Atak I Zablokowany Przez Fw

[kamilo23]

Cały czas ktoś mi się chce dopchać tylko nie wiem co to jest.

 

2007-06-21 23:26:35 Your computer has been attacked from 15.34.133.219.broad.sz.gd.dynamic.163data.com.cn. Attack - Helkern. The attack has been successfully repulsed.

2007-06-22 00:11:02 Your computer has been attacked from 202.107.228.35. Attack - Helkern. The attack has been successfully repulsed.

2007-06-22 00:30:39 Your computer has been attacked from not-abuse.open.proxy.scans.on.connect.to.p2p-network.net. Attack - Scanning TCP ports. The attack has been successfully repulsed.

2007-06-22 07:03:18 Your computer has been attacked from 222.173.144.66. Attack - Helkern. The attack has been successfully repulsed.

2007-06-22 12:21:32 Your computer has been attacked from not-abuse.open.proxy.scans.on.connect.to.p2p-network.net. Attack - Scanning TCP ports. The attack has been successfully repulsed.

2007-06-22 14:14:53 Your computer has been attacked from 218.25.10.148. Attack - Helkern. The attack has been successfully repulsed.

[q8ic]

Mi sie wydaje, że ciągle jesteśmy atakowani (przynajmniej userzy w$'ów) - po prostu wyłacz opcje odpowiedzialną za powiadamianie Cię o "Repulsed attacks" [;

[CatchMe]

Niby próba ataku jest blokowana ale na wszelki wypadek wklej logi: HijackThis i Silent Runners.

[kamilo23]

Logfile of HijackThis v1.99.1

Scan saved at 20:16:14, on 2007-06-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\GStartUp.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Documents and Settings\kamilo23\Pulpit\utorrent(2).exe

C:\Program Files\MoorHunt\MoorHunt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

G:\programy bezpieczeństwo\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{279EFC7B-F314-4253-8CDE-50075C1032C1}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CCS\Services\Tcpip\..\{9BDDE4DD-83C3-46B9-A55B-07F5C354B082}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: StartUp Service (GStartUp) - G DATA Software Sp. z o.o. - C:\WINDOWS\system32\GStartUp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "IeCatch2 Class"

\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)

-> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"

\InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\kamilo23\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "kamilo23" & "All Users" startup folders:

----------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Kaspersky Anti-Hacker" -> shortcut to: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe /silence" ["Kaspersky Lab"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 39

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 38

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"

-> {HKLM...CLSID} = "FlashGet Bar"

\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

 

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]

Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]

NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

StartUp Service, GStartUp, "C:\WINDOWS\system32\GStartUp.exe" ["G DATA Software Sp. z o.o."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 81 seconds.

---------- (total run time: 172 seconds)

[CatchMe]

Logi czyste. Jeszcze ComboFix`a bym sprawdził. 8O

[kamilo23]

"kamilo23" - 2007-06-22 23:30:34 Dodatek Service Pack 2 NTFS

ComboFix 07-06-3 - Running from: "G:\programy bezpieczeästwo\"

 

 

((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))

 

 

2007-06-22 21:38 <DIR> d-------- C:\Program Files\BinarySense

2007-06-21 22:01 <DIR> d-------- C:\Program Files\Kaspersky Lab

2007-06-21 22:01 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab

2007-06-18 22:32 <DIR> d-------- C:\Program Files\Librus

2007-06-17 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Diskeeper Corporation

