Re: Brak możliwości

Fri, 15 May 2009 16:45:33 +0000 (UTC), w <guk67d$6nt$1@inews.gazeta.pl>,
"alburnus" <korlinski@WYTNIJ.gazeta.pl> napisał(-a):

> > Przypl=B1ta=B3 si=EA jaki=B6 =B6mie=E6, kt=F3ry zosta=B3 skutecznie =
> > usuni=EAty.
>
> Oj, nie został...

Myślisz? Niby Combofix nic nie wykrył, ale zaczęło działać :)

Załączam log:

> ((((((((((((((((((((((((( Pliki utworzone od 2009-04-15 do 2009-05-15 )))))))))))))))))))))))))))))))
> .
>
> 2009-05-15 16:22 . 2009-05-15 16:22 -------- d-sh--w c:\documents and settings\User\IECompatCache
> 2009-05-15 16:22 . 2009-05-15 16:22 -------- d-sh--w c:\documents and settings\User\PrivacIE
> 2009-05-15 16:22 . 2009-05-15 16:22 -------- d-----w c:\documents and settings\User\Dane aplikacji\Windows Search
> 2009-05-15 16:19 . 2009-05-15 16:19 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
> 2009-05-15 16:19 . 2009-05-15 16:19 -------- d-sh--w c:\documents and settings\User\IETldCache
> 2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\windows\ie8updates
> 2009-05-15 15:41 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
> 2009-05-15 15:35 . 2009-05-15 15:38 -------- dc-h--w c:\windows\ie8
> 2009-05-15 15:14 . 2009-05-15 15:14 -------- d-----w c:\documents and settings\User\Tracing
> 2009-05-15 14:51 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
> 2009-05-15 14:50 . 2009-05-15 14:50 -------- d-----w c:\program files\Microsoft Sync Framework
> 2009-05-15 14:46 . 2009-05-15 14:46 -------- d-----w c:\program files\Microsoft
> 2009-05-15 14:46 . 2009-05-15 14:46 -------- d-----w c:\program files\Windows Live SkyDrive
> 2009-05-15 14:30 . 2009-05-15 14:30 -------- d-----w c:\program files\Common Files\Windows Live
> 2009-05-15 14:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
> 2009-05-15 14:26 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll
> 2009-05-15 14:26 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
> 2009-05-15 14:26 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
> 2009-05-15 14:26 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
> 2009-05-15 14:26 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll
> 2009-05-15 14:26 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll
> 2009-05-15 14:26 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
> 2009-05-15 14:26 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll
> 2009-05-15 14:25 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe
>
> .
> (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
> .
> 2009-05-15 16:23 . 2004-08-04 12:00 522514 ----a-w c:\windows\system32\perfh015.dat
> 2009-05-15 16:23 . 2004-08-04 12:00 97908 ----a-w c:\windows\system32\perfc015.dat
> 2009-05-15 16:08 . 2008-08-07 18:12 -------- d-----w c:\program files\Common Files\Adobe
> 2009-05-15 15:12 . 2007-12-20 19:52 19448 ----a-w c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
> 2009-05-15 14:51 . 2008-02-22 14:54 -------- d-----w c:\program files\Windows Live
> 2009-03-26 11:35 . 2008-02-22 16:03 -------- d-----w c:\program files\Microsoft Silverlight
> 2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
> 2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
> 2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
> 2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
> 2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
> 2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
> 2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
> 2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
> 2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
> 2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
> 2009-03-06 14:22 . 2004-08-04 12:00 285696 ----a-w c:\windows\system32\pdh.dll
> .
>
> ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
> .
> .
> *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
> REGEDIT4
>
> [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
> "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
> "Dzieńdobry!"="c:\program files\VSD Software\Dzieńdobry!\dziendobry.exe" [2006-09-24 330752]
> "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
> "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
> "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
> "NSP"="c:\windows\system32\NSP.exe" [2004-01-08 20480]
> "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
> "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
> "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]
>
> c:\documents and settings\All Users\Menu Start\Programy\Autostart\
> Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
>
> [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
> "NoViewOnDrive"= 0 (0x0)
>
> [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
> "NoViewOnDrive"= 0 (0x0)
>
> [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
> "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
>
> [HKEY_LOCAL_MACHINE\software\microsoft\security center]
> "AntiVirusOverride"=dword:00000001
> "FirewallOverride"=dword:00000001
>
> [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
> "EnableFirewall"= 0 (0x0)
>
> [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
> "%windir%\\system32\\sessmgr.exe"=
> "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
> "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
> "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
>
> R0 SentryCard;SentryCard;c:\windows\system32\drivers\Xsbide.sys [2007-12-21 14464]
> R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-05-15 55152]
> R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
> S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
> S3 OPHB DCS Loader;OPHB DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHBLDCS.EXE [2004-11-08 24576]
>
> [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
> "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
> .
> Zawartość folderu 'Zaplanowane zadania'
>
> 2009-05-15 c:\windows\Tasks\User_Feed_Synchronization-{E42E9AFF-EDCE-47F0-A1F8-B2A0E057D236}.job
> - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
> .
> - - - - USUNIĘTO PUSTE WPISY - - - -
>
> HKLM-Run-Cmaudio - cmicnfg.cpl
>
>
> .
> ------- Skan uzupełniający -------
> .
> FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\pkhaxdxt.default\
> FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
> .
>
> **************************************************************************
>
> catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
> Rootkit scan 2009-05-15 19:57
> Windows 5.1.2600 Dodatek Service Pack 3 NTFS
>
> skanowanie ukrytych procesów ...
>
> skanowanie ukrytych wpisów autostartu ...
>
> skanowanie ukrytych plików ...
>
> skanowanie pomyślnie ukończone
> ukryte pliki: 0
>
> **************************************************************************
> .
> --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
>
> - - - - - - - > 'explorer.exe'(3232)
> c:\program files\Windows Desktop Search\deskbar.dll
> c:\program files\Windows Desktop Search\pl-pl\dbres.dll.mui
> c:\program files\Windows Desktop Search\dbres.dll
> c:\program files\Windows Desktop Search\wordwheel.dll
> c:\program files\Windows Desktop Search\pl-pl\msnlExtRes.dll.mui
> c:\program files\Windows Desktop Search\msnlExtRes.dll
> c:\windows\system32\ieframe.dll
> c:\windows\system32\webcheck.dll
> c:\windows\system32\WPDShServiceObj.dll
> c:\windows\system32\PortableDeviceTypes.dll
> c:\windows\system32\PortableDeviceApi.dll
> c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
> c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
> .
> Czas ukończenia: 2009-05-15 20:00
> ComboFix-quarantined-files.txt 2009-05-15 17:59
>
> Przed: 25 158 545 408 bajtów wolnych
> Po: 25 611 882 496 bajtów wolnych
>
> WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
> [boot loader]
> timeout=2
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
>
> 150 --- E O F --- 2009-03-28 17:49
Received on Fri May 15 19:25:03 2009