Anonim / 9 lat, 5 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
ComboFix 08-09-20.05 - Kasia 2008-09-21  0:04:05.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.114 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Kasia\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\Kasia\Pulpit\CFScript.txt..txt
 * Utworzono nowy punkt przywracania

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]

FILE ::
C:\Program Files\Applications\iebt.dll
C:\WINDOWS\system32\aav.cpl
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Applications\iebt.dll
C:\WINDOWS\system32\aav.cpl

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-08-20 do 2008-09-20  )))))))))))))))))))))))))))))))
.

2008-09-19 01:18 . 2008-09-19 01:18	<DIR>	d--------	C:\Program Files\Lavasoft
2008-09-19 01:18 . 2008-09-19 01:22	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-09-19 01:05 . 2008-09-19 01:05	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-19 00:01 . 2008-09-19 00:25	<DIR>	d--------	C:\Program Files\SkanerOnline
2008-09-18 00:24 . 2008-09-21 00:04	<DIR>	d--------	C:\Program Files\Applications
2008-09-12 13:35 . 2008-09-12 13:35	<DIR>	d--------	C:\WINDOWS\system32\pl
2008-09-12 13:35 . 2008-09-12 13:35	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-09-12 13:35 . 2008-09-12 13:35	<DIR>	d--------	C:\WINDOWS\l2schemas
2008-09-12 13:30 . 2008-09-12 13:35	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-09-06 14:43 . 2004-07-17 22:55	129,045	---------	C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-09-02 10:26 . 2008-09-02 10:26	<DIR>	d--------	C:\QSound
2008-09-02 10:26 . 2008-09-02 10:26	<DIR>	d--------	C:\Documents and Settings\Kasia\WINDOWS
2008-09-02 10:26 . 1997-04-08 20:08	299,520	--a------	C:\WINDOWS\uninst.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 23:05	---------	d-----w	C:\Documents and Settings\Kasia\Dane aplikacji\skypePM
2008-09-20 22:52	---------	d-----w	C:\Documents and Settings\Kasia\Dane aplikacji\Skype
2008-09-20 22:47	---------	d-----w	C:\Documents and Settings\Kasia\Dane aplikacji\OpenOffice.org2
2008-09-19 00:17	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-12 11:45	---------	d-----w	C:\Program Files\Huawei technologies
2008-08-12 11:43	---------	d-----w	C:\Documents and Settings\Kasia\Dane aplikacji\Macrovision
2008-08-12 09:42	---------	d-----w	C:\Program Files\Vodafone
2008-08-12 09:42	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-07-18 21:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 21:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-06-24 17:12	295,936	------w	C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
2007-03-13 07:46	1,457,696	----a-w	C:\Program Files\winamp533_lite.exe
2007-02-27 10:34	6,653,088	----a-w	C:\Program Files\Firefox Setup 2.0.0.2.exe
2007-01-22 12:02	20,170,640	----a-w	C:\Program Files\SkypeSetup.exe
2007-01-22 09:57	3,994,653	----a-w	C:\Program Files\gg76.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-09-19_17.08.57.70   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-19 15:41:54	53,098	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-09-20 22:51:48	53,098	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2008-09-19 15:41:54	67,496	----a-w	C:\WINDOWS\system32\perfc015.dat
+ 2008-09-20 22:51:48	67,496	----a-w	C:\WINDOWS\system32\perfc015.dat
- 2008-09-19 15:41:54	380,684	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-09-20 22:51:48	380,684	----a-w	C:\WINDOWS\system32\perfh009.dat
- 2008-09-19 15:41:54	436,560	----a-w	C:\WINDOWS\system32\perfh015.dat
+ 2008-09-20 22:51:48	436,560	----a-w	C:\WINDOWS\system32\perfh015.dat
+ 2008-09-20 22:47:09	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
"ISUSPM"="C:\Documents and Settings\All Users\Dane aplikacji\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-11 282624]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 00:06:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-21  0:09:24
ComboFix-quarantined-files.txt  2008-09-20 23:09:20
ComboFix2.txt  2008-09-19 16:09:25

Przed: 42˙805˙567˙488 bajt˘w wolnych
Po: 42,803,568,640 bajt˘w wolnych

125	--- E O F ---	2008-09-13 21:44:55