log / 8 lat, 12 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
ComboFix 09-02-28.01 - Admin 2009-03-01 16:28:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.255.99 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-02-01 do 2009-03-01  )))))))))))))))))))))))))))))))
.

2009-03-01 16:15 . 2008-10-16 02:02	1,499,136	-----c---	c:\windows\system32\dllcache\shdocvw.dll
2009-03-01 16:15 . 2008-10-16 02:02	668,672	-----c---	c:\windows\system32\dllcache\wininet.dll
2009-03-01 16:15 . 2008-10-16 02:02	619,520	-----c---	c:\windows\system32\dllcache\urlmon.dll
2009-03-01 16:14 . 2008-04-11 20:06	691,712	-----c---	c:\windows\system32\dllcache\inetcomm.dll
2009-02-28 19:00 . 2009-02-28 19:00	0	--a------	c:\windows\nsreg.dat
2009-02-28 15:24 . 2009-02-28 15:24	<DIR>	d--------	c:\program files\Counter-Strike 1.6
2009-02-27 16:39 . 2009-02-27 16:39	83	--a------	c:\windows\WWP.INI
2009-02-27 16:15 . 1998-09-02 09:02	194,320	--a------	c:\windows\system32\qcut.dll
2009-02-27 16:15 . 1998-08-27 05:51	182,032	--a------	c:\windows\system32\dxtmsft3.dll
2009-02-27 16:15 . 1998-08-20 12:02	140,800	--a------	c:\windows\system32\tm20dec.ax
2009-02-27 16:15 . 1998-09-02 09:28	63,488	--a------	c:\windows\system32\unam4ie.exe
2009-02-27 16:15 . 1998-09-02 09:28	38,160	--a------	c:\windows\system32\LMRTREND.dll
2009-02-27 16:15 . 1998-08-17 10:21	11,776	--a------	c:\windows\system32\mciqtz.drv
2009-02-27 16:15 . 1998-08-17 10:21	10,240	--a------	c:\windows\system32\vidx16.dll
2009-02-27 16:15 . 1998-08-17 10:21	5,672	--a------	c:\windows\system32\quartz.vxd
2009-02-27 16:15 . 2009-02-27 16:15	4,608	--a------	c:\windows\system32\w95inf32.dll
2009-02-27 16:15 . 2009-02-27 16:15	2,272	--a------	c:\windows\system32\w95inf16.dll
2009-02-24 19:04 . 2008-09-15 16:27	1,846,656	-----c---	c:\windows\system32\dllcache\win32k.sys
2009-02-24 18:52 . 2008-08-14 14:26	2,190,464	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 18:52 . 2008-08-14 14:26	2,146,816	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 18:52 . 2008-08-14 14:26	2,067,328	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 18:52 . 2008-08-14 14:26	2,025,472	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 18:51 . 2008-12-12 18:03	3,088,896	-----c---	c:\windows\system32\dllcache\mshtml.dll
2009-02-24 18:49 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 18:49 . 2008-05-08 15:02	203,136	-----c---	c:\windows\system32\dllcache\rmcast.sys
2009-02-24 18:48 . 2008-12-11 11:57	333,952	-----c---	c:\windows\system32\dllcache\srv.sys
2009-02-24 18:48 . 2008-05-01 15:37	331,776	-----c---	c:\windows\system32\dllcache\msadce.dll
2009-02-24 18:42 . 2008-09-04 18:17	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2009-02-24 18:42 . 2008-10-15 17:36	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2009-02-24 18:39 . 2008-08-14 11:04	138,496	-----c---	c:\windows\system32\dllcache\afd.sys
2009-02-24 18:38 . 2009-03-01 16:17	<DIR>	d--h-----	c:\windows\$hf_mig$
2009-02-24 18:34 . 2009-02-24 18:34	<DIR>	d---s----	c:\documents and settings\Admin\UserData
2009-02-24 18:27 . 2009-02-24 18:27	23,600	--a------	c:\windows\system32\drivers\TVICHW32.SYS
