TT / 8 lat, 8 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
ComboFix 09-02-21.01 - Magdalena Klamka 2009-02-24 10:57:02.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.191.21 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Magdalena Klamka\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Magdalena Klamka\Pulpit\CFScript.txt
 * Utworzono nowy punkt przywracania

FILE ::
C:\qphdin.com
D:\qphdin.com
D:\v63enh.exe
D:\ve.exe
D:\x2csvg.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\qphdin.com
D:\qphdin.com
D:\v63enh.exe
D:\ve.exe
D:\x2csvg.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-24 do 2009-02-24  )))))))))))))))))))))))))))))))
.

2009-02-20 22:15 . 2009-02-20 22:15	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Media Player Classic
2009-02-15 15:16 . 2004-08-04 13:00	221,184	--a------	c:\windows\system32\wmpns.dll
2009-02-12 21:28 . 2001-08-17 21:56	7,552	--a------	c:\windows\system32\drivers\SONYPVU1.SYS
2009-02-12 21:28 . 2001-08-17 21:56	7,552	--a--c---	c:\windows\system32\dllcache\sonypvu1.sys
2009-02-12 18:31 . 2009-02-12 18:31	197	--a------	c:\windows\system32\MRT.INI
2009-02-09 01:25 . 2009-02-09 01:25	<DIR>	d--------	c:\windows\EHome
2009-02-09 00:54 . 2009-02-20 21:40	250	--a------	c:\windows\gmer.ini
2009-02-09 00:10 . 2009-02-09 00:10	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-02-09 00:09 . 2009-02-09 00:10	<DIR>	d--------	c:\program files\PDFCreator
2009-02-09 00:09 . 2004-03-09 01:00	662,288	--a------	c:\windows\system32\MSCOMCT2.OCX
2009-02-09 00:09 . 1998-06-24 01:00	137,000	--a------	c:\windows\system32\MSMAPI32.OCX
2009-02-09 00:09 . 2001-10-28 17:42	116,224	--a------	c:\windows\system32\pdfcmnnt.dll
2009-02-09 00:09 . 1998-07-06 01:00	23,552	--a------	c:\windows\system32\MSMPIDE.DLL
2009-02-09 00:07 . 2009-02-09 00:07	<DIR>	d--------	c:\program files\Alwil Software
2009-02-08 23:49 . 2009-02-08 23:49	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Ldoce
2009-02-08 23:49 . 2009-02-08 23:49	335	--a------	c:\windows\ldoce.dat
2009-02-08 23:48 . 2009-02-08 23:48	<DIR>	d--------	c:\program files\Common Files\Macrovision Shared
2009-02-08 23:48 . 2009-02-08 23:48	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Macrovision
2009-02-08 23:48 . 2009-02-08 23:48	54,784	--a------	c:\windows\system32\drivers\CDAC11BA.EXE
2009-02-08 23:48 . 2009-02-08 23:48	12,464	--a------	c:\windows\system32\drivers\CdaC15BA.SYS
2009-02-08 23:45 . 2009-02-08 23:45	<DIR>	d--------	c:\program files\Longman
2009-02-08 23:28 . 2009-02-08 23:28	<DIR>	d--------	c:\program files\Trend Micro
2009-02-08 23:16 . 2009-02-09 00:00	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\BESTplayer
2009-01-29 22:02 . 2009-01-29 22:02	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Gadu-Gadu
2009-01-29 22:01 . 2009-02-12 19:33	<DIR>	d--------	c:\program files\Gadu-Gadu
2009-01-29 22:01 . 2009-02-20 20:40	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Gadu-Gadu
2009-01-29 21:35 . 2009-01-29 21:48	<DIR>	d--------	c:\documents and settings\Magdalena Klamka\Dane aplikacji\Nowe Gadu-Gadu
2009-01-26 21:32 . 2009-01-26 21:33	<DIR>	d--------	c:\program files\Opera

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 22:49	12,464	----a-w	c:\windows\system32\drivers\secdrv.sys
2009-02-08 22:21	---------	d-----w	c:\documents and settings\Magdalena Klamka\Dane aplikacji\HP
2009-01-28 07:17	---------	d-----w	c:\program files\Common Files\Adobe
2009-01-19 17:33	---------	d-----w	c:\program files\MSXML 4.0
2009-01-18 20:51	---------	d-----w	c:\program files\HP
2009-01-18 20:51	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-18 20:50	---------	d-----w	c:\program files\Common Files\HP
2009-01-18 20:48	---------	d-----w	c:\program files\Hewlett-Packard
2009-01-18 20:46	---------	d-----w	c:\program files\Common Files\Hewlett-Packard
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 610304]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"TV Now"="c:\program files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 282624]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CARPService"="carpserv.exe" [2003-04-15 c:\windows\system32\carpserv.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-16 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-12-07 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-12-07 244608]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-17 28280]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/SignActivX.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 11:01:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?4?4?8??????? ?deB???????????????B? ?????? 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-24 11:04:35
ComboFix-quarantined-files.txt  2009-02-24 10:04:29
ComboFix2.txt  2009-02-23 23:46:10
ComboFix3.txt  2009-02-23 22:29:06

Przed: 4 337 954 816 bajtów wolnych
Po: 4,331,921,408 bajtów wolnych

137	--- E O F ---	2009-02-12 17:31:53