Forum CDRinfo.pl - Podgląd pojedynczego posta

sharesnake · 08.12.2009, 15:02

jest log z combofix i co myślicie?

Kod:

ComboFix 09-12-07.07 - SNAKE 2009-12-08 14:01.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.767.568 [GMT 1:00]
Uruchomiony z: c:\documents and settings\SNAKE\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\windows\system32\Mlkf.dll
c:\windows\system32\ntSVc.ocx

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-08 do 2009-12-08  )))))))))))))))))))))))))))))))
.

2009-12-08 12:57 . 2009-12-08 12:57	--------	d-----w-	c:\windows\Internet Logs
2009-12-08 12:25 . 2009-12-08 12:25	--------	d-----w-	c:\windows\system32\URTTemp
2009-12-08 12:24 . 2004-09-29 06:15	516096	------w-	c:\windows\system32\ati2sgag.exe
2009-12-08 12:24 . 2004-09-29 02:58	294912	----a-r-	c:\windows\system32\atiiiexx.dll
2009-12-08 12:24 . 2004-09-29 02:32	163840	----a-r-	c:\windows\system32\ATIDEMGR.dll
2009-12-08 01:02 . 2009-12-08 01:02	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\CheckPoint
2009-12-08 01:01 . 2009-12-08 12:56	--------	d-----w-	c:\program files\CheckPoint
2009-12-07 16:25 . 2009-12-07 16:25	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-12-07 16:25 . 2009-12-07 16:25	--------	d-----w-	c:\program files\Java
2009-12-07 16:25 . 2009-12-07 16:25	152576	----a-w-	c:\documents and settings\SNAKE\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-07 16:23 . 2009-12-07 16:23	79488	----a-w-	c:\documents and settings\SNAKE\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-07 15:03 . 2009-12-07 15:03	--------	d-----w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\cache
2009-12-07 15:01 . 2009-12-07 15:13	--------	d-----w-	c:\windows\SxsCaPendDel
2009-12-07 15:01 . 2009-12-07 15:04	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\Nowe Gadu-Gadu
2009-12-07 15:01 . 2009-12-07 15:01	--------	d-----w-	c:\program files\Nowe Gadu-Gadu
2009-12-07 14:59 . 2009-12-07 14:59	0	----a-w-	c:\windows\nsreg.dat
2009-12-07 14:59 . 2009-12-07 14:59	--------	d-----w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-12-07 14:37 . 2009-12-07 14:37	--------	d-----w-	c:\program files\ZoneAlarmSB
2009-12-07 14:36 . 2009-12-08 01:01	4212	---ha-w-	c:\windows\system32\zllictbl.dat
2009-12-05 17:15 . 2009-12-05 17:15	42168	----a-w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-05 17:10 . 2009-12-08 12:45	--------	d-----r-	C:\Downloads
2009-12-05 17:06 . 2009-12-05 17:06	--------	d-----w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\Identities
2009-12-05 17:00 . 2009-12-05 17:00	15781	----a-w-	c:\windows\system32\drivers\mdc8021x.sys
2009-12-05 17:00 . 2004-04-22 09:57	62848	----a-w-	c:\windows\system32\drivers\RT2400.sys
2009-12-05 17:00 . 2003-12-17 11:10	110592	----a-w-	c:\windows\system32\AegisI5.exe
2009-12-05 17:00 . 2003-09-03 09:12	86016	----a-w-	c:\windows\system32\install.dll
2009-12-05 17:00 . 2003-08-29 14:55	28672	----a-w-	c:\windows\system32\CCS24.exe
2009-12-05 17:00 . 2003-06-24 10:22	32768	----a-w-	c:\windows\system32\SmartInstallCfg2.dll
2009-12-05 17:00 . 2003-05-21 09:17	45056	----a-w-	c:\windows\system32\DEDriverDLL.dll
2009-12-05 17:00 . 2002-05-24 08:44	36864	----a-w-	c:\windows\system32\WRLSetup.exe
2009-12-05 17:00 . 2009-12-05 17:00	--------	d-----w-	c:\program files\RALINK
2009-12-05 16:57 . 2009-12-05 16:57	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\TransEngPol4
2009-12-05 16:55 . 2009-12-05 16:56	--------	d-----w-	C:\_TransEN-kompas-4
2009-12-05 16:55 . 2009-12-05 16:55	--------	d-----w-	c:\program files\IrfanView
