rafał / 8 lat, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
ComboFix 09-04-21.A0 - Rafał 2009-04-21  8:42.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1022.622 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Rafał\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090420-0] *On-access scanning disabled* (Updated)
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-03-21 do 2009-04-21  )))))))))))))))))))))))))))))))
.

2009-04-21 05:53 . 2009-04-21 05:53	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\Malwarebytes
2009-04-21 05:53 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-21 05:53 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 05:53 . 2009-04-21 05:53	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-20 16:41 . 2009-04-20 16:41	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\OpenFM
2009-04-07 10:34 . 2009-04-07 10:34	--------	d-----w	c:\windows\system32\?z??????????
2009-04-07 07:15 . 2009-04-07 11:17	4	----a-w	c:\windows\vx86036.dat
2009-04-07 07:15 . 2009-04-07 11:17	2240	----a-w	c:\windows\system32\esnecil.ind
2009-04-07 07:15 . 2009-04-07 07:19	2240	----a-w	c:\windows\system32\esnecil.nlp
2009-03-30 07:58 . 2009-03-30 07:58	732766	----a-w	c:\documents and settings\Rafa˙ n.e.-1941.Civ4SavedGame

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 05:53 . 2009-04-21 05:53	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-20 16:36 . 2009-02-16 20:59	--------	d-----w	c:\program files\Nowe Gadu-Gadu
2009-04-20 15:53 . 2009-02-17 13:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-04-12 10:17 . 2009-03-06 17:12	1378	----a-w	C:\m.txt
2009-04-07 07:15 . 2009-04-07 07:15	167	----a-w	C:\CKINFO.TXT
2009-03-30 10:39 . 2009-02-17 08:56	--------	d-----w	c:\program files\Mozilla Thunderbird
2009-03-29 02:36 . 2009-02-16 21:01	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\Nowe Gadu-Gadu
2009-03-28 13:27 . 2009-02-16 19:25	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\Ahead
2009-03-25 07:48 . 2009-02-17 17:39	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\Smart PC Solutions
2009-03-25 07:48 . 2009-03-25 07:48	--------	d-----w	c:\program files\Smart PC Solutions
2009-03-16 15:44 . 2009-02-16 16:47	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-13 21:23 . 2009-03-13 21:23	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\2DBoy
2009-03-11 13:30 . 2009-02-21 13:14	--------	d-----w	c:\program files\Matroska Pack
2009-03-11 13:05 . 2009-03-11 13:04	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\vlc
2009-03-11 13:01 . 2009-03-11 13:01	--------	d-----w	c:\program files\VideoLAN
2009-03-11 10:10 . 2009-03-11 10:09	--------	d-----w	c:\program files\AGEIA Technologies
2009-03-11 10:09 . 2009-03-11 10:09	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-03-11 08:53 . 2009-03-11 08:53	--------	d-----w	c:\program files\Futuremark
2009-03-11 08:53 . 2009-02-16 12:00	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-11 08:03 . 2009-02-16 20:06	--------	d-----w	c:\program files\a-squared Free
2009-03-11 08:01 . 2009-03-11 07:55	--------	d-----w	c:\program files\The KMPlayer
2009-03-07 09:46 . 2009-02-21 12:45	--------	d-----w	c:\program files\Combined Community Codec Pack
2009-03-07 09:42 . 2009-03-07 09:42	--------	d-----w	c:\program files\MKVtoolnix
2009-03-06 19:03 . 2009-03-06 19:02	--------	d-----w	c:\program files\XP Codec Pack
2009-03-06 17:14 . 2009-03-06 17:14	--------	d-----w	c:\program files\Satsuki Decoder Pack
2009-03-06 17:12 . 2009-03-06 17:01	--------	d-----w	c:\program files\Dziobas Rar Player
2009-03-01 17:33 . 2009-02-16 13:28	69120	----a-w	c:\documents and settings\Rafał\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-26 21:36 . 2009-02-26 21:36	107888	----a-w	c:\windows\system32\CmdLineExt.dll
2009-02-25 18:35 . 2009-02-16 16:47	--------	d-----w	c:\program files\Common Files\PC Tools
2009-02-25 17:06 . 2009-02-16 22:25	--------	d-----w	c:\program files\SubEdit-Player
2009-02-25 10:54 . 2001-10-26 19:15	89562	----a-w	c:\windows\system32\perfc015.dat
