wklejto.pl

Dodane przez: ~bzyk111 (2008-06-28 23:31) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
ComboFix 08-06-20.4 - Bzyku 2008-06-28 23:27:33.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1646 [GMT 2:00]
Running from: C:\\Documents and Settings\\Bzyku\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Bzyku\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\BM2bd7d44c.xml
C:\\WINDOWS\\system32\\fwfjxohr.dll
C:\\WINDOWS\\system32\\geBtSjjk.dll
C:\\WINDOWS\\system32\\pbvudfwv.dll
C:\\WINDOWS\\system32\\rhoxjfwf.ini
C:\\WINDOWS\\system32\\wlnfhnbu.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\inst.exe
C:\\Documents and Settings\\Bzyku\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Windows Media\\10.0\\WMSDKNSD.XML
C:\\WINDOWS\\BM2bd7d44c.xml
C:\\WINDOWS\\pskt.ini
C:\\WINDOWS\\system32\\gjkachcw.ini
C:\\WINDOWS\\system32\\netrbsqs.ini
C:\\WINDOWS\\system32\\pbvudfwv.dll
C:\\WINDOWS\\system32\\PqpsYJlm.ini
C:\\WINDOWS\\system32\\PqpsYJlm.ini2
C:\\WINDOWS\\system32\\rhoxjfwf.ini
C:\\WINDOWS\\system32\\wayxxGgh.ini
C:\\WINDOWS\\system32\\wayxxGgh.ini2
C:\\WINDOWS\\system32\\wlnfhnbu.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.
 
