Anonim / 8 lat, 1 miesiąc temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
ComboFix 09-10-16.09 - Boron 2009-10-17 16:28.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1791.1165 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Boron\Pulpit\1234.com.exe
Użyto następujących komend :: c:\documents and settings\Boron\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\dllcache\soqwx32.sys"
"c:\windows\system32\drivers\soqwx32.sys"
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-09-17 do 2009-10-17  )))))))))))))))))))))))))))))))
.

2009-10-17 14:23 . 2009-10-17 14:26	--------	d-----w-	C:\ComboFix
2009-10-04 09:50 . 2004-09-16 14:30	41600	-c--a-w-	c:\windows\system32\dllcache\weitekp9.dll
2009-10-04 09:50 . 2004-09-16 14:30	31360	-c--a-w-	c:\windows\system32\dllcache\weitekp9.sys
2009-10-04 09:50 . 2004-09-16 14:30	9216	-c--a-w-	c:\windows\system32\dllcache\wamps51.dll
2009-10-04 09:50 . 2004-08-03 22:44	77312	-c--a-w-	c:\windows\system32\dllcache\wam51.dll
2009-10-04 09:50 . 2004-08-03 22:44	53248	-c--a-w-	c:\windows\system32\dllcache\wamreg51.dll
2009-10-04 09:50 . 2004-09-16 14:30	74240	-c--a-w-	c:\windows\system32\dllcache\w3ext.dll
2009-10-04 09:50 . 2004-09-16 14:30	5632	-c--a-w-	c:\windows\system32\dllcache\w3svapi.dll
2009-10-04 09:50 . 2004-08-03 22:44	366080	-c--a-w-	c:\windows\system32\dllcache\w3svc.dll
2009-10-04 09:50 . 2004-09-16 14:30	48256	-c--a-w-	c:\windows\system32\dllcache\w32.dll
2009-10-04 09:50 . 2004-09-16 14:30	4608	-c--a-w-	c:\windows\system32\dllcache\w3ctrs51.dll
2009-10-04 09:50 . 2004-08-03 20:32	86073	-c--a-w-	c:\windows\system32\dllcache\voicesub.dll
2009-10-04 09:50 . 2004-08-03 20:32	426041	-c--a-w-	c:\windows\system32\dllcache\voicepad.dll
2009-10-04 09:48 . 2004-09-16 14:30	53248	-c--a-w-	c:\windows\system32\dllcache\nextlink.dll
2009-10-04 09:47 . 2004-09-16 14:29	10129408	-c--a-w-	c:\windows\system32\dllcache\hwxkor.dll
2009-10-04 09:46 . 2004-09-16 14:29	45568	-c--a-w-	c:\windows\system32\dllcache\browscap.dll
2009-10-04 09:45 . 2004-08-03 22:44	221184	----a-w-	c:\windows\system32\wmpns.dll
2009-10-04 09:34 . 2009-10-04 09:34	--------	d-----w-	c:\program files\CONEXANT
2009-10-03 23:17 . 2004-09-16 14:30	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2009-10-03 23:17 . 2004-09-16 14:30	24661	----a-w-	c:\windows\system32\spxcoins.dll
2009-10-03 23:17 . 2004-09-16 14:30	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2009-10-03 23:17 . 2004-09-16 14:30	13312	----a-w-	c:\windows\system32\irclass.dll
2009-10-03 16:46 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-10-03 16:46 . 2009-04-03 09:18	130936	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-10-03 16:46 . 2008-12-18 10:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-03 16:46 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-10-03 16:45 . 2009-10-03 16:52	--------	d-----w-	C:\Spyware Doctor
2009-10-03 16:45 . 2009-10-03 16:45	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-10-03 15:01 . 2009-10-03 15:01	--------	d-----w-	c:\documents and settings\Boron\DoctorWeb
2009-10-02 14:55 . 2009-10-04 15:39	--------	d-----w-	c:\documents and settings\Boron\Dane aplikacji\ipla
2009-10-02 14:55 . 2009-10-02 14:55	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ipla
2009-10-02 14:55 . 2009-10-02 14:55	--------	d-----w-	C:\ipla
2009-09-20 14:35 . 2009-09-20 14:46	--------	d-----w-	c:\documents and settings\Boron\Dane aplikacji\DMCache
2009-09-20 14:23 . 2009-09-20 14:27	--------	d-----w-	c:\documents and settings\Boron\Dane aplikacji\GetRightToGo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 14:33 . 2008-09-30 11:22	1321208	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-10-17 14:33 . 2008-09-30 11:22	113186848	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-10-17 14:27 . 2001-10-26 18:15	74648	----a-w-	c:\windows\system32\perfc015.dat
2009-10-17 14:27 . 2001-10-26 18:15	448586	----a-w-	c:\windows\system32\perfh015.dat
2009-10-16 19:42 . 2009-01-11 13:18	--------	d-----w-	c:\documents and settings\Boron\Dane aplikacji\uTorrent
2009-10-06 14:55 . 2009-06-13 15:48	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-10-04 09:42 . 2008-09-04 07:35	23016	----a-w-	c:\windows\system32\emptyregdb.dat
2009-10-03 16:47 . 2009-06-16 16:57	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-10-01 10:23 . 2008-09-30 10:31	--------	d-----w-	c:\documents and settings\Boron\Dane aplikacji\Winamp
2009-09-16 12:41 . 2008-09-04 08:03	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-10 12:54 . 2009-06-17 18:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-06-17 18:24	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-26 10:20 . 2008-10-08 16:25	--------	d-----w-	c:\program files\Java
2009-08-24 10:12 . 2009-08-24 10:12	278984	----a-w-	c:\windows\system32\drivers\atksgt.sys
2009-08-24 10:12 . 2009-08-24 10:12	25416	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2009-08-17 16:10 . 2008-09-30 11:11	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-09-30 11:11	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-09-30 11:11	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-09-30 11:11	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-09-30 11:11	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-09-30 11:11	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-09-30 11:11	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-09-30 11:11	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-09-30 11:11	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-07-25 03:23 . 2009-01-20 02:01	411368	----a-w-	c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-18 827392]
"WinampAgent"="c:\winamp\winampa.exe" [2008-08-03 36352]
"avast!"="c:\alwils~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ZoneAlarm Client"="c:\zone labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"UnlockerAssistant"="c:\unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-18 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-23 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-11 576104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23850:TCP"= 23850:TCP:BitComet 23850 TCP
"23850:UDP"= 23850:UDP:BitComet 23850 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-03 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-30 20560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\spyware doctor\pctsAuxs.exe [2009-10-03 348752]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Boron\Dane aplikacji\Mozilla\Firefox\Profiles\5hxsrj30.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Boron\Dane aplikacji\Mozilla\Firefox\Profiles\5hxsrj30.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\opera\program\plugins\npdsplay.dll
FF - plugin: c:\opera\program\plugins\npganymedenet.dll
FF - plugin: c:\opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\opera\program\plugins\NPSWF32.dll
FF - plugin: c:\opera\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 16:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\btmmhook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\alwil software\Avast4\aswUpdSv.exe
c:\alwil software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\alwil software\Avast4\ashMaiSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\alwil software\Avast4\ashWebSv.exe
c:\docume~1\Boron\USTAWI~1\temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-10-17 16:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-10-17 14:36
ComboFix2.txt  2009-10-17 00:12

Przed: 104 458 932 224 bajtów wolnych
Po: 104 402 800 640 bajtów wolnych

174