2007-06-09 21:26 <DIR> d-------- C:\Program Files\xp-antispy

2007-06-09 21:15 71,832 --a------ C:\WINDOWS\system32\drivers\e4ldrx64.sys

2007-06-09 21:15 69,656 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys

2007-06-09 21:15 58,264 --a------ C:\WINDOWS\system32\drivers\adildrx64.sys

2007-06-09 21:15 56,088 --a------ C:\WINDOWS\system32\drivers\adildr.sys

2007-06-09 21:15 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL

2007-06-09 21:15 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL

2007-06-09 21:15 316,416 --a------ C:\WINDOWS\system32\unaddrv.x64.exe

2007-06-09 21:15 253,008 --a------ C:\WINDOWS\adirasx64.exe

2007-06-09 21:15 24,576 --a------ C:\WINDOWS\enddisk32.exe

2007-06-09 21:15 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin

2007-06-09 21:15 212,992 --a------ C:\WINDOWS\system32\unaddrv.exe

2007-06-09 21:15 200,704 --a------ C:\WINDOWS\system32\coclassfast.dll

2007-06-09 21:15 194,128 --a------ C:\WINDOWS\adiras.exe

2007-06-09 21:15 176,128 --a------ C:\WINDOWS\autoclk.exe

2007-06-09 21:15 169,496 --a------ C:\WINDOWS\system32\drivers\adiusbawx64.sys

2007-06-09 21:15 155,648 --a------ C:\WINDOWS\system32\adadix32.dll

2007-06-09 21:15 152,308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN

2007-06-09 21:15 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN

2007-06-09 21:15 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN

2007-06-09 21:15 152,146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN

2007-06-09 21:15 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN

2007-06-09 21:15 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN

2007-06-09 21:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN

2007-06-09 21:15 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN

2007-06-09 21:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN

2007-06-09 21:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN

2007-06-09 21:15 146,968 --a------ C:\WINDOWS\system32\drivers\e4usbawx64.sys

2007-06-09 21:15 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE

2007-06-09 21:15 118,552 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys

2007-06-09 21:15 104,344 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys

2007-06-09 21:14 <DIR> d-------- C:\Program Files\SAGEM

2007-06-09 21:10 <DIR> d-------- C:\DOCUME~1\kamilo23\DANEAP~1\InstallShield

2007-06-07 16:35 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-06-07 16:35 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-06-07 16:35 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-06-07 13:06 <DIR> d-------- C:\DOCUME~1\kamilo23\DANEAP~1\BinarySense

2007-06-07 08:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP

2007-06-05 11:36 <DIR> d-------- C:\Program Files\SGJ

2007-06-04 20:10 <DIR> d-------- C:\DOCUME~1\kamilo23\DANEAP~1\Jetico Personal Firewall

2007-06-04 19:29 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-04 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Comodo

2007-06-01 19:41 <DIR> d-------- C:\Program Files\AutoConnect

2007-06-01 18:29 616,960 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys

2007-06-01 18:14 274,432 --a------ C:\WINDOWS\system32\cfosspeed.dll

2007-06-01 17:00 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2007-06-01 16:57 <DIR> d-------- C:\Program Files\neostrada tp

2007-05-22 23:40 <DIR> d-------- C:\Program Files\eduROM

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-22 21:33:22 -------- d-----w C:\DOCUME~1\kamilo23\DANEAP~1\uTorrent

2007-06-22 21:22:19 -------- d-----w C:\Program Files\cFosSpeed

2007-06-22 20:12:53 -------- d-----w C:\DOCUME~1\kamilo23\DANEAP~1\AdobeUM

2007-06-22 17:17:12 -------- d-----w C:\DOCUME~1\kamilo23\DANEAP~1\foobar2000

2007-06-22 10:20:24 -------- d-----w C:\Program Files\Mozilla Thunderbird

2007-06-21 11:38:39 -------- d-----w C:\Program Files\FlashGet

2007-06-19 18:58:20 -------- d-----w C:\Program Files\MoorHunt

2007-06-17 16:09:46 -------- d-----w C:\Program Files\Diskeeper Corporation

2007-06-14 21:22:46 -------- d-----w C:\Program Files\FlashFXP

2007-06-09 19:32:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2007-06-09 19:15:16 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-05 10:04:08 420,352 ----a-w C:\WINDOWS\system32\ntvdm.exe

2007-06-04 16:51:53 -------- d-----w C:\Program Files\PHP

2007-05-22 21:45:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2007-05-22 21:45:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2007-05-22 21:45:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2007-05-22 21:40:05 -------- d-----w C:\Program Files\Common Files\GraphBoard 2.50

2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-11 21:06:47 -------- d-----w C:\Program Files\Wielka Powtorka Lektury 1

2007-05-11 17:15:38 -------- d-----w C:\Program Files\Realtek Sound Manager

2007-05-11 17:15:37 -------- d-----w C:\Program Files\AvRack

2007-05-11 17:12:12 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-05-11 17:12:12 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 01:47]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

{A5366673-E8CA-11D3-9CD9-0090271D075B}=C:\PROGRA~1\FlashGet\jccatch.dll [2002-01-16 20:12]

{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 23:27]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-07-01 20:23 C:\WINDOWS\SOUNDMAN.EXE]

"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2006-08-28 11:29]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-07 16:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03]

"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

*Newly Created Service* - HDDLIFE_HDD_ACCESS_SERVICE

 

**************************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-22 23:32:59

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-22 23:34:15

 

--- E O F ---

 

 

Dzięki za fatygę 8O

[paulo]

Podepnę się z logiem z Gmera:

 

 

EDIT BY: CatchMe

 

edit by me: Podpiąłem się z krótkim pytaniem, żeby nie tworzyć niepotrzebnego topicu.

BTW skąd pomysł z wklej.org ? Szczerze mówiąc nie widzę logicznego uzasadnienia, długie logi wystarczy w spoiler wstawić.

Edytowane 23 Czerwca 2007 przez paulo

[CatchMe]

paulo, nie podpinaj się tylko załóż nowy temat. 8O Poza tym logi umieszczamy na www.wklej.org zgodnie z zasadami: http://forum.purepc.pl/index.php?showtopic=235690

 

- Co do ComboFix`a - jest czysty. 8O

Edytowane 23 Czerwca 2007 przez CatchMe

[kamilo23]

Ulżyło mi ale te ataki od czasu do czasu mam przynajmnie 2 razy na dzień. 8O