cptiev / 8 lat, 8 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
ComboFix 09-05-08.03 - Admin 2009-05-09 11:49.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1535.967 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated)
FW: Zapora osobista *enabled*
 * Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Legacy_SJYPKT
-------\Service_cpuz130
-------\Service_SjyPkt


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-09 do 2009-05-09  )))))))))))))))))))))))))))))))
.

2009-05-06 17:42 . 2009-05-06 17:42	--------	d-----w	c:\documents and settings\Admin\DoctorWeb
2009-05-04 15:23 . 2008-09-17 13:14	27672	----a-r	c:\windows\system32\drivers\Entech.sys
2009-05-04 15:23 . 2009-05-04 15:23	--------	d-----w	c:\windows\system32\Futuremark
2009-05-04 15:23 . 2009-05-04 15:23	--------	d-----w	c:\program files\Common Files\Futuremark Shared
2009-05-03 14:48 . 2009-05-03 14:48	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-05-03 13:02 . 2009-05-03 13:02	--------	d-----w	C:\Temp
2009-05-03 13:01 . 2009-05-03 13:01	--------	d-----w	c:\program files\QuickTime
2009-05-03 12:43 . 2009-05-03 12:43	--------	d-----w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\WinAVI
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	C:\audiences
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	C:\codecs
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	C:\common
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	C:\plugins
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	C:\tools
2009-05-03 12:42 . 2009-05-03 12:42	--------	d-----w	c:\windows\WinAVI Video Converter 9.0
2009-05-02 16:04 . 2009-05-02 16:04	--------	d-----w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\ESET
2009-05-02 16:00 . 2009-05-02 16:00	--------	d-----w	c:\program files\DAEMON Tools Toolbar
2009-05-02 15:47 . 2009-05-02 15:47	2273	----a-w	c:\windows\system32\sdbackup.reg
2009-05-02 12:11 . 2009-05-02 12:11	--------	d-----w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\THQ
2009-05-02 12:11 . 2008-10-30 09:57	3851784	----a-w	c:\windows\system32\d3dx9_39.dll
2009-05-02 12:09 . 2009-01-13 02:25	25608	----a-w	c:\windows\system32\X3DAudio1_4.dll
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\PKUNZIP.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\PKZIP.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\RAR.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\UC.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\ARJ.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\LHA.PIF
2009-05-02 10:00 . 2009-04-30 05:50	545	----a-w	c:\windows\NOCLOSE.PIF
2009-05-02 10:00 . 2009-05-02 11:28	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\GHISLER
2009-05-01 16:39 . 2001-10-26 14:57	12160	----a-w	c:\windows\system32\drivers\mouhid.sys
2009-04-19 17:17 . 2009-04-19 17:17	--------	d-----w	c:\program files\Common Files\Skype
2009-04-19 17:09 . 2009-04-19 17:09	--------	d-----w	c:\windows\system32\Adobe
2009-04-19 16:25 . 2009-04-19 16:25	--------	d-sh--w	c:\documents and settings\Admin\PrivacIE
2009-04-19 14:59 . 2009-04-19 14:59	--------	d-sh--w	c:\documents and settings\Admin\IETldCache
2009-04-19 14:26 . 2009-04-19 14:26	--------	d--h--w	c:\windows\msdownld.tmp
2009-04-19 14:26 . 2009-04-19 14:26	--------	d-----w	c:\windows\ie8updates
2009-04-19 14:22 . 2009-04-19 14:24	--------	dc-h--w	c:\windows\ie8
2009-04-19 14:19 . 2009-02-28 04:55	105984	-c----w	c:\windows\system32\dllcache\iecompat.dll
2009-04-15 09:34 . 2009-04-15 09:34	--------	d-----w	c:\program files\Veoh Networks

