wklejto.pl

Dodane przez: ~Anonim (2009-12-10 19:49) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
ComboFix 09-12-09.04 - Belmondo 2009-12-10  19:41:37.6.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3327.2893 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\Belmondo\\Moje dokumenty\\Pobieranie\\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\\documents and settings\\LocalService\\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\\windows\\system32\\config\\systemprofile\\oashdihasidhasuidhiasdhiashdiuasdhasd
 
Zainfekowana kopia c:\\windows\\system32\\Drivers\\atapi.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\\windows\\system32\\drivers\\system32\\DRIVERS\\atapi.sys 
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-10 do 2009-12-10  )))))))))))))))))))))))))))))))
.
 
2009-12-08 19:44 . 2009-12-08 19:44     --------        d-----w-        c:\\program files\\Trend Micro
2009-12-04 17:34 . 2009-12-04 17:34     --------        d-----w-        c:\\windows\\system32\\XPSViewer
2009-12-04 17:34 . 2009-12-04 17:34     --------        d-----w-        c:\\program files\\Reference Assemblies
2009-12-04 17:29 . 2008-07-06 12:06     89088   ----a-w-        c:\\windows\\system32\\Spool\\prtprocs\\w32x86\\filterpipelineprintproc.dll
2009-12-04 17:29 . 2008-07-06 12:06     89088   -c----w-        c:\\windows\\system32\\dllcache\\filterpipelineprintproc.dll
2009-12-04 17:29 . 2008-07-06 12:06     575488  -c----w-        c:\\windows\\system32\\dllcache\\xpsshhdr.dll
2009-12-04 17:29 . 2008-07-06 12:06     575488  ------w-        c:\\windows\\system32\\xpsshhdr.dll
2009-12-04 17:29 . 2008-07-06 12:06     1676288 -c----w-        c:\\windows\\system32\\dllcache\\xpssvcs.dll
2009-12-04 17:29 . 2008-07-06 12:06     1676288 ------w-        c:\\windows\\system32\\xpssvcs.dll
2009-12-04 17:29 . 2008-07-06 12:06     117760  ------w-        c:\\windows\\system32\\prntvpt.dll
2009-12-04 17:29 . 2008-07-06 10:50     597504  -c----w-        c:\\windows\\system32\\dllcache\\printfilterpipelinesvc.exe
2009-12-04 17:29 . 2008-07-06 10:50     597504  ------w-        c:\\windows\\system32\\Spool\\prtprocs\\w32x86\\printfilterpipelinesvc.exe
2009-12-04 12:00 . 2009-12-04 12:00     --------        d-----w-        c:\\program files\\MSXML 4.0
2009-12-04 07:57 . 2009-12-04 07:57     116     ----a-w-        c:\\windows\\system32\\fjhdyfhsn.bat
2009-12-04 05:33 . 2009-12-04 05:33     --------        d-----w-        c:\\documents and settings\\LocalService\\Ustawienia lokalne\\Dane aplikacji\\ESET
2009-12-03 19:25 . 2009-12-03 19:25     --------        d-----w-        c:\\documents and settings\\Belmondo\\Ustawienia lokalne\\Dane aplikacji\\ESET
2009-12-03 19:13 . 2009-12-03 19:13     --------        d-----w-        c:\\windows\\system32\\Attansic
2009-12-03 19:13 . 2009-12-03 19:13     --------        d-----w-        c:\\program files\\Attansic
2009-12-03 19:11 . 2006-10-31 10:10     35840   ----a-w-        c:\\windows\\system32\\drivers\\atl01_xp.sys
2009-12-03 18:59 . 2009-12-03 18:59     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\ESET
2009-12-03 18:58 . 2009-12-03 18:58     --------        d-----w-        c:\\program files\\ESET
2009-12-03 18:58 . 2009-12-03 18:58     --------        d-----w-        c:\\documents and settings\\All Users\\Dane aplikacji\\ESET
2009-12-03 17:54 . 2009-12-03 17:54     2157568 ----a-w-        c:\\windows\\MicCal.exe
2009-12-03 17:54 . 2009-12-03 17:54     129536  ----a-w-        c:\\windows\\system32\\ntport.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 18:32 . 2009-11-04 20:02     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\Skype
2009-12-10 17:13 . 2009-10-14 19:48     --------        d-----w-        c:\\program files\\Mozilla Thunderbird
2009-12-09 21:44 . 2008-11-06 20:18     68456   ----a-w-        c:\\documents and settings\\Belmondo\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2009-12-09 05:04 . 2008-04-15 12:00     566724  ----a-w-        c:\\windows\\system32\\perfh015.dat
2009-12-09 05:04 . 2008-04-15 12:00     122540  ----a-w-        c:\\windows\\system32\\perfc015.dat
2009-12-05 21:07 . 2009-12-04 07:57     16      ----a-w-        c:\\documents and settings\\LocalService\\Dane aplikacji\\fvgqad.dat
2009-12-04 07:57 . 2009-12-04 07:57     4       ----a-w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\avdrn.dat
2009-12-03 19:13 . 2008-11-03 20:56     --------        d--h--w-        c:\\program files\\InstallShield Installation Information
2009-12-03 08:04 . 2009-10-13 12:48     --------        d-----w-        c:\\program files\\msCRM
2009-12-03 04:50 . 2009-11-08 11:33     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\ipla
2009-11-21 16:03 . 2008-04-15 12:00     471552  ----a-w-        c:\\windows\\AppPatch\\aclayers.dll
2009-11-13 17:53 . 2008-11-03 21:54     --------        d-----w-        c:\\program files\\Winamp
2009-11-08 11:33 . 2009-11-08 11:33     --------        d-----w-        c:\\documents and settings\\All Users\\Dane aplikacji\\ipla
2009-11-08 11:33 . 2009-11-08 11:33     --------        d-----w-        c:\\program files\\ipla
2009-11-08 11:33 . 2009-11-08 11:33     1700352 ----a-w-        c:\\windows\\system32\\gdiplus.dll
2009-11-04 20:02 . 2009-11-04 20:02     --------        d-----w-        c:\\program files\\Common Files\\Skype
2009-11-04 20:02 . 2008-11-03 22:17     --------        d-----r-        c:\\program files\\Skype
2009-11-04 18:43 . 2009-11-02 18:46     --------        d-----w-        c:\\documents and settings\\All Users\\Dane aplikacji\\Skype
2009-11-04 18:40 . 2009-11-02 18:47     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\skypePM
2009-11-03 09:25 . 2009-10-30 16:29     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\12Voip
2009-11-02 18:47 . 2009-11-02 18:47     56      ---ha-w-        c:\\windows\\system32\\ezsidmv.dat