2009-02-23 08:37 . 2009-02-23 08:37	<DIR>	d--h-----	c:\windows\PIF
2009-02-21 11:17 . 2004-08-18 10:34	442,368	-ra------	c:\windows\system32\vp6vfw.dll
2009-02-20 15:12 . 2009-02-20 15:15	<DIR>	d--------	c:\windows\ServicePackFiles
2009-02-20 15:12 . 2008-04-14 22:51	294,912	-----c---	c:\windows\system32\dllcache\dlimport.exe
2009-02-20 15:08 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]02693_.tmp
2009-02-20 15:07 . 2007-08-10 20:53	26,488	--a------	c:\windows\system32\spupdsvc.exe
2009-02-18 20:11 . 2009-03-01 08:11	<DIR>	d--------	c:\program files\Kaspersky Lab
2009-02-18 20:10 . 2009-02-28 17:47	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-02-18 12:10 . 2009-02-18 12:19	139,264	--a------	c:\windows\War3Unin.exe
2009-02-18 12:10 . 2009-02-18 12:20	58,115	--a------	c:\windows\War3Unin.dat
2009-02-18 12:10 . 2009-02-18 12:19	2,829	--a------	c:\windows\War3Unin.pif
2009-02-17 17:54 . 2009-02-17 17:54	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2009-02-17 17:54 . 2009-02-17 17:54	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-17 17:54 . 2009-02-17 17:54	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools
2009-02-17 17:53 . 2009-02-17 17:55	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Lite
2009-02-16 10:19 . 2009-02-28 15:18	49	--a------	c:\windows\NeroDigital.ini
2009-02-15 18:16 . 1997-06-13 06:46	298,496	--a------	c:\windows\uninst.exe
2009-02-15 18:15 . 2009-02-15 18:20	<DIR>	d--------	c:\program files\3DO
2009-02-15 18:14 . 1998-10-07 12:54	327,168	--a------	c:\windows\IsUn0415.exe
2009-02-15 17:44 . 2009-02-15 17:44	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-02-15 17:42 . 2009-02-17 17:54	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-02-15 17:42 . 2009-02-15 17:42	717,296	--a------	c:\windows\system32\drivers\sptd.sys
2009-02-15 17:26 . 2009-02-15 17:26	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\Ahead
2009-02-15 17:25 . 2009-02-15 17:25	<DIR>	d--------	c:\program files\Nero
2009-02-15 17:25 . 2009-02-15 17:25	<DIR>	d--------	c:\program files\Common Files\Ahead
2009-02-15 17:25 . 2004-07-26 16:16	1,568,768	--a------	c:\windows\system32\imagX7.dll
2009-02-15 17:25 . 2003-03-19 06:20	1,060,864	--a------	c:\windows\system32\mfc71.dll
2009-02-15 17:25 . 2003-03-18 20:12	1,047,552	--a------	c:\windows\system32\mfc71u.dll
2009-02-15 17:25 . 2003-03-18 22:14	499,712	--a------	c:\windows\system32\msvcp71.dll
2009-02-15 17:25 . 2004-07-26 16:16	476,320	--a------	c:\windows\system32\imagXpr7.dll
2009-02-15 17:25 . 2004-07-26 16:16	471,040	--a------	c:\windows\system32\imagXRA7.dll
2009-02-15 17:25 . 2004-07-09 08:43	364,544	--a------	c:\windows\system32\TwnLib4.dll
2009-02-15 17:25 . 2004-07-26 16:16	262,144	--a------	c:\windows\system32\imagXR7.dll
2009-02-15 16:36 . 2009-02-15 16:36	<DIR>	d--------	C:\Sterowniki do Płyty Gł. i Karty Dźwiękowej
2009-02-15 16:32 . 2009-02-28 12:08	<DIR>	d--h-----	c:\program files\InstallShield Installation Information
2009-02-15 16:31 . 2009-02-15 16:32	<DIR>	d--------	c:\program files\VIA
