wklejto.pl

Dodane przez: ~Bzyku (2008-06-28 19:02) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
ComboFix 08-06-20.4 - Bzyku 2008-06-28 19:02:28.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1761 [GMT 2:00]
Running from: C:\\Documents and Settings\\Bzyku\\Pulpit\\Combo-Fix.exe
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\pskt.ini
 
.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.
 
2008-06-28 17:36 . 2008-06-28 17:36     0       --a------       C:\\WINDOWS\\BM2bd7d44c.xml
2008-06-28 17:35 . 2008-06-28 17:35     <DIR>   d--------       C:\\Documents and Settings\\LocalService\\Menu Start
2008-06-28 17:35 . 2008-06-28 18:45     534     ---hs----       C:\\WINDOWS\\system32\\rhoxjfwf.ini
2008-06-28 17:20 . 2008-06-28 17:23     <DIR>   d--------       C:\\Program Files\\Panda Security
2008-06-28 17:05 . 2008-06-28 17:05     81,920  --a------       C:\\WINDOWS\\system32\\fwfjxohr.dll
2008-06-28 17:02 . 2008-06-28 17:02     90,624  --a------       C:\\WINDOWS\\system32\\pbvudfwv.dll
2008-06-28 13:51 . 2008-06-28 16:16     153     --a------       C:\\WINDOWS\\wininit.ini
2008-06-28 09:35 . 2008-06-28 09:35     <DIR>   d--------       C:\\Program Files\\Ahead
2008-06-28 05:18 . 2008-06-28 05:18     90,112  --a------       C:\\WINDOWS\\system32\\wlnfhnbu.dll
2008-06-27 23:17 . 2008-06-27 23:17     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\nView_Profiles
2008-06-27 17:10 . 2008-06-27 17:10     <DIR>   d--------       C:\\Program Files\\Common Files\\EZB Systems
2008-06-27 17:10 . 2008-06-27 17:10     25,600  --a------       C:\\WINDOWS\\system32\\geBtSjjk.dll
2008-06-27 14:04 . 2008-06-27 14:04     <DIR>   dr-h-----       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\SecuROM
2008-06-26 09:57 . 2008-06-27 14:20     22,328  --a------       C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys
2008-06-26 09:56 . 2008-06-26 09:56     <DIR>   d--------       C:\\WINDOWS\\system32\\LogFiles
2008-06-26 09:56 . 2008-06-27 14:20     103,736 --a------       C:\\WINDOWS\\system32\\PnkBstrB.exe
2008-06-26 09:56 . 2008-06-26 09:56     66,872  --a------       C:\\WINDOWS\\system32\\PnkBstrA.exe
2008-06-26 09:47 . 2007-05-16 16:45     3,497,832       --a------       C:\\WINDOWS\\system32\\d3dx9_34.dll
2008-06-23 18:53 . 2008-06-23 18:53     <DIR>   d--------       C:\\WINDOWS\\system32\\URTTemp
2008-06-22 12:02 . 2008-06-22 12:02     <DIR>   d--------       C:\\WINDOWS\\San Andreas Mod Installer
2008-06-20 22:31 . 2008-06-28 16:55     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\uTorrent
2008-06-19 09:05 . 2008-06-19 09:05     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Ahead
2008-06-18 18:27 . 2008-06-18 18:27     <DIR>   dr-------       C:\\WINDOWS\\AsDmiHtm
2008-06-18 18:27 . 2008-06-18 18:31     <DIR>   d--------       C:\\Program Files\\ASUS
2008-06-18 18:27 . 2006-01-10 10:50     24,576  -ra------       C:\\WINDOWS\\system32\\AsIO.dll
2008-06-18 18:27 . 2006-10-18 21:12     12,664  -ra------       C:\\WINDOWS\\system32\\drivers\\AsIO.sys
2008-06-18 18:27 . 2008-06-18 18:27     666     --a------       C:\\WINDOWS\\setup.iss
2008-06-18 17:47 . 2008-06-18 17:47     <DIR>   d--------       C:\\WINDOWS\\system32\\drivers\\system32
2008-06-18 17:47 . 2008-06-18 17:47     <DIR>   d--------       C:\\WINDOWS\\system32\\drivers\\INF
2008-06-18 17:47 . 2004-08-03 22:59     95,360  --a------       C:\\WINDOWS\\system32\\drivers\\SET1D.tmp
2008-06-18 17:47 . 2004-08-03 22:59     95,360  --a------       C:\\WINDOWS\\system32\\drivers\\SET15.tmp
2008-06-18 17:46 . 2008-06-18 17:46     <DIR>   d--------       C:\\Program Files\\Intel
2008-06-18 12:53 . 2008-06-18 12:53     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\dvdcss
2008-06-17 22:31 . 2008-06-17 22:31     <DIR>   d--------       C:\\WINDOWS\\nview
2008-06-17 22:22 . 2008-06-17 22:22     <DIR>   d--------       C:\\Program Files\\Firebird
2008-06-17 22:22 . 2007-03-02 14:05     393,216 --a------       C:\\WINDOWS\\system32\\GDS32.DLL
2008-06-17 21:14 . 2008-06-27 14:04     107,888 --a------       C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-06-17 10:57 . 2008-06-17 10:57     <DIR>   d--------       C:\\Program Files\\Lavasoft
