Ta strona używa cookie do personalizacji treści i reklam oraz analizowania ruchu. Dowiedz się więcej w polityce prywatności.
Zgadzam się

ComboFix.txt

Komputer wysyła spam.

Okej.... Niestety... wykonalem najpierw Combat Fixa... pozniej kasacja anti trojana i to od pendriva... w sensie mount pointa... Flash disi na moim kompie....


ComboFix 09-03-06.02 - zaba 2009-03-09 19:26:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2039.1468 [GMT 1:00]
Uruchomiony z: c:\documents and settings\zaba\Pulpit\ComboFix.exe
U?yto nast?puj?cych komend :: c:\documents and settings\zaba\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
c:\windows\system32\acovcnt.exe
.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us?ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_KSI32SK
-------\Service_GarenaPEngine
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_Rdmmaensu


((((((((((((((((((((((((( Pliki utworzone od 2009-02-09 do 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 18:24 . 2009-03-09 18:24 & lt; DIR & gt; d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 18:24 . 2009-03-09 18:24 & lt; DIR & gt; d-------- c:\documents and settings\zaba\Dane aplikacji\Malwarebytes
2009-03-09 18:24 . 2009-03-09 18:24 & lt; DIR & gt; d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-03-09 18:24 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 18:24 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-09 17:59 . 2009-03-09 17:59 & lt; DIR & gt; d-------- c:\documents and settings\zaba\DoctorWeb
2009-03-09 16:32 . 2009-03-09 16:32 & lt; DIR & gt; d-------- c:\program files\Trend Micro
2009-03-09 14:56 . 2009-03-09 15:21 & lt; DIR & gt; d-------- c:\program files\Anti Trojan Elite
2009-03-03 22:43 . 2009-03-03 22:43 & lt; DIR & gt; d-------- c:\program files\Alwil Software
2009-02-18 21:15 . 2009-02-18 21:15 & lt; DIR & gt; d-------- c:\program files\Hamachi
2009-02-18 21:15 . 2009-02-22 01:28 & lt; DIR & gt; d-------- c:\documents and settings\zaba\Dane aplikacji\Hamachi
2009-02-18 21:15 . 2009-02-18 21:15 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-02-12 17:16 . 2009-02-12 17:20 & lt; DIR & gt; d-------- c:\program files\Konnekt
2009-02-12 13:27 . 2009-02-12 15:48 & lt; DIR & gt; d-------- c:\documents and settings\zaba\Dane aplikacji\Nowe Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 15:20 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-08 10:25 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-12 23:48 --------- d-----w c:\documents and settings\zaba\Dane aplikacji\Audacity
2009-02-12 16:17 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\stamina
2009-01-22 20:14 --------- d-----w c:\documents and settings\zaba\Dane aplikacji\Mount & Blade
2009-01-21 11:45 --------- d-----w c:\documents and settings\zaba\Dane aplikacji\HEXelon
2009-01-17 18:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\MiKTeX
2009-01-17 18:29 --------- d-----w c:\program files\MiKTeX 2.7
2009-01-17 15:19 --------- d-----w c:\program files\LEd
2009-01-12 00:03 --------- d-----w c:\program files\Help Workshop
2009-01-11 21:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-10-05 15:09 60,516 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-05 15:09 49,246 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-05 15:09 165,990 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@= " {A8D448F4-0431-45AC-9F5E-E1B434AB2249} "
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\ctfmon.exe " [2004-08-03 15360]
" MultiFrame " = " c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe " [2007-06-21 999792]
" HEXelon MAX " = " c:\documents and settings\zaba\Pulpit\HEXelonMAX6\hexelon.exe " [2007-06-28 2816512]
" Konnekt " = " c:\program files\Konnekt\konnekt.exe " [2005-05-24 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ATKHOTKEY " = " c:\program files\ATK Hotkey\Hcontrol.exe " [2007-06-29 225280]
" ATKOSD2 " = " c:\program files\ATKOSD2\ATKOSD2.exe " [2007-07-03 7708672]
" SMSERIAL " = " c:\program files\Motorola\SMSERIAL\sm56hlpr.exe " [2006-08-10 573440]
" Wireless Console 2 " = " c:\program files\Wireless Console 2\wcourier.exe " [2007-07-05 1040384]
" IntelZeroConfig " = " c:\program files\Intel\Wireless\bin\ZCfgSvc.exe " [2007-06-01 823296]
" IntelWireless " = " c:\program files\Intel\Wireless\Bin\ifrmewrk.exe " [2007-06-01 974848]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2006-10-16 815104]
" ASUS Live Update " = " c:\program files\ASUS\ASUS Live Update\ALU.exe " [2007-11-30 51768]
" ATKMEDIA " = " c:\program files\ASUS\ATK Media\DMEDIA.EXE " [2006-11-02 61440]
" Power_Gear " = " c:\program files\ASUS\Power4 Gear\BatteryLife.exe " [2006-07-26 90112]
" PowerForPhone " = " c:\program files\P4P\P4P.exe " [2007-07-19 778240]
" ACMON " = " c:\program files\ASUS\Splendid\ACMON.exe " [2007-06-26 851968]
" ASUS Camera ScreenSaver " = " c:\windows\ASScrProlog.exe " [2008-10-05 37232]
" ASUS Screen Saver Protector " = " c:\windows\ASScrPro.exe " [2008-10-05 33136]
" WinampAgent " = " c:\program files\Winamp\winampa.exe " [2008-08-04 36352]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe " [2008-01-11 39792]
" GrooveMonitor " = " c:\program files\Microsoft Office\Office12\GrooveMonitor.exe " [2006-10-26 31016]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2008-11-10 136600]
" QuickTime Task " = " c:\program files\QuickTime\QTTask.exe " [2008-09-06 413696]
" IgfxTray " = " c:\windows\system32\igfxtray.exe " [2008-10-21 143360]
" HotKeysCmds " = " c:\windows\system32\hkcmd.exe " [2008-10-21 172032]
" Persistence " = " c:\windows\system32\igfxpers.exe " [2008-10-21 143360]
" Share-to-Web Namespace Daemon " = " c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe " [2001-07-03 57344]
" avast! " = " c:\progra~1\ALWILS~1\Avast4\ashDisp.exe " [2009-02-05 81000]
" MSConfig " = " c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe " [2004-08-03 159744]
" Anti Trojan Elite " = " c:\program files\Anti Trojan Elite\TJEnder.exe " [2000-02-04 3579904]
" RTHDCPL " = " RTHDCPL.EXE " [2006-11-18 c:\windows\RTHDCPL.exe]
" SkyTel " = " SkyTel.EXE " [2006-05-20 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-10 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
--a------ 2000-02-04 11:01 3579904 c:\program files\Anti Trojan Elite\TJEnder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
" spmgr " =2 (0x2)
" Microsoft Office Groove Audit Service " =3 (0x3)
" matlabserver " =2 (0x2)
" Bonjour Service " =2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusDisableNotify " =dword:00000001
" UpdatesDisableNotify " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Konnekt\\konnekt.exe " =
" c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE " =
" c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE " =
" c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =
" c:\\Program Files\\Bonjour\\mDNSResponder.exe " =
" d:\\Program Files\\RndLabs\\BaboViolent 2\\bv2.exe " =
" d:\\Program Files\\Valve\\hl.exe " =
" c:\\usr\\SMTP Server\\localsrv.exe " =
" c:\\usr\\apache\\Apache.exe " =
" d:\\Program Files\\Garena\\Garena.exe " =
" d:\\Program Files\\Warcraft III\\warcraft III.exe " =
" c:\\WINDOWS\\system32\\ACEngSvr.exe " =
" c:\\Documents and Settings\\zaba\\Pulpit\\IPCurve\\ipcurve.exe " =
" c:\\WINDOWS\\system32\\userinit.exe " =