2009-10-30 16:27 . 2009-10-30 16:27     --------        d-----w-        c:\\program files\\12Voip.com
2009-10-29 05:26 . 2008-04-15 12:00     669696  ----a-w-        c:\\windows\\system32\\wininet.dll
2009-10-21 05:40 . 2008-04-15 12:00     75776   ----a-w-        c:\\windows\\system32\\strmfilt.dll
2009-10-21 05:40 . 2008-04-15 12:00     25088   ----a-w-        c:\\windows\\system32\\httpapi.dll
2009-10-20 16:20 . 2008-04-15 12:00     265728  ----a-w-        c:\\windows\\system32\\drivers\\http.sys
2009-10-15 04:58 . 2009-10-15 04:58     --------        d-----w-        c:\\documents and settings\\Belmondo\\Dane aplikacji\\Thunderbird
2009-10-13 10:34 . 2008-04-15 12:00     271360  ----a-w-        c:\\windows\\system32\\oakley.dll
2009-10-13 08:29 . 2004-09-05 03:14     3600384 ----a-w-        c:\\windows\\system32\\vp3mpu1.dll
2009-10-12 13:40 . 2008-04-15 12:00     79872   ----a-w-        c:\\windows\\system32\\raschap.dll
2009-10-12 13:40 . 2008-04-15 12:00     150016  ----a-w-        c:\\windows\\system32\\rastls.dll
2009-10-09 07:32 . 2004-09-05 03:14     1495040 ----a-w-        c:\\windows\\system32\\vp3epm.dll
2009-09-25 05:37 . 2008-04-15 12:00     81920   ----a-w-        c:\\windows\\system32\\ieencode.dll
2009-09-25 03:05 . 2004-09-05 03:14     2617344 ----a-w-        c:\\windows\\system32\\vp3mpu2.dll
2009-09-24 08:39 . 2004-09-05 03:15     2543616 ----a-w-        c:\\windows\\system32\\vp3MPU.dll
2009-09-24 08:38 . 2006-08-23 00:56     1318912 ----a-w-        c:\\windows\\system32\\vp3opt.dll
2009-09-23 07:33 . 2005-10-17 06:45     3592192 ----a-w-        c:\\windows\\system32\\vp3sepm2.dll
2009-09-22 19:27 . 2009-09-22 19:27     2560    ----a-w-        c:\\windows\\_MSRSTRT.EXE
2009-09-21 04:03 . 2006-06-07 03:49     2650112 ----a-w-        c:\\windows\\system32\\vp3mpu5.dll
2009-09-21 04:01 . 2004-09-05 03:14     2260992 ----a-w-        c:\\windows\\system32\\vp3sepm.dll
2009-09-16 06:31 . 2007-10-30 01:38     1826816 ----a-w-        c:\\windows\\system32\\vp3190.dll
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"12Voip\"=\"c:\\program files\\12Voip.com\\12Voip\\12Voip.exe -nosplash -minimized\" [X]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-15 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2008-10-07 13574144]
\"nwiz\"=\"nwiz.exe\" [2008-10-07 1630208]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2008-10-07 86016]
\"egui\"=\"c:\\program files\\ESET\\ESET Smart Security\\egui.exe\" [2009-04-09 2029640]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-15 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\wineyes]
2007-04-09 20:45        73785   ------r-        c:\\windows\\system32\\welogon.dll
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk]
path=c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk
backup=c:\\windows\\pss\\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\12Voip]
c:\\program files\\12Voip.com\\12Voip\\12Voip.exe -nosplash -minimized [X]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GrooveMonitor]
2006-10-26 23:47        31016   ----a-w-        c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\H/PC Connection Agent]
2006-11-13 13:57        1289000 ----a-w-        c:\\program files\\Microsoft ActiveSync\\wcescomm.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IPLA!]
2009-10-13 13:21        6039960 ----a-w-        c:\\program files\\ipla\\ipla.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
2008-04-14 21:51        1695232 ------w-        c:\\program files\\Messenger\\msmsgs.exe
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"c:\\\\Program Files\\\\VoipDiscount.com\\\\VoipDiscount\\\\VoipDiscount.exe\"=
\"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"c:\\program files\\Microsoft ActiveSync\\rapimgr.exe\"= c:\\program files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
\"c:\\program files\\Microsoft ActiveSync\\wcescomm.exe\"= c:\\program files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
\"c:\\program files\\Microsoft ActiveSync\\WCESMgr.exe\"= c:\\program files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
\"c:\\\\WINDOWS\\\\system32\\\\dpvsetup.exe\"=
\"c:\\\\Program Files\\\\msCRM\\\\msCRM.exe\"=
\"c:\\\\Program Files\\\\12Voip.com\\\\12Voip\\\\12Voip.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Plugin Manager\\\\skypePM.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"26675:TCP\"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
R1 ehdrv;ehdrv;c:\\windows\\system32\\drivers\\ehdrv.sys [2009-04-09 107256]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\\program files\\Common Files\\ABBYY\\FineReader\\9.00\\Licensing\\PE\\NetworkLicenseServer.exe [2007-12-06 660768]
R2 ekrn;ESET Service;c:\\program files\\ESET\\ESET Smart Security\\ekrn.exe [2009-04-09 731840]
R2 windoweyes;Window-Eyes;c:\\program files\\GW Micro\\Window-Eyes\\weserv.exe [2008-11-09 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\\windows\\system32\\drivers\\atl01_xp.sys [2009-12-03 35840]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\\windows\\system32\\drivers\\WlanBZXP.sys [2008-11-04 450560]
S3 SIWIO;SIWIO;\\??\\c:\\windows\\TEMP\\SiwIo.sys --> c:\\windows\\TEMP\\SiwIo.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\\??\\c:\\windows\\system32\\ZDCndis5.SYS --> c:\\windows\\system32\\ZDCndis5.SYS [?]
S4 sptd;sptd;c:\\windows\\system32\\Drivers\\sptd.sys --> c:\\windows\\system32\\Drivers\\sptd.sys [?]
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://pracownik.mikrotech.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
TCP: {993925FC-9D3E-4C36-A50A-EF001E99B761} = 194.204.152.34
FF - ProfilePath - c:\\documents and settings\\Belmondo\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\f49bkex9.default\\
FF - prefs.js: browser.startup.homepage - hxxp://www.multimo.pl/sprawdz-dostepnosc-uslugi/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\
 
