piotrekd / 8 lat, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
ComboFix 09-02-05.04 - Dom 2009-02-06 16:56:48.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.256.102 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Dom\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090206-0] *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\pook.com
c:\windows\system32\nmdfgds1.dll
D:\Autorun.inf
D:\pook.com
E:\Autorun.inf
E:\pook.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-06 do 2009-02-06  )))))))))))))))))))))))))))))))
.

2009-02-06 15:47 . 2009-02-06 15:47	<DIR>	d--------	c:\windows\WinAVI Video Converter 9.0
2009-01-07 20:41 . 2009-01-07 20:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\2511A
2009-01-07 20:39 . 2008-09-25 14:20	483,328	--a------	c:\windows\system32\actskn45.ocx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 14:47	---------	d-----w	c:\program files\BearShare
2009-02-06 14:47	---------	d-----w	c:\program files\a-squared Free
2009-02-06 14:36	---------	d-----w	c:\program files\Mozilla Thunderbird
2009-01-31 11:10	---------	d-----w	c:\program files\eMule
2009-01-26 19:20	---------	d-----w	c:\program files\Deutsch Translator 2
2009-01-05 22:33	3,751,995	----a-w	c:\windows\system32\GPhotos.scr
2009-01-02 16:41	---------	d-----w	c:\program files\Google
2008-12-29 14:27	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Wru
2008-12-24 20:17	---------	d-----w	c:\documents and settings\Dom\Dane aplikacji\ZoomBrowser EX
2008-12-24 19:47	---------	d-----w	c:\program files\Common Files\Canon
2008-12-18 16:17	---------	d-----w	c:\program files\Java
2008-12-11 14:28	804,864	----a-w	C:\dvdrom.bin
2008-11-10 04:43	410,984	----a-w	c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-14 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-02 1055792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
RaConfig.lnk - c:\windows\system32\RaConfig.exe [2008-10-06 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-06 20560]
R3 ess;Sterownik audio ESS (WDM);c:\windows\system32\drivers\ess.sys [2008-10-06 63360]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2008-10-06 51712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{475ce022-adc6-11dd-ae84-0080c6e7c397}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83458602-93ef-11dd-b5d2-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83458603-93ef-11dd-b5d2-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83458604-93ef-11dd-b5d2-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7F847D3D-D3CA-4BB5-A208-9FBEBABBE448} = 192.168.100.1
FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\kceb0m7j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
FF - plugin: e:\ania\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 16:59:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-06 17:02:46
ComboFix-quarantined-files.txt  2009-02-06 16:02:40

Przed: 4,833,452,032 bajtów wolnych
Po: 4,867,657,728 bajtów wolnych

110