2009-12-05 16:50 . 2003-06-19 00:31	18944	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-05 16:50 . 2003-06-19 00:31	17920	----a-w-	c:\windows\system32\mdimon.dll
2009-12-05 16:49 . 2009-12-05 16:49	--------	d-----w-	c:\program files\Microsoft.NET
2009-12-05 16:48 . 2009-12-05 16:49	--------	d-----w-	c:\windows\SHELLNEW
2009-12-05 16:46 . 2009-12-05 16:46	--------	d-----r-	C:\MSOCache
2009-12-05 16:33 . 2009-12-05 16:33	--------	d-----w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\Adobe
2009-12-05 16:27 . 2009-12-08 01:25	34	----a-w-	c:\windows\system32\mslck.dat
2009-12-05 16:24 . 2005-06-22 18:23	36864	----a-w-	c:\windows\system32\LckFldService.exe
2009-12-05 16:24 . 2009-12-05 16:26	--------	d-----w-	c:\program files\FolderAccess
2009-12-05 16:24 . 2002-07-26 16:02	153088	----a-w-	c:\windows\system32\fldlckun.exe
2009-12-05 16:24 . 1998-04-23 23:00	368912	----a-w-	c:\windows\system32\vbar332.dll
2009-12-05 16:19 . 2009-12-05 16:19	--------	d-----w-	c:\program files\Unlocker
2009-12-05 16:15 . 2009-12-05 16:15	--------	d-----w-	c:\program files\MWSnap
2009-12-05 16:14 . 2009-12-05 16:14	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\ImgBurn
2009-12-05 16:14 . 2009-12-05 16:14	--------	d-----w-	c:\program files\ImgBurn
2009-12-05 16:13 . 2009-12-05 16:13	--------	d-----w-	C:\BeSweetGUI-0.7b8
2009-12-05 16:11 . 2009-12-05 16:11	--------	d-----w-	c:\program files\Ant Movie Catalog
2009-12-05 16:11 . 2009-12-05 16:11	--------	d-----w-	c:\program files\Real Alternative
2009-12-05 16:11 . 2009-12-05 16:11	--------	d-----w-	c:\documents and settings\SNAKE\Ustawienia lokalne\Dane aplikacji\Real
2009-12-05 16:11 . 2009-12-05 16:11	--------	d-----w-	c:\program files\SubEdit-Player
2009-12-05 16:10 . 2009-12-05 16:10	--------	d-----w-	C:\audio
2009-12-05 16:10 . 1998-04-30 13:56	129024	----a-w-	c:\windows\UNWISE.EXE
2009-12-05 16:10 . 2009-12-05 16:10	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Yahoo! Companion
2009-12-05 16:10 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll
2009-12-05 16:10 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2009-12-05 16:10 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2009-12-05 16:10 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2009-12-05 16:10 . 2009-11-09 18:00	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-12-05 16:10 . 2009-12-05 16:10	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-12-05 16:04 . 2009-12-05 16:04	--------	d-----w-	c:\program files\Alcohol Soft
2009-12-05 16:03 . 2009-12-05 16:03	685816	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-12-05 16:00 . 2005-09-01 10:03	5888	------w-	c:\windows\system32\drivers\imagedrv.sys
2009-12-05 16:00 . 2005-09-01 10:03	127488	------w-	c:\windows\system32\drivers\imagesrv.sys
2009-12-05 16:00 . 2004-07-26 15:16	476320	------w-	c:\windows\system32\ImagXpr7.dll
2009-12-05 16:00 . 2004-07-26 15:16	471040	------w-	c:\windows\system32\ImagXRA7.dll
2009-12-05 16:00 . 2004-07-26 15:16	262144	------w-	c:\windows\system32\ImagXR7.dll
2009-12-05 16:00 . 2004-07-26 15:16	1568768	------w-	c:\windows\system32\ImagX7.dll
2009-12-05 16:00 . 2004-07-09 07:43	364544	------w-	c:\windows\system32\TwnLib4.dll
2009-12-05 16:00 . 2001-07-09 09:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2009-12-05 16:00 . 2000-06-26 09:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll
2009-12-05 16:00 . 2009-12-05 16:00	--------	d-----w-	c:\program files\Ahead
2009-12-05 16:00 . 2009-12-05 16:00	--------	d-----w-	c:\program files\Common Files\Ahead