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\\program files\\Mozilla Firefox\\greprefs\\security-prefs.js - pref(\"security.ssl3.rsa_seed_sha\", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
MSConfigStartUp-Outpost Firewall - c:\\progra~1\\Agnitum\\OUTPOS~1.0\\outpost.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 19:45
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'explorer.exe\'(1676)
c:\\program files\\GW Micro\\Window-Eyes\\GWM32INC.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\\windows\\system32\\astsrv.exe
c:\\windows\\system32\\nvsvc32.exe
c:\\windows\\system32\\RUNDLL32.EXE
c:\\program files\\12Voip.com\\12Voip\\12Voip.exe
c:\\progra~1\\MI3AA1~1\\rapimgr.exe
c:\\program files\\GW Micro\\Window-Eyes\\wineyes.exe
c:\\program files\\GW Micro\\Window-Eyes\\SPEECH32.EXE
c:\\program files\\GW Micro\\Window-Eyes\\GWM32.EXE
c:\\program files\\GW Micro\\Window-Eyes\\bdisplay.exe
c:\\windows\\system32\\wbem\\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-10  19:47:41 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-12-10 18:47
 
Przed: 38 315 896 832 bajtów wolnych
Po: 38 410 809 344 bajtów wolnych
 
- - End Of File - - 169B7373C0C3D38D4DB246107CA1755F
 
Wygenerowano w 0.099s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!