wklejto.pl

Dodane przez: ~Log po Co (2008-07-04 14:32) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
ComboFix 08-07-03.5 - ST 2008-07-04 14:32:31.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.545 [GMT 2:00]
Running from: C:\\Documents and Settings\\ST\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\ST\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\axrfgvek.dll
C:\\WINDOWS\\mrvtdpqe.exe
C:\\WINDOWS\\nqgpedlr.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\axrfgvek.dll
C:\\WINDOWS\\mrvtdpqe.exe
C:\\WINDOWS\\nqgpedlr.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-04 to 2008-07-04  )))))))))))))))))))))))))))))))
.
 
2008-07-03 15:10 . 2008-07-03 15:10     <DIR>   d--------       C:\\Documents and Settings\\ST\\Dane aplikacji\\Gadu-Gadu
2008-07-03 12:28 . 2008-07-04 14:06     1,197   --a------       C:\\WINDOWS\\system32\\drivers\\fwdrv.err
2008-07-03 12:20 . 2008-07-03 12:20     <DIR>   d--------       C:\\Program Files\\Sunbelt Software
2008-06-26 18:20 . 2008-06-26 18:20     <DIR>   d--------       C:\\WINDOWS\\system32\\Adobe
2008-06-21 18:23 . 2008-06-21 18:23     <DIR>   d--------       C:\\Program Files\\RonOTS Client
2008-06-20 18:51 . 2008-06-20 18:52     <DIR>   d--------       C:\\Program Files\\Tremulous
2008-06-11 21:48 . 2008-06-11 21:48     <DIR>   d--------       C:\\Automap
2008-06-11 14:14 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 12:36        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\Skype
2008-07-04 12:13        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\uTorrent
2008-07-04 11:59        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\OpenOfficeT72
2008-07-04 11:43        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\MegauploadToolbar
2008-07-04 09:34        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\skypePM
2008-07-02 08:50        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\Hamachi
2008-06-29 15:57        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TrackMania
2008-06-23 14:43        ---------       d-----w C:\\Documents and Settings\\ST\\Dane aplikacji\\Tibia
2008-06-14 18:01        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-11 20:26        118,784 ----a-w C:\\WINDOWS\\SeaMonkeyUninstall.exe
2008-06-11 20:26        118,784 ----a-w C:\\WINDOWS\\GREUninstall.exe
2008-05-24 14:08        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-05-13 18:11        ---------       d-----w C:\\Program Files\\WinFlip
2008-05-08 19:43        ---------       d-----w C:\\Program Files\\DeskMates
2008-05-08 12:28        202,752 ----a-w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
2008-05-07 20:31        ---------       d-----w C:\\Program Files\\Thoosje Sidebar V2.3
2008-05-07 20:22        219,648 ----a-w C:\\WINDOWS\\system32\\uxtheme.dll
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\VisualTaskTips
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\VistaDriveIcon
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\TrueTransparency
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\Styler
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\glass2k
2008-05-07 20:22        ---------       d-----w C:\\Program Files\\Blaero Start Orb
2008-05-07 19:49        ---------       d-----w C:\\Program Files\\TGTSoft
2008-05-07 19:33        ---------       d-----w C:\\Program Files\\Common Files\\Stardock
2008-05-07 19:31        7,852   ----a-w C:\\WINDOWS\\system32\\mcdmsg7.dll
2008-05-07 14:11        ---------       d-----w C:\\Program Files\\Attack on Pearl Harbor Demo
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-21 07:03        662,016 ----a-w C:\\WINDOWS\\system32\\wininet.dll
2008-02-14 18:25        295,936 ----a-w C:\\WINDOWS\\inf\\isprnt.exe
2007-12-02 20:54        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
2007-12-02 18:38        1       ----a-w C:\\Documents and Settings\\ST\\SI.bin
.
 