2008-06-28 22:54 . 2008-06-28 22:54     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\PC Tools
2008-06-28 22:54 . 2008-06-28 23:29     <DIR>   d-a------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-06-28 22:54 . 2007-12-10 14:53     81,288  --a------       C:\\WINDOWS\\system32\\drivers\\iksyssec.sys
2008-06-28 22:54 . 2007-12-10 14:53     66,952  --a------       C:\\WINDOWS\\system32\\drivers\\iksysflt.sys
2008-06-28 22:54 . 2008-06-28 22:58     42,376  --a------       C:\\WINDOWS\\system32\\drivers\\ikfilesec.sys
2008-06-28 22:54 . 2007-12-10 14:53     29,576  --a------       C:\\WINDOWS\\system32\\drivers\\kcom.sys
2008-06-28 20:57 . 2008-06-28 20:57     90,624  --a------       C:\\WINDOWS\\system32\\npeqbaew.dll
2008-06-28 20:04 . 2008-06-28 20:04     <DIR>   d--------       C:\\VundoFix Backups
2008-06-28 19:23 . 2008-06-28 19:24     <DIR>   d--------       C:\\WINDOWS\\system32\\NtmsData
2008-06-28 19:12 . 2008-06-28 19:12     90,624  --a------       C:\\WINDOWS\\system32\\qqykgduq.dll
2008-06-28 19:11 . 2008-06-28 19:11     319,488 --a------       C:\\WINDOWS\\system32\\m_lJYs_pqP.d_l_old
2008-06-28 17:35 . 2008-06-28 17:35     <DIR>   d--------       C:\\Documents and Settings\\LocalService\\Menu Start
2008-06-28 17:20 . 2008-06-28 17:23     <DIR>   d--------       C:\\Program Files\\Panda Security
2008-06-28 13:51 . 2008-06-28 20:49     209     --a------       C:\\WINDOWS\\wininit.ini
2008-06-28 09:35 . 2008-06-28 09:35     <DIR>   d--------       C:\\Program Files\\Ahead
2008-06-27 23:17 . 2008-06-27 23:17     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\nView_Profiles
2008-06-27 17:10 . 2008-06-27 17:10     <DIR>   d--------       C:\\Program Files\\Common Files\\EZB Systems
2008-06-27 14:04 . 2008-06-27 14:04     <DIR>   dr-h-----       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\SecuROM
2008-06-26 09:57 . 2008-06-27 14:20     22,328  --a------       C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys
2008-06-26 09:56 . 2008-06-26 09:56     <DIR>   d--------       C:\\WINDOWS\\system32\\LogFiles
2008-06-26 09:56 . 2008-06-27 14:20     103,736 --a------       C:\\WINDOWS\\system32\\PnkBstrB.exe
2008-06-26 09:56 . 2008-06-26 09:56     66,872  --a------       C:\\WINDOWS\\system32\\PnkBstrA.exe
2008-06-26 09:47 . 2007-05-16 16:45     3,497,832       --a------       C:\\WINDOWS\\system32\\d3dx9_34.dll
2008-06-23 18:53 . 2008-06-23 18:53     <DIR>   d--------       C:\\WINDOWS\\system32\\URTTemp
2008-06-22 12:02 . 2008-06-22 12:02     <DIR>   d--------       C:\\WINDOWS\\San Andreas Mod Installer
2008-06-20 22:31 . 2008-06-28 16:55     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\uTorrent
2008-06-19 09:05 . 2008-06-19 09:05     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Ahead
2008-06-18 18:27 . 2008-06-18 18:27     <DIR>   dr-------       C:\\WINDOWS\\AsDmiHtm
2008-06-18 18:27 . 2008-06-18 18:31     <DIR>   d--------       C:\\Program Files\\ASUS
2008-06-18 18:27 . 2006-01-10 10:50     24,576  -ra------       C:\\WINDOWS\\system32\\AsIO.dll
2008-06-18 18:27 . 2006-10-18 21:12     12,664  -ra------       C:\\WINDOWS\\system32\\drivers\\AsIO.sys
2008-06-18 18:27 . 2008-06-18 18:27     666     --a------       C:\\WINDOWS\\setup.iss
2008-06-18 17:47 . 2008-06-18 17:47     <DIR>   d--------       C:\\WINDOWS\\system32\\drivers\\system32
2008-06-18 17:47 . 2008-06-18 17:47     <DIR>   d--------       C:\\WINDOWS\\system32\\drivers\\INF
2008-06-18 17:47 . 2004-08-03 22:59     95,360  --a------       C:\\WINDOWS\\system32\\drivers\\SET1D.tmp
2008-06-18 17:47 . 2004-08-03 22:59     95,360  --a------       C:\\WINDOWS\\system32\\drivers\\SET15.tmp
2008-06-18 17:46 . 2008-06-18 17:46     <DIR>   d--------       C:\\Program Files\\Intel
2008-06-18 12:53 . 2008-06-18 12:53     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\dvdcss
2008-06-17 22:31 . 2008-06-17 22:31     <DIR>   d--------       C:\\WINDOWS\\nview
2008-06-17 22:22 . 2008-06-17 22:22     <DIR>   d--------       C:\\Program Files\\Firebird
2008-06-17 22:22 . 2007-03-02 14:05     393,216 --a------       C:\\WINDOWS\\system32\\GDS32.DLL
2008-06-17 21:14 . 2008-06-27 14:04     107,888 --a------       C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-06-17 10:57 . 2008-06-17 10:57     <DIR>   d--------       C:\\Program Files\\Lavasoft
2008-06-17 10:57 . 2008-06-17 11:08     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Lavasoft
2008-06-17 10:56 . 2008-06-17 10:56     <DIR>   d--------       C:\\Program Files\\Common Files\\Wise Installation Wizard
2008-06-17 10:45 . 2008-06-17 10:45     <DIR>   d--------       C:\\Program Files\\Nero
2008-06-17 10:45 . 2008-06-17 10:46     <DIR>   d--------       C:\\Program Files\\Common Files\\Ahead
2008-06-17 10:19 . 2008-06-18 12:30     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Winamp
2008-06-17 08:56 . 2008-06-28 20:13     <DIR>   d--------       C:\\Program Files\\DriveImage XML
2008-06-17 00:02 . 2008-06-17 08:06     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Vso
2008-06-17 00:02 . 2008-06-17 00:02     94,208  --a------       C:\\WINDOWS\\system32\\drivers\\ezplay.sys
2008-06-17 00:02 . 2008-06-17 00:02     94,208  --a------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\ezplay.sys
2008-06-17 00:02 . 2008-06-17 00:02     47,360  --a------       C:\\WINDOWS\\system32\\drivers\\pcouffin.sys
2008-06-17 00:02 . 2008-06-17 00:02     47,360  --a------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\pcouffin.sys
2008-06-16 23:44 . 2008-06-16 23:44     <DIR>   d--------       C:\\WINDOWS\\ShellNew
2008-06-16 23:44 . 2008-06-16 23:44     427     --a------       C:\\WINDOWS\\ODBC.INI
2008-06-16 23:31 . 2008-06-16 23:31     685,816 --a------       C:\\WINDOWS\\system32\\drivers\\sptd.sys
2008-06-16 17:21 . 2008-06-16 17:14     691,545 --a------       C:\\WINDOWS\\unins000.exe