2008-06-17 10:57 . 2008-06-17 11:08     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Lavasoft
2008-06-17 10:56 . 2008-06-17 10:56     <DIR>   d--------       C:\\Program Files\\Common Files\\Wise Installation Wizard
2008-06-17 10:45 . 2008-06-17 10:45     <DIR>   d--------       C:\\Program Files\\Nero
2008-06-17 10:45 . 2008-06-17 10:46     <DIR>   d--------       C:\\Program Files\\Common Files\\Ahead
2008-06-17 10:19 . 2008-06-18 12:30     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Winamp
2008-06-17 08:56 . 2008-06-17 10:24     <DIR>   d--------       C:\\Program Files\\DriveImage XML
2008-06-17 00:02 . 2008-06-17 08:06     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Vso
2008-06-17 00:02 . 2008-06-17 00:02     94,208  --a------       C:\\WINDOWS\\system32\\drivers\\ezplay.sys
2008-06-17 00:02 . 2008-06-17 00:02     94,208  --a------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\ezplay.sys
2008-06-17 00:02 . 2008-06-17 00:02     87,608  --a------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\inst.exe
2008-06-17 00:02 . 2008-06-17 00:02     47,360  --a------       C:\\WINDOWS\\system32\\drivers\\pcouffin.sys
2008-06-17 00:02 . 2008-06-17 00:02     47,360  --a------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\pcouffin.sys
2008-06-16 23:44 . 2008-06-16 23:44     <DIR>   d--------       C:\\WINDOWS\\ShellNew
2008-06-16 23:44 . 2008-06-16 23:44     427     --a------       C:\\WINDOWS\\ODBC.INI
2008-06-16 23:31 . 2008-06-16 23:31     685,816 --a------       C:\\WINDOWS\\system32\\drivers\\sptd.sys
2008-06-16 17:21 . 2008-06-16 17:14     691,545 --a------       C:\\WINDOWS\\unins000.exe
2008-06-16 17:21 . 2008-06-16 17:21     2,540   --a------       C:\\WINDOWS\\unins000.dat
2008-06-16 16:50 . 2008-06-16 17:33     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d----c---       C:\\WINDOWS\\system32\\DRVSTORE
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\PC Connectivity Solution
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\DIFX
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\Common Files\\PCSuite
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\Common Files\\Nokia
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\PC Suite
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Nokia
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\PC Suite
2008-06-16 16:49 . 2007-02-22 10:15     90,624  --a------       C:\\WINDOWS\\system32\\nmwcdcls.dll
2008-06-16 16:48 . 2008-06-16 16:48     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Installations
2008-06-16 16:47 . 2008-06-16 16:47     <DIR>   d--------       C:\\Program Files\\IrfanView
2008-06-15 23:00 . 2008-06-15 23:00     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\vlc
2008-06-15 22:46 . 2008-06-15 22:46     1,160   --a------       C:\\WINDOWS\\mozver.dat
2008-06-15 22:44 . 2008-06-15 22:44     0       --a------       C:\\WINDOWS\\nsreg.dat
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\WINDOWS\\system32\\Lang
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\Program Files\\Marvell
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\TMP
2008-06-15 22:07 . 2008-06-15 22:07     940,794 --a------       C:\\WINDOWS\\system32\\LoopyMusic.wav
2008-06-15 22:07 . 2008-06-15 22:07     146,650 --a------       C:\\WINDOWS\\system32\\BuzzingBee.wav
2008-06-15 22:05 . 2008-06-15 22:05     <DIR>   d--------       C:\\Program Files\\Realtek
2008-06-15 22:05 . 2008-06-27 16:37     <DIR>   d--h-----       C:\\Program Files\\InstallShield Installation Information
2008-06-15 22:02 . 2008-06-18 18:27     32,384  --a------       C:\\WINDOWS\\Ascd_log.ini
2008-06-15 22:00 . 2008-06-18 18:20     32,069  --a------       C:\\WINDOWS\\Ascd_tmp.ini
2008-06-15 22:00 . 2006-10-11 13:33     10,288  --a------       C:\\WINDOWS\\system32\\drivers\\ASUSHWIO.SYS
2008-06-15 22:00 . 2004-08-13 20:56     5,810   -ra------       C:\\WINDOWS\\system32\\drivers\\ASACPI.sys
2008-06-15 21:58 . 2006-04-01 17:16     162,176 -ra------       C:\\WINDOWS\\system32\\drivers\\V0260Vid.sys
2008-06-15 21:25 . 2004-04-30 09:37     160,640 --a------       C:\\WINDOWS\\system32\\drivers\\a347bus.sys