------- Sigcheck -------
 
2002-09-29 00:00  519168  8b6e6bb5d451f8bbc0621203b687d993      C:\\WINDOWS\\$NtServicePackUninstall$\\winlogon.exe
2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\ServicePackFiles\\i386\\winlogon.exe
2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\system32\\winlogon.exe
2004-08-04 01:44  504832  0344407089b08548d4feba62bb0f32d0      C:\\WINDOWS\\VistaMizer\\old\\winlogon.exe
 
2005-03-02 20:14  2058240  35d11fdc381536ab95e3005489131f44     C:\\WINDOWS\\$hf_mig$\\KB890859\\SP2QFE\\ntkrnlpa.exe
2007-02-28 18:09  2060672  2f4a36b1b03d64fb176cb0f3eb597118     C:\\WINDOWS\\$hf_mig$\\KB931784\\SP2QFE\\ntkrnlpa.exe
2002-09-29 00:00  1921536  3805154f53701c0f3dc438329bf89efb     C:\\WINDOWS\\$NtServicePackUninstall$\\ntkrnlpa.exe
2004-08-04 01:39  2016768  33fdad88eec315ee4cfb147fb19fd2b6     C:\\WINDOWS\\$NtUninstallKB890859$\\ntkrnlpa.exe
2005-03-02 20:09  2016768  83736df906f9a381027eda339d782d4b     C:\\WINDOWS\\$NtUninstallKB931784$\\ntkrnlpa.exe
2007-02-28 18:04  2058880  2bdc1a6cefe320e9c39fabf1961ebb9d     C:\\WINDOWS\\Driver Cache\\i386\\ntkrnlpa.exe
2007-02-28 18:04  2274304  c19601785928c18cde6691ef38858757     C:\\WINDOWS\\ServicePackFiles\\i386\\ntkrnlpa.exe
2007-02-28 18:04  2274304  c19601785928c18cde6691ef38858757     C:\\WINDOWS\\system32\\ntkrnlpa.exe
2007-02-28 18:04  2274304  c19601785928c18cde6691ef38858757     C:\\WINDOWS\\system32\\dllcache\\ntkrnlpa.exe
2007-02-28 18:04  2017280  79a75fd889d9f1ee90582c9d6f70c912     C:\\WINDOWS\\VistaMizer\\old\\ntkrnlpa.exe
 
2005-03-02 20:14  2180864  dba3e4215279c8012b37d2135b531258     C:\\WINDOWS\\$hf_mig$\\KB890859\\SP2QFE\\ntoskrnl.exe
2007-02-28 18:09  2183424  c450518ef9acc02a2d799698021e31a8     C:\\WINDOWS\\$hf_mig$\\KB931784\\SP2QFE\\ntoskrnl.exe
2002-09-29 00:00  1892864  0f8e5919d769f7dcefb559013400038c     C:\\WINDOWS\\$NtServicePackUninstall$\\ntoskrnl.exe
2004-08-04 01:38  2149888  a1b8225d45ef88fa294fe1e371bb594a     C:\\WINDOWS\\$NtUninstallKB890859$\\ntoskrnl.exe
2005-03-02 20:08  2137088  85e7eea3a7934823769a4307d8867084     C:\\WINDOWS\\$NtUninstallKB931784$\\ntoskrnl.exe
2007-02-28 18:04  2181632  c378be3a1edc5e4421d428655ac4a48c     C:\\WINDOWS\\Driver Cache\\i386\\ntoskrnl.exe
2007-02-28 18:04  2394624  e182154989100fe612aa42fbfe4c7f91     C:\\WINDOWS\\ServicePackFiles\\i386\\ntoskrnl.exe
2007-02-28 18:04  2394624  e182154989100fe612aa42fbfe4c7f91     C:\\WINDOWS\\system32\\ntoskrnl.exe
2007-02-28 18:04  2394624  e182154989100fe612aa42fbfe4c7f91     C:\\WINDOWS\\system32\\dllcache\\ntoskrnl.exe
2007-02-28 18:04  2137600  56eb75a8fc9adfe0455c3f44e7b6dc3c     C:\\WINDOWS\\VistaMizer\\old\\ntoskrnl.exe
 