2008-06-16 17:21 . 2008-06-16 17:21     2,540   --a------       C:\\WINDOWS\\unins000.dat
2008-06-16 16:50 . 2008-06-16 17:33     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d----c---       C:\\WINDOWS\\system32\\DRVSTORE
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\PC Connectivity Solution
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\DIFX
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\Common Files\\PCSuite
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Program Files\\Common Files\\Nokia
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\PC Suite
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\Nokia
2008-06-16 16:49 . 2008-06-16 16:49     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\PC Suite
2008-06-16 16:49 . 2007-02-22 10:15     90,624  --a------       C:\\WINDOWS\\system32\\nmwcdcls.dll
2008-06-16 16:48 . 2008-06-16 16:48     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Installations
2008-06-16 16:47 . 2008-06-16 16:47     <DIR>   d--------       C:\\Program Files\\IrfanView
2008-06-15 23:00 . 2008-06-15 23:00     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\vlc
2008-06-15 22:46 . 2008-06-15 22:46     1,160   --a------       C:\\WINDOWS\\mozver.dat
2008-06-15 22:44 . 2008-06-15 22:44     0       --a------       C:\\WINDOWS\\nsreg.dat
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\WINDOWS\\system32\\Lang
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\Program Files\\Marvell
2008-06-15 22:07 . 2008-06-15 22:07     <DIR>   d--------       C:\\Documents and Settings\\Bzyku\\Dane aplikacji\\TMP
2008-06-15 22:07 . 2008-06-15 22:07     940,794 --a------       C:\\WINDOWS\\system32\\LoopyMusic.wav
2008-06-15 22:07 . 2008-06-15 22:07     146,650 --a------       C:\\WINDOWS\\system32\\BuzzingBee.wav
2008-06-15 22:05 . 2008-06-15 22:05     <DIR>   d--------       C:\\Program Files\\Realtek
2008-06-15 22:05 . 2008-06-27 16:37     <DIR>   d--h-----       C:\\Program Files\\InstallShield Installation Information
2008-06-15 22:02 . 2008-06-18 18:27     32,384  --a------       C:\\WINDOWS\\Ascd_log.ini
2008-06-15 22:00 . 2008-06-18 18:20     32,069  --a------       C:\\WINDOWS\\Ascd_tmp.ini
2008-06-15 22:00 . 2006-10-11 13:33     10,288  --a------       C:\\WINDOWS\\system32\\drivers\\ASUSHWIO.SYS
2008-06-15 22:00 . 2004-08-13 20:56     5,810   -ra------       C:\\WINDOWS\\system32\\drivers\\ASACPI.sys
2008-06-15 21:58 . 2006-04-01 17:16     162,176 -ra------       C:\\WINDOWS\\system32\\drivers\\V0260Vid.sys
2008-06-15 21:25 . 2004-04-30 09:37     160,640 --a------       C:\\WINDOWS\\system32\\drivers\\a347bus.sys
2008-06-15 21:25 . 2004-04-30 09:33     5,248   --a------       C:\\WINDOWS\\system32\\drivers\\a347scsi.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 16:41        ---------       d-----w C:\\Program Files\\Gadu-Gadu
2008-06-18 16:31        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-06-18 16:22        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-17 18:29        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\AntiVir PersonalEdition Classic
2008-06-15 20:05        315,392 ----a-w C:\\WINDOWS\\HideWin.exe
2008-06-15 18:36        ---------       d-----w C:\\Program Files\\VideoLAN
2008-06-15 18:31        ---------       d-----w C:\\Program Files\\EPSON
2008-06-15 18:27        ---------       d-----w C:\\Program Files\\totalcmd
2008-06-15 16:42        ---------       d-----w C:\\Program Files\\microsoft frontpage
2008-06-15 16:41        ---------       d-----w C:\\Program Files\\Usługi online
2008-05-16 09:58        12,632  ----a-w C:\\WINDOWS\\system32\\lsdelete.exe
2008-04-30 15:27        442,368 ----a-w C:\\WINDOWS\\system32\\NVUNINST.EXE
2008-04-29 09:20        15,648  ----a-w C:\\WINDOWS\\system32\\drivers\\NSDriver.sys
2008-04-29 09:19        15,648  ----a-w C:\\WINDOWS\\system32\\drivers\\Awrtrd.sys
2008-04-29 09:19        12,960  ----a-w C:\\WINDOWS\\system32\\drivers\\Awrtpd.sys
2006-06-23 22:48        32,768  ----a-r C:\\WINDOWS\\inf\\UpdateUSB.exe
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-01-30 16:58 1716224]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"avgnt\"=\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" [2008-02-12 10:06 262401]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-08-10 09:21 16384000 C:\\WINDOWS\\RTHDCPL.exe]
\"nwiz\"=\"nwiz.exe\" [2008-05-03 05:46 1630208 C:\\WINDOWS\\system32\\nwiz.exe]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2008-05-03 05:46 86016]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2008-05-03 05:46 13529088]
\"ISTray\"=\"d:\\Programy\\Spyware Doctor\\pctsTray.exe\" [2008-06-28 22:59 1107848]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Microsoft Office.lnk
backup=C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NWEReboot]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Nero\\\\Nero 7\\\\Nero Home\\\\NeroHome.exe\"=
\"D:\\\\BRI\\\\KlinikaXP\\\\bin\\\\klinika.exe\"=
\"D:\\\\Programy\\\\uTorrent\\\\uTorrent.exe\"=
 
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbguard.exe [2007-03-02 14:05]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe [2007-03-02 14:05]
R3 V0260VID;Live! Cam Vista IM;C:\\WINDOWS\\system32\\DRIVERS\\V0260Vid.sys [2006-04-01 17:16]
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 23:29:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe
C:\\Program Files\\AntiVir PersonalEdition Classic\\avguard.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
D:\\Programy\\Spyware Doctor\\pctsAuxs.exe
D:\\Programy\\Spyware Doctor\\pctsSvc.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-28 23:30:10 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-28 21:30:07
ComboFix2.txt  2008-06-28 17:04:18
 
Pre-Run: 20,089,704,448 bajtów wolnych
Post-Run: 20,076,302,336 bajt˘w wolnych
 
206
 
Wygenerowano w 0.097s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!