wklejto.pl

Dodane przez: ~kamila (2008-12-09 12:35) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
ComboFix 08-12-07.04 - niunia 2008-12-09 12:32:02.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.222 [GMT 1:00]
Uruchomiony z: c:\documents and settings\niunia\Pulpit\ComboFix.exe
Uyto nastpujcych komend :: c:\documents and settings\niunia\Pulpit\CFScript.txt
 * Utworzono nowy punkt przywracania
 
FILE ::
C:\ln9.exe
C:\ogcikeq.com
c:\windows\system32\kav320.dll
c:\windows\system32\kav321.dll
C:\x0.com
C:\xfl3hx.exe
D:\ln9.exe
D:\ogcikeq.com
D:\x0.com
D:\xfl3hx.exe
E:\ln9.exe
E:\ogcikeq.com
E:\x0.com
E:\xfl3hx.exe
F:\ln9.exe
F:\ogcikeq.com
F:\x0.com
F:\xfl3hx.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\ln9.exe
C:\ogcikeq.com
c:\windows\system32\kav320.dll
c:\windows\system32\kav321.dll
C:\x0.com
C:\xfl3hx.exe
D:\ln9.exe
D:\ogcikeq.com
D:\x0.com
D:\xfl3hx.exe
E:\ln9.exe
E:\ogcikeq.com
E:\x0.com
E:\xfl3hx.exe
F:\ln9.exe
F:\ogcikeq.com
F:\x0.com
F:\xfl3hx.exe
I:\iqosrtk.bat
K:\qxbx9blb.com
K:\x.bat
 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X
 
 
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-09 do 2008-12-09  )))))))))))))))))))))))))))))))
.
 
2008-12-09 12:14 . 2008-12-09 12:14     <DIR>   d--------       C:\iPMS
2008-11-25 14:31 . 2008-12-09 10:08     <DIR>   d--------       c:\documents and settings\niunia\Dane aplikacji\skypePM
2008-11-25 14:31 . 2008-11-25 14:31     56      --ah-----       c:\windows\system32\ezsidmv.dat
2008-11-25 14:30 . 2008-12-09 11:21     <DIR>   d--------       c:\documents and settings\niunia\Dane aplikacji\Skype
2008-11-25 14:29 . 2008-11-25 14:30     <DIR>   d--------       c:\program files\Skype
2008-11-25 14:29 . 2008-11-25 14:29     <DIR>   d--------       c:\program files\Common Files\Skype
2008-11-25 14:29 . 2008-11-25 14:30     <DIR>   d--------       c:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-16 12:15 . 2008-11-16 12:15     <DIR>   d--------       c:\windows\system32\LogFiles
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 15:01        ---------       d-----w c:\program files\Common Files\Adobe
2008-11-27 14:53        ---------       d-----w c:\program files\Opera
2008-11-20 12:04        ---------       d-----w c:\program files\eMule
2008-11-12 23:04        ---------       d-----w c:\documents and settings\niunia\Dane aplikacji\Autodesk
2008-11-10 19:40        ---------       d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk
2008-11-05 12:33        ---------       d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-04 17:00        ---------       d-----w c:\program files\Common Files\Autodesk Shared
2008-11-04 17:00        ---------       d-----w c:\program files\AutoCAD 2008
2008-11-03 16:54        ---------       d-----w c:\program files\D-Tools
2008-11-03 16:50        ---------       d-----w c:\program files\DAEMON Tools Toolbar
2008-10-28 16:59        ---------       d--h--w c:\program files\InstallShield Installation Information
2008-10-28 16:56        ---------       d-----w c:\program files\directx
2008-10-21 17:41        ---------       d-----w c:\documents and settings\niunia\Dane aplikacji\U3
2008-10-12 11:37        ---------       d-----w c:\program files\Java
2008-10-12 11:37        ---------       d-----w c:\program files\Common Files\Java
2008-10-12 11:37        ---------       d-----w c:\program files\Autodesk Network License Manager
2008-10-12 11:37        ---------       d-----w c:\program files\Autodesk
.
 
(((((((((((((((((((((((((((((   snapshot@2008-12-09_11.21.37.95   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-09 11:34:48   16,384  ----atw c:\windows\TEMP\Perflib_Perfdata_614.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 159744]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
 
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 28672]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-01-07 01:36 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2004-12-01 08:54 77824 c:\windows\SOUNDMAN.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
 
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-25 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-25 20560]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-22 337800]
.
.
------- Skan uzupeniajcy -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\niunia\Dane aplikacji\Mozilla\Firefox\Profiles\r2xw8g02.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ig?ct=1056755551
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 12:35:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesw ... 
 
skanowanie ukrytych wpisw autostartu ...
 
skanowanie ukrytych plikw ... 
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostae uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukoczenia: 2008-12-09 12:37:08 - komputer zosta uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-12-09 11:37:05
ComboFix2.txt  2008-12-09 10:21:59
 
Przed: 8146059264 bajtw wolnych
Po: 8,135,979,008 bajtw wolnych
 
207
 
Wygenerowano w 0.073s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!