TT / 8 lat, 8 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
ComboFix 09-02-21.01 - Magdalena Klamka 2009-02-24  0:38:39.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.191.83 [GMT 1:00]
Running from: c:\documents and settings\Magdalena Klamka\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2fiy.bat
C:\autorun.inf
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\2fiy.bat
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-01-23 to 2009-02-23  )))))))))))))))))))))))))))))))
.

2009-02-24 00:18 . 2009-02-15 15:12	106,803	-r-hs----	C:\qphdin.com
2009-02-20 22:15 . 2009-02-20 22:15	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Media Player Classic
2009-02-15 15:16 . 2004-08-04 13:00	221,184	--a------	c:\windows\system32\wmpns.dll
2009-02-12 21:28 . 2001-08-17 21:56	7,552	--a------	c:\windows\system32\drivers\SONYPVU1.SYS
2009-02-12 21:28 . 2001-08-17 21:56	7,552	--a--c---	c:\windows\system32\dllcache\sonypvu1.sys
2009-02-12 18:31 . 2009-02-12 18:31	197	--a------	c:\windows\system32\MRT.INI
2009-02-09 01:25 . 2009-02-09 01:25	<DIR>	d--------	c:\windows\EHome
2009-02-09 00:54 . 2009-02-20 21:40	250	--a------	c:\windows\gmer.ini
2009-02-09 00:10 . 2009-02-09 00:10	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-02-09 00:09 . 2009-02-09 00:10	<DIR>	d--------	c:\program files\PDFCreator
2009-02-09 00:09 . 2004-03-09 01:00	662,288	--a------	c:\windows\system32\MSCOMCT2.OCX
2009-02-09 00:09 . 1998-06-24 01:00	137,000	--a------	c:\windows\system32\MSMAPI32.OCX
2009-02-09 00:09 . 2001-10-28 17:42	116,224	--a------	c:\windows\system32\pdfcmnnt.dll
2009-02-09 00:09 . 1998-07-06 01:00	23,552	--a------	c:\windows\system32\MSMPIDE.DLL
2009-02-09 00:07 . 2009-02-09 00:07	<DIR>	d--------	c:\program files\Alwil Software
2009-02-08 23:49 . 2009-02-08 23:49	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Ldoce
2009-02-08 23:49 . 2009-02-08 23:49	335	--a------	c:\windows\ldoce.dat
2009-02-08 23:48 . 2009-02-08 23:48	<DIR>	d--------	c:\program files\Common Files\Macrovision Shared
2009-02-08 23:48 . 2009-02-08 23:48	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Macrovision
2009-02-08 23:48 . 2009-02-08 23:48	54,784	--a------	c:\windows\system32\drivers\CDAC11BA.EXE
2009-02-08 23:48 . 2009-02-08 23:48	12,464	--a------	c:\windows\system32\drivers\CdaC15BA.SYS
2009-02-08 23:45 . 2009-02-08 23:45	<DIR>	d--------	c:\program files\Longman
2009-02-08 23:28 . 2009-02-08 23:28	<DIR>	d--------	c:\program files\Trend Micro
2009-02-08 23:16 . 2009-02-09 00:00	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\BESTplayer
2009-01-29 22:02 . 2009-01-29 22:02	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Gadu-Gadu
2009-01-29 22:01 . 2009-02-12 19:33	<DIR>	d--------	c:\program files\Gadu-Gadu
2009-01-29 22:01 . 2009-02-20 20:40	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Gadu-Gadu
2009-01-29 21:35 . 2009-01-29 21:48	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Nowe Gadu-Gadu
2009-01-26 21:32 . 2009-01-26 21:33	<DIR>	d--------	c:\program files\Opera

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 22:49	12,464	----a-w	c:\windows\system32\drivers\secdrv.sys
2009-02-08 22:21	---------	d-----w	c:\documents and settings\Magdalena Klamka\Dane aplikacji\HP
2009-01-28 07:17	---------	d-----w	c:\program files\Common Files\Adobe
2009-01-19 17:33	---------	d-----w	c:\program files\MSXML 4.0
2009-01-18 20:51	---------	d-----w	c:\program files\HP
2009-01-18 20:51	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-18 20:50	---------	d-----w	c:\program files\Common Files\HP
2009-01-18 20:48	---------	d-----w	c:\program files\Hewlett-Packard
2009-01-18 20:46	---------	d-----w	c:\program files\Common Files\Hewlett-Packard
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 610304]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"TV Now"="c:\program files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 282624]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CARPService"="carpserv.exe" [2003-04-15 c:\windows\system32\carpserv.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-16 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-12-07 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-12-07 244608]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-17 28280]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b775c51-f932-11dd-a580-00904b51fa69}]
\Shell\AutoRun\command - F:\qphdin.com
\Shell\open\Command - F:\qphdin.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/SignActivX.cab
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 00:42:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?4?4?8??@???? ?deB???????????????B? ?????? 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\HPConfig.exe
c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-24  0:46:05 - machine was rebooted
ComboFix-quarantined-files.txt  2009-02-23 23:45:59
ComboFix2.txt  2009-02-23 22:29:06

Pre-Run: 4 236 832 768 bajtów wolnych
Post-Run: 4,358,905,856 bajtów wolnych

150	--- E O F ---	2009-02-12 17:31:53