2008-06-15 21:25 . 2004-04-30 09:33     5,248   --a------       C:\\WINDOWS\\system32\\drivers\\a347scsi.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 16:41        ---------       d-----w C:\\Program Files\\Gadu-Gadu
2008-06-18 16:31        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-06-18 16:22        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-17 18:29        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\AntiVir PersonalEdition Classic
2008-06-15 20:05        315,392 ----a-w C:\\WINDOWS\\HideWin.exe
2008-06-15 18:36        ---------       d-----w C:\\Program Files\\VideoLAN
2008-06-15 18:31        ---------       d-----w C:\\Program Files\\EPSON
2008-06-15 18:27        ---------       d-----w C:\\Program Files\\totalcmd
2008-06-15 16:42        ---------       d-----w C:\\Program Files\\microsoft frontpage
2008-06-15 16:41        ---------       d-----w C:\\Program Files\\Usługi online
2008-05-16 09:58        12,632  ----a-w C:\\WINDOWS\\system32\\lsdelete.exe
2008-04-30 15:27        442,368 ----a-w C:\\WINDOWS\\system32\\NVUNINST.EXE
2008-04-29 09:20        15,648  ----a-w C:\\WINDOWS\\system32\\drivers\\NSDriver.sys
2008-04-29 09:19        15,648  ----a-w C:\\WINDOWS\\system32\\drivers\\Awrtrd.sys
2008-04-29 09:19        12,960  ----a-w C:\\WINDOWS\\system32\\drivers\\Awrtpd.sys
2006-06-23 22:48        32,768  ----a-r C:\\WINDOWS\\inf\\UpdateUSB.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{D554A583-D4CF-4A6F-B07A-CB25F60FA743}]
2008-06-27 17:10        25600   --a------       C:\\WINDOWS\\system32\\geBtSjjk.dll
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-01-30 16:58 1716224]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"avgnt\"=\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" [2008-02-12 10:06 262401]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-08-10 09:21 16384000 C:\\WINDOWS\\RTHDCPL.exe]
\"nwiz\"=\"nwiz.exe\" [2008-05-03 05:46 1630208 C:\\WINDOWS\\system32\\nwiz.exe]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2008-05-03 05:46 86016]
\"28e4e7d0\"=\"C:\\WINDOWS\\system32\\fwfjxohr.dll\" [2008-06-28 17:05 81920]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2008-05-03 05:46 13529088]
\"BM2bd7d44c\"=\"C:\\WINDOWS\\system32\\pbvudfwv.dll\" [2008-06-28 17:02 90624]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
[hkey_local_machine\\software\\microsoft\\windows\\currentversion\\explorer\\shellexecutehooks]
\"{D554A583-D4CF-4A6F-B07A-CB25F60FA743}\"= C:\\WINDOWS\\system32\\geBtSjjk.dll [2008-06-27 17:10 25600]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\geBtSjjk]
geBtSjjk.dll 2008-06-27 17:10 25600 C:\\WINDOWS\\system32\\geBtSjjk.dll
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Microsoft Office.lnk
backup=C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\28e4e7d0]
C:\\WINDOWS\\system32\\tryflisb.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BM2bd7d44c]
--a------ 2008-06-28 05:18 90112 C:\\WINDOWS\\system32\\wlnfhnbu.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NWEReboot]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Nero\\\\Nero 7\\\\Nero Home\\\\NeroHome.exe\"=
\"D:\\\\BRI\\\\KlinikaXP\\\\bin\\\\klinika.exe\"=
\"D:\\\\Programy\\\\uTorrent\\\\uTorrent.exe\"=
 
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbguard.exe [2007-03-02 14:05]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe [2007-03-02 14:05]
S3 V0260VID;Live! Cam Vista IM;C:\\WINDOWS\\system32\\DRIVERS\\V0260Vid.sys [2006-04-01 17:16]
 
*Newly Created Service* - PARPORT
.
Contents of the \'Scheduled Tasks\' folder
\"2008-06-28 16:45:28 C:\\WINDOWS\\Tasks\\RegCure Program Check.job\"
- D:\\Programy\\RegCure\\RegCure.exe
\"2008-06-28 13:52:32 C:\\WINDOWS\\Tasks\\RegCure.job\"
- D:\\Programy\\RegCure\\RegCure.exe
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 19:03:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\\WINDOWS\\system32\\winlogon.exe
-> C:\\WINDOWS\\system32\\geBtSjjk.dll
.
Completion time: 2008-06-28 19:04:17
ComboFix-quarantined-files.txt  2008-06-28 17:04:15
ComboFix2.txt  2008-06-28 16:42:23
 
Pre-Run: 20,256,641,024 bajtów wolnych
Post-Run: 20,247,072,768 bajtów wolnych
 
188
 
Wygenerowano w 0.094s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!