Anonim / 8 lat, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
ComboFix 09-03-23.01 - Pelulator 2009-03-25 17:05:43.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2559.2128 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pelulator\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Pelulator\Pulpit\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *disabled*
 * Utworzono nowy punkt przywracania

FILE ::
c:\windows\system32\drivers\ethvspss.sys
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ethvspss.sys

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_ethvspss
-------\Service_SetupNTGLM7X


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-25 do 2009-03-25  )))))))))))))))))))))))))))))))
.

2009-03-25 16:47 . 2009-03-25 16:47	<DIR>	d--------	c:\program files\Thomson
2009-03-24 22:22 . 2009-03-24 23:54	<DIR>	d--------	c:\documents and settings\Pelulator\DoctorWeb
2009-03-24 16:28 . 2009-03-24 16:28	526	--a------	c:\windows\recover.bat
2009-03-24 16:28 . 2009-03-24 16:28	320	--a------	c:\windows\backup.bat
2009-03-24 15:30 . 2009-03-24 15:30	<DIR>	d--------	c:\program files\CCleaner
2009-03-23 15:36 . 2009-03-23 15:39	0	--a------	c:\windows\Infob.dat
2009-03-23 15:36 . 2009-03-23 15:39	0	--a------	c:\windows\Infoa.dat
2009-03-20 23:25 . 2009-03-20 23:25	41,808	--a------	c:\windows\system32\xfcodec.dll
2009-03-07 22:18 . 2009-03-07 22:18	19,944	--a------	c:\documents and settings\Pelulator\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-07 14:37 . 2000-03-03 04:16	7,424	-ra------	c:\windows\system32\drivers\MMIOPORT.SYS
2009-03-06 11:34 . 2009-03-06 11:34	<DIR>	d--------	c:\windows\Sun
2009-02-25 14:20 . 2003-09-24 09:43	626,960	-ra------	c:\windows\system32\hpvaut32.dll
2009-02-25 14:20 . 2003-09-24 09:43	487,424	-ra------	c:\windows\system32\hpvcp70.dll
2009-02-25 14:20 . 2003-09-24 09:43	344,064	-ra------	c:\windows\system32\hpvcr70.dll
2009-02-25 14:20 . 2003-09-24 09:44	44,544	-ra------	c:\windows\system32\MSXML4a.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 16:08	---------	d-----w	c:\documents and settings\Pelulator\Dane aplikacji\skypePM
2009-03-25 16:08	---------	d-----w	c:\documents and settings\Pelulator\Dane aplikacji\Skype
2009-03-25 15:51	---------	d-----w	c:\program files\Neostrada TP
2009-03-25 15:47	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-24 22:54	---------	d-----w	c:\program files\lostingamma
2009-03-24 19:43	---------	d-----w	c:\documents and settings\Pelulator\Dane aplikacji\Xfire
2009-03-07 12:36	---------	d-----w	c:\program files\microsoft frontpage
2009-02-24 18:39	82,380	----a-w	c:\windows\system32\drivers\AFS2K.SYS
2009-02-24 18:39	---------	d-----w	c:\program files\Hewlett-Packard
2009-02-24 18:37	---------	d-----w	c:\program files\HP
2009-02-23 15:12	---------	d-----w	c:\documents and settings\Pelulator\Dane aplikacji\Apple Computer
2009-02-21 17:57	---------	d-----w	c:\documents and settings\Pelulator\Dane aplikacji\Mount&Blade
2009-02-14 18:32	---------	d-----w	c:\program files\Apple Software Update
2009-02-14 18:32	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-02-14 18:32	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Apple
2009-02-12 19:09	159,650	----a-w	c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-02-12 09:03	---------	d-----w	c:\program files\Reference Assemblies
2009-02-12 09:03	---------	d-----w	c:\program files\MSBuild
2009-02-12 09:01	---------	d-----w	c:\program files\MSXML 6.0
2009-02-11 20:59	---------	d-----w	c:\program files\Common Files\Macromedia
2009-02-11 20:59	---------	d-----w	c:\program files\Common Files\InstallShield
2009-02-11 20:48	---------	d-----w	c:\program files\Common Files\Adobe
2009-02-11 20:46	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-02-11 20:45	---------	d-----w	c:\program files\Common Files\Adobe Systems Shared
2009-02-07 22:11	410,984	----a-w	c:\windows\system32\deploytk.dll
2009-02-07 22:11	---------	d-----w	c:\program files\Java
2009-02-06 16:21	---------	d-----w	c:\program files\GoldEsel
2009-02-06 16:18	---------	d-----w	c:\program files\Common Files\Ahead
2009-02-06 16:18	---------	d-----w	c:\program files\Ahead
2009-01-26 13:46	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-01-26 13:46	---------	d-----w	c:\program files\AGEIA Technologies
2009-01-17 15:38	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Pelulator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=
"d:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17034:TCP"= 17034:TCP:BitComet 17034 TCP
"17034:UDP"= 17034:UDP:BitComet 17034 UDP

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2009-01-16 210304]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-06-10 468224]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-01-16 28672]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-03-02 3584]
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {658C7484-0D46-42A0-965E-30C875DF0F0F} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\Pelulator\Dane aplikacji\Mozilla\Firefox\Profiles\3vm2umoa.default\
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: e:\program files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\Real Alternative\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 17:08:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-25 17:09:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-03-25 16:09:27
ComboFix2.txt  2009-03-24 21:14:46

Przed: 8 065 789 952 bajtów wolnych
Po: 8,002,277,376 bajtów wolnych

179