wklejto.pl

Dodane przez: ~Anonim (2009-07-03 12:42) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
ComboFix 09-07-02.02 - Meag 2009-07-03 10:18.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1023.686 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Meag\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
 
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\autorun.inf
C:\metdgv.bat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\autorun.inf
D:\metdgv.bat
D:\uninstall.exe
E:\Autorun.inf
E:\metdgv.bat
 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Legacy_OREANS32
-------\Service_AVPsys
-------\Service_oreans32
 
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-06-03 do 2009-07-03  )))))))))))))))))))))))))))))))
.
 
2009-07-02 18:05 . 2009-02-05 20:06     23152   ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2009-07-02 18:04 . 2009-02-05 20:08     93296   ----a-w-        c:\windows\system32\drivers\aswmon.sys
2009-07-02 18:04 . 2009-02-05 20:08     94032   ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2009-07-02 18:04 . 2009-02-05 20:07     114768  ----a-w-        c:\windows\system32\drivers\aswSP.sys
2009-07-02 18:04 . 2009-02-05 20:07     20560   ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2009-07-02 18:04 . 2009-02-05 20:06     51376   ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2009-07-02 18:04 . 2009-02-05 20:05     26944   ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2009-07-02 18:04 . 2009-02-05 20:04     97480   ----a-w-        c:\windows\system32\AvastSS.scr
2009-07-02 18:04 . 2009-02-05 20:11     1256296 ----a-w-        c:\windows\system32\aswBoot.exe
2009-07-02 16:56 . 2009-06-23 11:52     57344   ----a-w-        c:\documents and settings\Meag\Dane aplikacji\Mozilla\Firefox\Profiles\7vsc7rz0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
2009-07-02 16:21 . 2009-07-02 16:20     106352  --sh--r-        C:\cj1m.com
2009-06-28 16:00 . 2009-01-05 16:32     139264  ----a-w-        c:\windows\NeoUninstall.exe
2009-06-20 18:05 . 2009-06-20 20:47     --------        d-----w-        c:\documents and settings\Meag\Dane aplikacji\Skype
2009-06-20 18:05 . 2009-06-20 18:05     --------        d-----w-        c:\program files\Common Files\Skype
2009-06-20 18:05 . 2009-06-20 18:05     --------        d-----r-        c:\program files\Skype
2009-06-08 09:22 . 2009-02-27 10:55     111992  ----a-w-        c:\windows\system32\acaptuser32.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 08:11 . 2009-01-28 16:37     --------        d-----w-        c:\documents and settings\Meag\Dane aplikacji\uTorrent
2009-07-03 07:38 . 2008-11-01 17:30     --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2009-07-02 19:27 . 2009-01-02 21:52     --------        d-----w-        c:\documents and settings\Meag\Dane aplikacji\BESTplayer
2009-06-22 20:15 . 2009-01-28 19:23     2516    --sha-w-        c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-06-22 20:15 . 2009-01-28 19:23     2516    --sha-w-        c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-06-22 20:15 . 2009-01-28 19:23     88      --sh--r-        c:\documents and settings\All Users\Dane aplikacji\351B0DF691.sys
2009-06-22 20:15 . 2009-01-28 19:23     88      --sh--r-        c:\documents and settings\All Users\Dane aplikacji\351B0DF691.sys
2009-06-20 18:07 . 2008-06-14 19:58     --------        d-----w-        c:\documents and settings\Meag\Dane aplikacji\skypePM
2009-06-20 18:05 . 2008-06-14 19:56     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Skype
2009-06-18 14:15 . 2009-01-29 12:31     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-16 14:14 . 2009-06-01 20:57     --------        d-----w-        c:\program files\SubEdit-Player
2009-06-02 21:31 . 2009-06-01 20:29     --------        d-----w-        c:\program files\WinAVI Video Converter
2009-06-02 21:29 . 2008-06-12 19:59     --------        d--h--w-        c:\program files\InstallShield Installation Information
2009-06-02 21:28 . 2009-02-16 19:43     --------        d-----w-        c:\program files\Saxo Bank
2009-06-02 21:28 . 2009-02-17 20:55     --------        d-----w-        c:\program files\GlobalTrader
2009-06-02 21:27 . 2009-04-06 19:23     --------        d-----w-        c:\program files\Pcsx2_0.9.4
2009-06-02 21:27 . 2009-06-01 21:01     --------        d-----w-        c:\program files\ALLPlayer
2009-06-02 21:27 . 2008-11-06 12:04     --------        d-----w-        c:\program files\NAPI-PROJEKT
2009-06-01 20:32 . 2009-06-01 20:32     --------        d-----w-        c:\documents and settings\Meag\Dane aplikacji\STOIK
2009-06-01 20:32 . 2009-06-01 20:32     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-01 12:58 . 2009-06-01 12:58     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Movavi Video Converter 6
2009-05-18 08:57 . 2001-10-26 16:15     82230   ----a-w-        c:\windows\system32\perfc015.dat
2009-05-18 08:57 . 2001-10-26 16:15     484978  ----a-w-        c:\windows\system32\perfh015.dat
2009-04-06 19:15 . 2009-04-06 19:16     4194304 ----a-w-        C:\f.bin
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40        333192  ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Meag^Menu Start^Programy^Autostart^Delta Force-Black Hawk Down Team Sabre Registration.lnk]
path=c:\documents and settings\Meag\Menu Start\Programy\Autostart\Delta Force-Black Hawk Down Team Sabre Registration.lnk
backup=c:\windows\pss\Delta Force-Black Hawk Down Team Sabre Registration.lnkStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Meag^Menu Start^Programy^Autostart^PowerReg Scheduler.exe]
path=c:\documents and settings\Meag\Menu Start\Programy\Autostart\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\All Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\All Users\Dane aplikacji
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\All Users\Dane aplikacji\Adsl Software Limited
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"d:\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Steam-adama\\SteamApps\\tobiasz563\\counter-strike\\hl.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Steam-adama\\SteamApps\\michaldul\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Meag\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"=
"d:\\DOW\\SS\\Soulstorm.exe"=
"c:\\Program Files\\DealBook 360\\DealBookFX.exe"=
"d:\\Puzzle Quest\\Puzzle Quest.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22000:TCP"= 22000:TCP:a
"28000:TCP"= 28000:TCP:b
 