2009-02-25 10:54 . 2001-10-26 19:15	500616	----a-w	c:\windows\system32\perfh015.dat
2009-02-25 07:04 . 2009-02-25 07:04	--------	d-----w	c:\program files\Firaxis Games
2009-02-24 19:45 . 2009-02-23 08:24	--------	d-----w	c:\program files\LD-Anime
2009-02-24 19:18 . 2009-02-24 19:18	130	----a-w	c:\documents and settings\Rafał\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-02-24 17:40 . 2009-02-24 17:40	--------	d-----w	c:\program files\2K Games
2009-02-24 17:36 . 2009-02-24 17:36	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\InstallShield
2009-02-21 15:56 . 2009-02-21 15:56	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\Apple Computer
2009-02-21 15:53 . 2009-02-21 15:53	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-02-21 15:53 . 2009-02-21 15:53	--------	d-----w	c:\program files\Apple Software Update
2009-02-21 15:53 . 2009-02-21 15:53	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Apple
2009-02-21 14:48 . 2009-02-21 14:48	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\LEGO Company
2009-02-21 14:37 . 2009-02-17 13:32	--------	d-----w	c:\documents and settings\Rafał\Dane aplikacji\PDF reDirect
2009-02-21 14:33 . 2009-02-21 14:33	--------	d-----w	c:\program files\Common Files\Adobe
2009-02-21 09:23 . 2009-02-21 09:23	191488	----a-w	c:\windows\system32\hlvdd.dll
2009-02-20 19:31 . 2009-02-18 19:50	--------	d-----w	c:\program files\NAPI-PROJEKT
2009-02-20 11:34 . 2009-02-20 11:21	--------	d--h--w	c:\program files\Zero G Registry
2009-02-20 11:34 . 2009-02-20 11:34	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\WorkshopData
2009-02-17 16:19 . 2009-02-16 11:07	86327	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-17 15:49 . 2004-08-03 23:59	251152	--sha-r	C:\ntldr
2009-02-17 10:52 . 2009-02-17 10:52	158528	----a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-02-16 22:07 . 2009-02-16 22:07	2311	----a-w	c:\documents and settings\All Users\Dane aplikacji\xml29.tmp
2009-02-16 22:07 . 2009-02-16 22:07	13381	----a-w	c:\documents and settings\All Users\Dane aplikacji\xml28.tmp
2009-02-16 22:07 . 2009-02-16 22:07	9017	----a-w	c:\documents and settings\All Users\Dane aplikacji\xml27.tmp
2009-02-16 11:04 . 2009-02-16 11:04	21856	----a-w	c:\windows\system32\emptyregdb.dat
2009-02-04 04:45 . 2009-03-11 10:06	453152	----a-w	c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ashampoo FireWall"="d:\ashampoo firewall\FireWall.exe" [2007-04-05 3251800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Ares\\Ares.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 gupdate1c99104ae805534;Usługa Google Update (gupdate1c99104ae805534);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
R3 gwiopm;gwiopm; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-07-19 180480]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9afc990-fc4f-11dd-8dc1-0090f56046d5}]
\Shell\AutoRun\command - 2u.com
\Shell\explore\Command - 2u.com
\Shell\open\Command - 2u.com
.
Zawartość folderu 'Zaplanowane zadania'

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-17 13:35]

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 13:35]
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\ashampoo firewall\spi.dll
FF - ProfilePath - c:\documents and settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\1xzkeae9.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\q t\Plugins\npqtplugin.dll
FF - plugin: d:\q t\Plugins\npqtplugin2.dll
FF - plugin: d:\q t\Plugins\npqtplugin3.dll
FF - plugin: d:\q t\Plugins\npqtplugin4.dll
FF - plugin: d:\q t\Plugins\npqtplugin5.dll
FF - plugin: d:\q t\Plugins\npqtplugin6.dll
FF - plugin: d:\q t\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 08:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\RAFA~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(912)
d:\ashampoo firewall\spi.dll
.
Czas ukończenia: 2009-04-21  8:50
ComboFix-quarantined-files.txt  2009-04-21 06:50

Przed: 9 679 421 440 bajtów wolnych
Po: 10 430 967 808 bajtów wolnych

167	--- E O F ---	2009-03-01 07:25