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-10-12 39472]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-03 20560]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-10-05 36864]
R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2009-03-09 5969]
.
Zawartoœae folderu 'Zaplanowane zadania'

2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Skan uzupe?niaj?cy -------
.
uInternet Settings,ProxyOverride = *.local
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\zaba\Dane aplikacji\Mozilla\Firefox\Profiles\akz2uyiw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX - SPOSÓB POST?POWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.closed " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.document " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.frames " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.history " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.length " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.opener " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.parent " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.self " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.top " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " capability.policy.default.Window.window " , " allAccess " );
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.cookie.p3plevel " , 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.enablePad " , false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.search.param.Google.1.default " , " chrome://branding/content/searchconfig.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.search.param.Google.1.custom " , " chrome://branding/content/searchconfig.properties " );
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 19:29:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


C:\ADSM_PData_0150

skanowanie pomyœlnie uko?czone
ukryte pliki: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
" ImagePath " = " c:\usr/MYSQL/bin/mysqld.exe "
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-113007714-682003330-1003\Software\SecuROM\License information*]
" datasecu " =hex:03,06,c0,92,9b,2b,40,d7,7b,f6,1d,35,d7,c8,db,1f,ec,4f,72,d1,e0,
9d,a0,04,f2,e9,bd,2b,ba,d0,83,e3,96,14,f1,50,2c,12,c5,ab,79,f1,2b,5f,c0,c7,\
" rkeysecu " =hex:3d,29,a2,ee,90,07,b9,d0,b0,92,97,f8,35,4f,bd,b0
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\usr\apache\Apache.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\usr\mysql\bin\mysqld.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\usr\apache\Apache.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\qoobox\Quarantine\c\WINDOWS\system32\acovcnt.exe.virUM\
.
**************************************************************************
.
Czas uko?czenia: 2009-03-09 19:33:28 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-09 18:33:25
ComboFix2.txt 2009-03-09 17:46:49

Przed: 38 662 578 176 bajtów wolnych
Po: 38,586,978,304 bajtów wolnych

223


Pobierz plik - link do postu