combo / 8 lat, 6 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
ComboFix 09-03-27.02 - Wojtek 2009-03-28 19:41:46.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.1014.726 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Wojtek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-28 do 2009-03-28  )))))))))))))))))))))))))))))))
.

2009-03-28 19:39 . 2009-03-28 19:39	<DIR>	d--------	c:\program files\Trend Micro
2009-03-28 17:57 . 2009-03-28 18:08	<DIR>	d--------	c:\program files\SkanerOnline
2009-03-26 00:07 . 2009-03-26 00:07	26	--a------	c:\windows\HIZKOM_CALC_G9.dat
2009-03-22 21:43 . 2009-03-22 21:43	<DIR>	d--------	c:\documents and settings\Wojtek\Application Data\Uniblue
2009-03-22 20:36 . 2008-04-14 00:10	149,376	--a------	c:\windows\system32\drivers\tffsport.sys
2009-03-22 20:36 . 2008-04-14 00:10	149,376	--a--c---	c:\windows\system32\dllcache\tffsport.sys
2009-03-22 11:20 . 2009-03-22 11:20	26	--a------	c:\windows\ALHWnInd_I6.dat
2009-03-20 11:49 . 2009-03-26 15:12	<DIR>	d--------	c:\documents and settings\Wojtek\Application Data\PegazNET
2009-03-20 11:43 . 2009-03-25 23:00	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PegazNET
2009-03-20 11:37 . 2009-03-20 11:37	<DIR>	d--------	c:\program files\MSXML 6.0
2009-03-20 11:36 . 2009-03-20 11:41	<DIR>	d--------	c:\program files\Microsoft SQL Server
2009-03-20 11:33 . 2009-03-20 11:43	<DIR>	d--------	c:\program files\Atena
2009-03-06 13:29 . 2009-03-08 21:11	<DIR>	d--------	c:\documents and settings\Wojtek\Application Data\Nowe Gadu-Gadu
2009-03-06 13:28 . 2009-03-06 13:29	<DIR>	d--------	c:\program files\Nowe Gadu-Gadu
2009-03-03 21:01 . 2009-03-03 21:01	<DIR>	d--------	C:\Kpcms
2009-03-03 21:01 . 1998-09-14 23:41	285,216	--a------	c:\windows\system32\drivers\Onsio.sys
2009-03-03 21:01 . 2001-11-09 23:37	15,389	--a------	c:\windows\system32\Msmusd5.dll
2009-03-03 21:01 . 2001-06-21 06:44	13,962	--a------	c:\windows\system32\Msmusd6.dll
2009-03-03 21:01 . 2002-02-07 01:37	11,437	--a------	c:\windows\system32\Msmusd7.dll
2009-03-03 21:01 . 1997-02-15 04:10	7,680	--a------	c:\windows\system32\drivers\Onsreged.sys
2009-03-02 09:45 . 2009-03-02 09:45	<DIR>	d--------	c:\program files\Concordia

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 18:44	---------	d-----w	c:\documents and settings\Wojtek\Application Data\Skype
2009-03-28 16:27	---------	d-----w	c:\documents and settings\Wojtek\Application Data\skypePM
2009-03-27 21:23	---------	d-----w	c:\documents and settings\All Users\Application Data\Google Updater
2009-03-24 20:36	---------	d-----w	c:\documents and settings\Wojtek\Application Data\Tlen.pl
2009-03-20 10:39	---------	d-----w	c:\program files\Microsoft.NET
2009-03-03 20:01	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-02-23 18:45	---------	d-----w	c:\program files\Common Files\Skype
2009-02-23 18:45	---------	d-----w	c:\documents and settings\All Users\Application Data\Skype
2009-02-23 18:45	---------	d-----r	c:\program files\Skype
2009-02-14 15:27	---------	d-----w	c:\program files\Toshiba
2009-02-12 18:30	---------	d-----w	c:\program files\Google
2009-02-03 23:01	---------	d-----w	c:\program files\Common Files\Adobe AIR
2009-02-03 23:01	---------	d-----w	c:\program files\Adobe Media Player
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2009-03-03 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2009-03-22 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-25 20560]
R2 MSSQL$PEGAZ_NET;SQL Server (PEGAZ_NET);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 gupdate1c98bad26b43b5e;Google Update Service (gupdate1c98bad26b43b5e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9473cee3-ea81-11dd-8239-0012f0c00e2f}]
\Shell\AutoRun\command - explorer.exe start.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7eac365-ea69-11dd-8235-a88648fa99f8}]
\Shell\AutoRun\command - xrdygg.bat
\Shell\explore\Command - xrdygg.bat
\Shell\open\Command - xrdygg.bat
.
Zawartość folderu 'Zaplanowane zadania'

2009-03-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 16:18]

2009-03-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:26]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Prec - d:\program files\Prec\PrecStarter.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Wojtek\Application Data\Mozilla\Firefox\Profiles\rqpih28a.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 19:45:34
Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-28 19:47:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-03-28 18:47:03

Przed: 17 720 336 384 bytes free
Po: 17,849,208,832 bytes free

152	--- E O F ---	2009-03-11 13:10:42