kreatius / 9 lat temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
ComboFix 09-01-07.02 - KRZYSZTOF SIWIŃSKI 2009-01-08 16:46:23.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.502.208 [GMT 1:00]
Uruchomiony z: c:\documents and settings\KRZYSZTOF SIWIŃSKI\Pulpit\_\HITY z płyty\ComboFix.exe
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfc45.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-08 do 2009-01-08  )))))))))))))))))))))))))))))))
.

2009-01-02 21:03 . 2009-01-02 21:03	406	--a------	c:\windows\system32\ioloBootDefrag.cfg
2009-01-02 21:02 . 2009-01-02 21:02	<DIR>	d--------	c:\program files\iolo
2009-01-02 21:02 . 2009-01-02 21:02	<DIR>	d--------	c:\documents and settings\LocalService\Dane aplikacji\iolo
2009-01-02 21:02 . 2008-12-22 12:55	936,288	--a------	c:\windows\system32\Incinerator.dll
2009-01-02 21:02 . 2008-09-24 09:32	28,672	--a------	c:\windows\system32\iolobtdfg.exe
2009-01-02 21:02 . 2008-11-18 11:51	8,192	--a------	c:\windows\system32\smrgdf.exe
2009-01-02 20:56 . 2009-01-02 20:56	<DIR>	d--------	c:\documents and settings\KRZYSZTOF SIWIŃSKI\Dane aplikacji\iolo
2009-01-02 20:56 . 2009-01-02 20:56	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\iolo
2008-12-27 22:16 . 2008-04-14 18:03	31,872	--a------	c:\windows\system32\drivers\wceusbsh.sys
2008-12-27 22:16 . 2008-04-14 18:03	31,872	--a------	c:\windows\system32\dllcache\wceusbsh.sys
2008-12-11 00:10 . 2008-12-11 00:10	410,984	--a------	c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:39	3,593,216	------w	c:\windows\system32\dllcache\mshtml.dll
2008-11-21 21:46	200,704	----a-w	c:\windows\system32\ssldivx.dll
2008-11-21 21:46	1,044,480	----a-w	c:\windows\system32\libdivx.dll
2008-11-12 22:02	---------	d-----w	c:\program files\ALLPlayer
2008-11-12 22:00	---------	d-----w	c:\program files\NAPI-PROJEKT
2008-11-12 21:21	---------	d-----w	c:\program files\Five chess
2008-11-12 20:48	---------	d-----w	c:\program files\Merry Christmas 2008
2008-11-10 08:44	---------	d-----w	c:\program files\Asseco Poland SA
2008-10-24 11:21	455,296	------w	c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42	286,720	----a-w	c:\windows\system32\gdi32.dll
2008-10-23 12:42	286,720	------w	c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:15	70,656	------w	c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11	13,824	------w	c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06	268,648	----a-w	c:\windows\system32\mucltui.dll
2008-10-16 13:06	208,744	----a-w	c:\windows\system32\muweb.dll
2008-10-15 17:36	337,408	------w	c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06	633,632	------w	c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04	161,792	------w	c:\windows\system32\dllcache\ieakui.dll
2008-01-25 16:42	41,376	----a-w	c:\documents and settings\KRZYSZTOF SIWIŃSKI\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-15 15:08	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe10" [X]
"LaunchApp"="Alaunch" [X]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 438272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 151552]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"RegistryMechanic"="c:\documents and settings\KRZYSZTOF SIWIŃSKI\Pulpit\_\HITY z płyty\Registry Mechanic\RegMech.exe" [2008-05-02 2404352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SkyTel"="SkyTel.EXE" [2006-07-19 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\LILA DR¨˝EK-SIWIăSKA\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-23 200704]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
PrevxCSI.lnk - c:\program files\PrevxCSI\prevxcsi.exe [2008-03-20 89600]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2007-11-11 67216]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-06-29 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-03-20 11008]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-20 111184]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2007-01-01 31744]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-20 20560]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-02 596336]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-02 596336]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-20 1097728]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S4 QGT;QGT;c:\docume~1\ADMINI~1\USTAWI~1\Temp\QGT.exe --> c:\docume~1\ADMINI~1\USTAWI~1\Temp\QGT.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e451ac-e614-11dc-8725-00163685f76d}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253c316a-b27b-11dd-87f7-00163685f76d}]
\Shell\AutoRun\command - nq0cq.cmd
\Shell\explore\Command - nq0cq.cmd
\Shell\open\Command - nq0cq.cmd
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 16:47:52
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
Czas ukończenia: 2009-01-08 16:49:09
ComboFix3.txt  2008-03-18 09:45:56
ComboFix2.txt  2008-03-18 23:35:34
ComboFix-quarantined-files.txt  2009-01-08 15:49:08

Przed: 9 204 301 824 bajtów wolnych
Po: 9,256,501,248 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

195	--- E O F ---	2008-12-19 10:41:02