kl / 9 lat, 3 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
ComboFix 09-01-10.03 - Kuba 2009-01-11 16:43:58.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1023.672 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Kuba\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Kuba\Pulpit\CFScript.txt
 * Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JGAMEENP
-------\Service_jgameenp


(((((((((((((((((((((((((   Pliki utworzone od 2008-12-11 do 2009-01-11  )))))))))))))))))))))))))))))))
.

2009-01-11 16:28 . 2009-01-11 16:28	<DIR>	d--------	c:\program files\Avira
2009-01-11 16:28 . 2009-01-11 16:28	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Avira
2009-01-11 16:24 . 2009-01-11 16:47	272,416	--ahs----	c:\windows\system32\drivers\fidbox.dat
2009-01-11 16:24 . 2009-01-11 16:46	8,224	--ahs----	c:\windows\system32\drivers\fidbox2.dat
2009-01-11 16:24 . 2009-01-11 16:46	7,736	--ahs----	c:\windows\system32\drivers\fidbox.idx
2009-01-11 16:24 . 2009-01-11 16:46	2,816	--ahs----	c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:58 . 2009-01-11 16:22	<DIR>	d--------	c:\documents and settings\Kuba\Dane aplikacji\XnView
2009-01-11 14:04 . 2009-01-11 14:08	<DIR>	d--------	c:\documents and settings\Kuba\Gadu-Gadu
2009-01-11 13:43 . 2009-01-11 13:43	<DIR>	d--------	c:\documents and settings\Kuba\Dane aplikacji\Gadu-Gadu
2009-01-07 19:47 . 1999-07-17 02:21	4,608	--a------	c:\windows\system32\W95Inf32.DLL
2009-01-07 19:47 . 1999-07-17 02:21	2,272	--a------	c:\windows\system32\W95Inf16.DLL
2009-01-03 14:40 . 2009-01-01 15:55	4,358,144	--a------	c:\windows\uncsetup.exe
2009-01-03 14:40 . 2009-01-03 14:40	53,248	--a------	c:\windows\system32\unrar.dll
2008-12-21 10:13 . 2008-12-21 10:13	<DIR>	d--------	c:\windows\nview
2008-12-21 10:13 . 2008-12-21 10:13	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-21 09:41 . 2008-12-21 09:41	<DIR>	d--------	c:\windows\nview(2)
2008-12-21 09:41 . 2008-12-23 11:40	187,068	--a------	c:\windows\system32\nvapps.xml
2008-12-21 09:41 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 15:47	---------	d-----w	c:\program files\PeerGuardian2
2009-01-11 15:24	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\Free Download Manager
2009-01-11 15:19	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-11 13:18	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\Azureus
2009-01-11 11:55	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-11 10:09	---------	d-----w	c:\program files\Mozilla Thunderbird
2009-01-10 19:30	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\foobar2000
2009-01-03 16:22	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\Hamachi
2008-12-25 16:48	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\teamspeak2
2008-12-19 10:30	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\Skype
2008-12-19 10:28	---------	d-----w	c:\documents and settings\Kuba\Dane aplikacji\skypePM
2008-12-10 19:47	---------	d-----w	c:\program files\sina
2008-02-21 15:01	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-12-19 20:57	67,688	----a-w	c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:57	54,368	----a-w	c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:57	34,944	----a-w	c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:57	46,712	----a-w	c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:57	172,136	----a-w	c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-02 11:33	283,168	--sha-w	c:\windows\fidbox.dat
.

(((((((((((((((((((((((((((((   snapshot@2009-01-11_16.01.33,23   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 08:57:10	163,328	----a-w	c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28	163,328	----a-w	c:\windows\erdnt\subs\ERDNT.EXE
+ 2008-05-09 11:15:51	45,376	----a-w	c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28	22,336	----a-w	c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03	75,072	----a-w	c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22	28,352	----a-w	c:\windows\system32\drivers\ssmdrv.sys
- 2008-10-16 04:35:39	119,744	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-01-11 15:24:38	119,744	----a-w	c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"d:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"d:\\Program Files\\uusee\\UUSeePlayer.exe"=
"d:\\Program Files\\Ubisoft\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"d:\\Program Files\\Ubisoft\\Heroes of Might and Magic III - Zlota Edycja\\h3wog.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:TCP
"4661:TCP"= 4661:TCP:TCP2
"4711:TCP"= 4711:TCP:TCP3
"4672:UDP"= 4672:UDP:Kad
"61619:TCP"= 61619:TCP:Azu

S3 RegVacService;RegVac Registry Service;d:\program files\RegVac Registry Cleaner\RegVserv.exe [2007-03-31 447488]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2008-03-11 10394624]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
*NewlyCreated* - SSMDRV
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Pobierz w Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: Pobierz zaznaczone w Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
TCP: {DE56864C-B783-4DC6-A21B-DC7892BCF405} = 194.204.159.1

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf

c:\windows\Downloaded Program Files\downloader.dll - O16 -: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}
hxxp://dl.uc.sina.com/cab/downloader.cab
c:\windows\Downloaded Program Files\downloader.inf
FF - ProfilePath - c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\9ihihy4k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - component: c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\9ihihy4k.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\component.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 16:47:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\klogon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-11 16:49:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-11 15:49:09
ComboFix2.txt  2009-01-11 15:02:38
ComboFix3.txt  2007-05-25 12:44:48

Przed: 5 162 786 816 bajtów wolnych
Po: 5,107,351,552 bajtów wolnych

180	--- E O F ---	2008-12-26 09:18:11