dudus1989 / 8 lat, 11 miesięcy temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
ComboFix 09-04-21.A8 - Administrator 2009-04-21 18:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2634 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning enabled* (Updated)
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((  Usunięto  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\ej10fkdo.bat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\ej10fkdo.bat
E:\Autorun.inf
E:\ej10fkdo.bat

.
(((((((((((((((((((((((((  Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 15:58 . 2009-04-21 16:27	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BitTorrent
2009-04-21 15:46 . 2009-04-21 15:46	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe
2009-04-21 15:06 . 2009-04-21 16:29	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\DNA
2009-04-21 15:06 . 2009-04-21 15:06	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\DNA
2009-04-21 10:33 . 2007-07-19 16:14	3727720	----a-w	c:\windows\system32\d3dx9_35.dll
2009-04-21 10:33 . 2007-04-04 16:53	81768	----a-w	c:\windows\system32\xinput1_3.dll
2009-04-21 10:24 . 2009-04-21 10:24	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-04-21 10:12 . 2009-04-21 10:12	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Pro
2009-04-21 10:12 . 2009-04-21 10:12	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools
2009-04-21 10:11 . 2009-04-21 10:11	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-04-21 10:09 . 2009-04-21 10:09	717296	----a-w	c:\windows\system32\drivers\sptd.sys
2009-04-21 10:09 . 2009-04-21 10:24	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Lite

.
((((((((((((((((((((((((((((((((((((((((  Sekcja Find3M  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 16:29 . 2009-04-21 15:06	--------	d-----w	c:\program files\DNA
2009-04-21 15:45 . 2009-04-21 15:45	--------	d-----w	c:\program files\Common Files\Adobe
2009-04-21 15:06 . 2009-04-21 15:06	--------	d-----w	c:\program files\BitTorrent
2009-04-21 10:34 . 2009-04-21 10:34	--------	d-----w	c:\program files\Aspyr
2009-04-21 10:11 . 2009-04-21 10:11	--------	d-----w	c:\program files\DAEMON Tools Lite
2009-04-21 09:48 . 2009-04-21 09:48	23600	----a-w	c:\windows\system32\drivers\TVICHW32.SYS
2009-04-21 09:44 . 2009-04-21 08:59	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-04-21 09:43 . 2009-04-21 08:59	--------	d-----w	c:\program files\AGEIA Technologies
2009-04-21 09:42 . 2009-04-21 09:42	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu
2009-04-21 09:38 . 2009-04-21 09:38	--------	d-----w	c:\program files\Alwil Software
2009-04-21 09:29 . 2009-04-21 09:29	410984	----a-w	c:\windows\system32\deploytk.dll
2009-04-21 09:29 . 2009-04-21 09:29	--------	d-----w	c:\program files\Java
2009-04-21 09:26 . 2009-04-21 09:26	--------	d-----w	c:\program files\Gadu-Gadu
2009-04-21 09:19 . 2009-04-21 07:49	--------	d-----w	c:\program files\Realtek
2009-04-21 09:19 . 2009-04-21 07:49	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-04-21 09:18 . 2009-04-21 07:48	--------	d-----w	c:\program files\Common Files\InstallShield
2009-04-21 08:15 . 2009-04-21 08:15	13104	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-21 08:07 . 2009-04-21 08:07	21035	----a-w	c:\windows\system32\drivers\AegisP.sys
2009-04-21 08:04 . 2002-12-31 12:00	49712	----a-w	c:\windows\system32\perfc015.dat
2009-04-21 08:04 . 2002-12-31 12:00	355830	----a-w	c:\windows\system32\perfh015.dat
2009-04-21 07:59 . 2009-04-21 07:38	86327	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-27 08:03 . 2009-03-27 08:03	9596928	----a-w	c:\windows\system32\nvoglnt.dll
2009-03-27 06:14 . 2009-04-21 09:43	453152	----a-w	c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((((((  Wpisy startowe rejestru  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-04-17 2113536]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-21 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2009-4-21 843776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Download\\BitTorrent.exe"=

R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]

.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kz00zcys.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 18:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-04-21 18:34
ComboFix-quarantined-files.txt 2009-04-21 16:34

Przed: 78 556 614 656 bajtów wolnych
Po: 78 579 916 800 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

131