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-07-02 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-28 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-01-28 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-07-02 20560]
S3 Di1610VM11;KONICA MINOLTA Di1610;c:\windows\system32\drivers\Di1610.SYS [2001-08-17 13824]
.
- - - - USUNITO PUSTE WPISY - - - -
 
SSODL-xvorfwbd-{0F727AD7-54B8-4469-A6EC-90E81E266517} - c:\windows\xvorfwbd.dll
SSODL-wpvmqosg-{B915DC25-3E9E-40AC-BF51-A4283FB43E13} - c:\windows\wpvmqosg.dll
Notify-WgaLogon - (no file)
 
 
.
------- Skan uzupeniajcy -------
.
FF - ProfilePath - c:\documents and settings\Meag\Dane aplikacji\Mozilla\Firefox\Profiles\7vsc7rz0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/
FF - component: c:\documents and settings\Meag\Dane aplikacji\Mozilla\Firefox\Profiles\7vsc7rz0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\vlc\npvlc.dll
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 10:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
skanowanie ukrytych procesw ...  
 
skanowanie ukrytych wpisw autostartu ... 
 
skanowanie ukrytych plikw ...  
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
 
[HKEY_USERS\S-1-5-21-1202660629-484061587-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ff,29,f1,76,83,b2,eb,f3,77,90,95,d7,f6,8b,75,61,26,35,69,eb,88,11,d1,
   57,b9,4d,07,8f,e0,f3,9d,04,79,91,48,71,a6,e0,42,0f,07,ea,2f,92,f3,61,d9,1d,\
"??"=hex:71,4c,3b,5f,d1,cd,0d,1f,23,5b,18,22,f4,9e,72,ef
 
[HKEY_USERS\S-1-5-21-1202660629-484061587-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:09,da,ef,e0,6a,f2,b2,e8,cc,f0,e6,54,47,d2,02,8c,1e,57,7a,9a,be,
   2d,1c,d4,13,21,fb,fe,e5,30,f2,30,47,e5,c2,ef,3f,aa,ab,95,5f,a2,e5,c5,9a,60,\
"rkeysecu"=hex:a4,ab,9f,58,63,d3,3d,7d,34,e0,d3,c0,9a,5b,9c,01
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
 
- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Pozostae uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\osk.exe
c:\windows\system32\msswchx.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukoczenia: 2009-07-03 10:24 - komputer zosta uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-07-03 08:24
 
Przed: 1411526656 bajtw wolnych
Po: 1411084288 bajtw wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 
210     --- E O F ---   2008-12-19 12:28
 
Wygenerowano w 0.092s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!