:44	161,096	----a-w	c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44	12,288	----a-w	c:\windows\system32\DivXWMPExtType.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-12-16 1410296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-15 1261336]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\koteczq121\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\koteczq121\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-15 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-15 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-15 76040]

*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\u6vyx3n0.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 18:53:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'explorer.exe'(1508)
c:\program files\Gadu-Gadu\ggwhook.dll
.
Czas ukończenia: 2008-12-30 18:55:02
ComboFix-quarantined-files.txt  2008-12-30 17:54:55

Przed: 12˙361˙371˙648 bajt˘w wolnych
Po: 12,657,201,152 bajt˘w wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212