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 12:59 . 2009-12-05 15:50	288	----a-w-	c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2009-12-08 12:59 . 2009-12-05 15:50	288	----a-w-	c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2009-12-08 12:26 . 2001-10-26 17:15	73532	----a-w-	c:\windows\system32\perfc015.dat
2009-12-08 12:26 . 2001-10-26 17:15	495436	----a-w-	c:\windows\system32\perfh015.dat
2009-12-08 12:24 . 2009-12-05 15:11	--------	d-----w-	c:\program files\ATI Technologies
2009-12-08 12:24 . 2009-12-05 15:11	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-07 15:18 . 2009-12-05 16:21	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\Winamp
2009-12-05 17:00 . 2009-12-05 15:10	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-12-05 16:21 . 2009-12-05 16:21	--------	d-----w-	c:\program files\Winamp
2009-12-05 16:00 . 2009-12-05 15:59	--------	d-----w-	c:\program files\Yahoo!
2009-12-05 15:58 . 2009-12-05 15:58	--------	d-----w-	c:\program files\Common Files\Adobe
2009-12-05 15:50 . 2009-12-05 15:49	--------	d-----w-	c:\program files\Canon
2009-12-05 15:49 . 2009-12-05 15:49	--------	d-----w-	c:\program files\Common Files\Canon
2009-12-05 15:44 . 2009-12-05 15:43	--------	d-----w-	c:\program files\Hewlett-Packard
2009-12-05 15:28 . 2009-12-05 15:20	--------	d-----w-	c:\program files\Creative
2009-12-05 15:28 . 2009-12-05 15:28	--------	d-----w-	c:\documents and settings\SNAKE\Dane aplikacji\Creative
2009-12-05 15:24 . 2009-12-05 15:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Creative
2009-12-05 14:52 . 2009-12-05 14:52	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-05 14:51 . 2009-12-05 14:51	--------	d-----w-	c:\program files\Usługi online
2009-12-05 14:49 . 2009-12-05 14:49	21856	----a-w-	c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Raconfig.lnk - c:\program files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe [2009-12-5 479232]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-07-02 10:29	220544	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-29 06:15	344064	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 19:56	40960	----a-w-	c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 10:40	49152	----a-r-	c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 10:08	172032	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00	28672	----a-w-	c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-07 16:25	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19	15872	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37	37888	----a-w-	c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-12-05 62848]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-05 685816]
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\SNAKE\Dane aplikacji\Mozilla\Firefox\Profiles\sxq4xpd8.default\
FF - plugin: c:\documents and settings\SNAKE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-Folder Access 2.1 Free Version - c:\progra~1\FOLDER~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 14:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-12-08 14:06
ComboFix-quarantined-files.txt  2009-12-08 13:06

Przed: 9*543*639*040 bajtów wolnych
Po: 9*539*465*216 bajtów wolnych

- - End Of File - - 147C44C7A9250F42A7D7CFC2248A1849