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 15:23 . 2009-01-28 16:44	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-05-02 15:57 . 2009-02-07 09:26	721904	----a-w	c:\windows\system32\drivers\sptd.sys
2009-05-02 09:59 . 2009-01-28 17:03	--------	d-----w	c:\program files\Java
2009-05-02 09:57 . 2009-01-29 17:36	--------	d-----w	c:\program files\Canon
2009-04-19 17:17 . 2009-01-28 17:14	--------	d-----r	c:\program files\Skype
2009-04-19 17:15 . 2009-01-28 17:11	--------	d-----w	c:\program files\NAPI-PROJEKT
2009-04-18 07:45 . 2006-03-02 12:00	85244	----a-w	c:\windows\system32\perfc015.dat
2009-04-18 07:45 . 2006-03-02 12:00	494156	----a-w	c:\windows\system32\perfh015.dat
2009-04-16 06:10 . 2009-02-07 10:02	--------	d-----w	c:\program files\Nowe Gadu-Gadu
2009-04-14 12:43 . 2009-02-15 10:20	138184	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2009-04-14 12:43 . 2009-02-15 10:20	183112	----a-w	c:\windows\system32\PnkBstrB.exe
2009-04-05 14:07 . 2009-04-05 14:07	--------	d-----w	c:\program files\Common Files\xing shared
2009-04-05 14:07 . 2009-04-05 14:07	--------	d-----w	c:\program files\Common Files\Real
2009-04-05 14:07 . 2009-01-28 16:55	499712	----a-w	c:\windows\system32\msvcp71.dll
2009-04-05 14:07 . 2009-04-05 14:07	--------	d-----w	c:\program files\Real
2009-03-27 06:14 . 2009-01-28 16:40	453152	----a-w	c:\windows\system32\NVUNINST.EXE
2009-03-26 16:17 . 2009-01-28 17:45	73672	----a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-25 20:23 . 2009-03-25 20:23	--------	d-----w	c:\program files\Microsoft Works
2009-03-25 20:18 . 2009-03-25 20:18	--------	d-----w	c:\program files\Microsoft.NET
2009-03-25 20:16 . 2009-03-25 20:16	--------	d-----w	c:\program files\Microsoft Visual Studio 8
2009-03-24 07:19 . 2009-03-23 18:17	--------	d-----w	c:\program files\OpenOffice.org 2.4
2009-03-16 12:36 . 2009-03-16 12:36	1691464	----a-w	c:\windows\system32\dsetup32.dll
2009-03-16 12:35 . 2009-03-16 12:35	525128	----a-w	c:\windows\system32\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35	94024	----a-w	c:\windows\system32\DSETUP.dll
2009-03-15 16:51 . 2009-03-15 16:51	--------	d-----w	c:\program files\USB Vibration
2009-03-09 20:01 . 2009-03-09 17:20	169207	-c--a-w	c:\windows\hpoins27.dat
2009-03-09 03:19 . 2009-02-07 09:43	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2006-03-02 12:00	914944	----a-w	c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2006-03-02 12:00	43008	----a-w	c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2006-03-02 12:00	18944	----a-w	c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2006-03-02 12:00	420352	----a-w	c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2006-03-02 12:00	72704	----a-w	c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2006-03-02 12:00	71680	----a-w	c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2006-03-02 12:00	34816	----a-w	c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2006-03-02 12:00	48128	----a-w	c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2006-03-02 12:00	45568	----a-w	c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2006-03-02 12:00	156160	----a-w	c:\windows\system32\msls31.dll
2009-03-06 14:47 . 2006-03-02 12:00	285184	----a-w	c:\windows\system32\pdh.dll
2009-02-15 10:20 . 2009-02-15 10:20	66872	----a-w	c:\windows\system32\PnkBstrA.exe
2009-02-11 20:27 . 2005-01-24 09:30	139264	----a-w	c:\windows\system32\hpzjrd01.dll
2009-02-09 14:19 . 2006-03-02 12:00	1846528	----a-w	c:\windows\system32\win32k.sys
2009-02-09 11:52 . 2004-08-04 00:39	2017280	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:52 . 2006-03-02 12:00	2137600	----a-w	c:\windows\system32\ntoskrnl.exe
2009-02-09 10:22 . 2006-03-02 12:00	725504	----a-w	c:\windows\system32\lsasrv.dll
2009-02-09 10:22 . 2006-03-02 12:00	686080	----a-w	c:\windows\system32\advapi32.dll
2009-02-09 10:22 . 2006-03-02 12:00	399360	----a-w	c:\windows\system32\rpcss.dll
2009-02-09 10:22 . 2006-03-02 12:00	722944	----a-w	c:\windows\system32\ntdll.dll
2009-02-09 10:10 . 2006-03-02 12:00	111104	----a-w	c:\windows\system32\services.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
802.11g Wireless LAN PCI Card Utility.lnk - c:\program files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2009-3-9 5856256]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20270:TCP"= 20270:TCP:BitComet 20270 TCP
"20270:UDP"= 20270:UDP:BitComet 20270 UDP

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-01-28 11264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {02C9D0AA-CADE-47F1-853A-0F7407D36596} = 192.0.6.1
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\w5pemn02.default\
FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\w5pemn02.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 11:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3360)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-09 11:56 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-09 09:56

Przed: 1 213 792 256 bajtów wolnych
Po: 1 135 763 456 bajtów wolnych

206	--- E O F ---	2009-04-29 16:00