2009-02-15 16:31 . 2009-02-27 16:18	<DIR>	d--------	c:\program files\Common Files\InstallShield
2009-02-15 16:31 . 2007-04-11 15:35	331,184	---------	c:\windows\system32\difxapi.dll
2009-02-15 16:29 . 2002-07-30 16:42	306,688	--a------	c:\windows\IsUninst.exe
2009-02-15 16:29 . 2002-07-24 04:30	32,128	--a------	c:\windows\system32\drivers\VIAAGP1.SYS
2009-02-15 16:28 . 2009-02-15 16:28	<DIR>	d--------	c:\documents and settings\Admin\WINDOWS
2009-02-15 16:05 . 2009-02-15 16:05	<DIR>	d--------	c:\program files\WinPcap
2009-02-15 16:03 . 2009-02-15 16:14	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\iPlus
2009-02-15 15:51 . 2009-02-15 15:51	<DIR>	d--------	c:\program files\XP Codec Pack
2009-02-15 15:51 . 2008-07-09 10:05	421,888	--a------	c:\windows\system32\ac3filter.acm
2009-02-15 15:49 . 2009-02-15 15:49	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2009-02-15 15:48 . 2009-02-15 15:48	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-02-15 15:48 . 2008-09-19 22:57	3,596,288	--a------	c:\windows\system32\qt-dx331.dll
2009-02-15 15:48 . 2008-09-24 19:41	839,680	--a------	c:\windows\system32\lameACM.acm
2009-02-15 15:48 . 2008-01-10 13:15	755,027	--a------	c:\windows\system32\xvidcore.dll
2009-02-15 15:48 . 2008-10-28 23:35	684,032	--a------	c:\windows\system32\divx.dll
2009-02-15 15:48 . 2004-01-11 23:00	348,160	--a------	c:\windows\system32\msvcr71.dll
2009-02-15 15:48 . 2004-01-25 17:18	217,088	--a------	c:\windows\system32\yv12vfw.dll
2009-02-15 15:48 . 2007-09-04 17:56	164,352	--a------	c:\windows\system32\unrar.dll
2009-02-15 15:48 . 2008-01-10 13:16	159,839	--a------	c:\windows\system32\xvidvfw.dll
2009-02-15 15:48 . 2007-09-21 01:52	118,784	--a------	c:\windows\system32\ac3acm.acm
2009-02-15 15:48 . 2008-09-25 09:03	81,920	--a------	c:\windows\system32\dpl100.dll
2009-02-15 15:48 . 2008-10-03 13:30	414	--a------	c:\windows\system32\lame_acm.xml
2009-02-15 15:48 . 2008-07-30 20:09	38	--a------	c:\windows\avisplitter.ini
2009-02-15 15:32 . 2009-02-15 15:32	<DIR>	d--------	c:\program files\Lavalys
2009-02-15 15:28 . 2009-02-15 15:28	<DIR>	d--------	c:\program files\Winamp
2009-02-15 15:28 . 2009-02-15 15:28	<DIR>	d--------	c:\documents and settings\Admin\Dane aplikacji\Winamp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 08:36	---------	d-----w	c:\program files\microsoft frontpage
2009-02-15 08:33	---------	d-----w	c:\program files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Valve\\hl.exe"=

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86913200-fb69-11dd-8acf-0001292403ab}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde36270-fb6a-11dd-8ad0-0001292403ab}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
.
------- Skan uzupełniający -------
.
uStart Page = 
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5rhj3ldu.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 16:30:32
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
.
Czas ukończenia: 2009-03-01 16:32:03
ComboFix-quarantined-files.txt  2009-03-01 15:32:00

Przed: 14 218 338 304 bajtów wolnych
Po: 14,295,191,552 bajtów wolnych

167	--- E O F ---	2009-03-01 15:17:42