2007-06-13 15:23  1552896  720c3c73fc4748c58cdc0a94c4808a6b     C:\\WINDOWS\\explorer.exe
2007-06-13 15:12  1034752  8db0650b211425b9cdb7d1c4a8f6b482     C:\\WINDOWS\\$hf_mig$\\KB938828\\SP2QFE\\explorer.exe
2002-09-29 00:00  1005568  f4af85d918e83d71341fce2aa5318181     C:\\WINDOWS\\$NtServicePackUninstall$\\explorer.exe
2004-08-04 01:44  1033728  379098a96e6c165b659de7e4328010ea     C:\\WINDOWS\\$NtUninstallKB938828$\\explorer.exe
2007-06-13 15:23  1552896  720c3c73fc4748c58cdc0a94c4808a6b     C:\\WINDOWS\\ServicePackFiles\\i386\\explorer.exe
2007-06-13 15:23  1552896  720c3c73fc4748c58cdc0a94c4808a6b     C:\\WINDOWS\\system32\\dllcache\\explorer.exe
2007-06-13 15:23  1034752  029a562e81bbee088c61d418bf408f44     C:\\WINDOWS\\VistaMizer\\old\\explorer.exe
 
2002-09-29 00:00  13312  0c4c012b0a8960f48a666c240a7baa3d       C:\\WINDOWS\\$NtServicePackUninstall$\\ctfmon.exe
2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\ServicePackFiles\\i386\\ctfmon.exe
2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\system32\\ctfmon.exe
2004-08-04 01:44  15360  cbfa30492d70ce3938d8a7783d0c0436       C:\\WINDOWS\\VistaMizer\\old\\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 01:44 25088]
\"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2007-11-16 13:39 21760296]
\"STYLEXP\"=\"C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe\" [2006-05-24 20:31 1372160]
\"CursorXP\"=\"C:\\nie\\CursorXP\\CursorXP.exe\" [2005-01-19 17:34 128000]
\"uTorrent\"=\"C:\\Program Files\\uTorrent\\uTorrent.exe\" [2007-12-04 17:24 219952]
\"Gadu-Gadu\"=\"D:\\Gadu-Gadu\\gg.exe\" [2008-03-20 12:04 2127296]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gainward\"=\"C:\\Program Files\\VDOTool\\TBPanel.exe\" [2007-10-02 13:19 2165272]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-10-05 07:37 8491008]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-10-05 07:37 81920]
\"SoundMAXPnP\"=\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\" [2006-12-18 15:34 868352]
\"ISUSPM Startup\"=\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" [2004-04-17 13:41 196608]
\"ISUSScheduler\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" [2004-04-13 07:07 69632]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 05:25 144784]
\"PCSuiteTrayApplication\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2006-11-28 15:12 222720]
\"Flashget\"=\"C:\\programy\\FlashGet\\FlashGet.exe\" [2007-09-25 10:10 2007088]
\"Alt-Tab Thingy\"=\"C:\\nie\\Alt-Tab Thingy v3\\attmain.exe\" [2005-10-11 20:41 89088]
\"DrvIcon\"=\"C:\\Program Files\\VistaDriveIcon\\DrvIcon.exe\" [2007-07-04 21:59 45056]
\"High Definition Audio Property Page Shortcut\"=\"HDAShCut.exe\" [2005-01-07 18:07 61952 C:\\WINDOWS\\system32\\HdAShCut.exe]
\"nwiz\"=\"nwiz.exe\" [2007-10-05 07:37 1626112 C:\\WINDOWS\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\CTFMON.EXE\" [2004-08-04 01:44 25088]
\"PcSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2006-11-09 18:15 1634304]
 
C:\\Documents and Settings\\ST\\Menu Start\\Programy\\Autostart\\
Blaero Start Orb.lnk - C:\\Program Files\\Blaero Start Orb\\Blaero Start Orb 2.0.exe [2006-07-30 20:32:48 521216]
OpenOfficeT7 2.3.1.lnk - C:\\Program Files\\OpenOfficeT7 2.3.1\\program\\quickstart.exe [2007-12-08 02:06:24 393216]
Stardock ObjectDock.lnk - C:\\nie\\ObjectDock\\ObjectDock.exe [2008-05-07 21:33:27 3444008]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Reader Speed Launch.lnk - C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2004-12-14 15:44:06 29696]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.exe [2007-11-30 20:03:34 925696]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\MCPClient]
2005-01-31 15:13 49152 C:\\PROGRA~1\\COMMON~1\\Stardock\\MCPStub.dll
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"D:\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\dpnsvr.exe\"=
\"C:\\\\GameSpy Arcade\\\\Aphex.exe\"=
\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\"=
\"C:\\\\games\\\\Soldat\\\\Soldat.exe\"=
\"D:\\\\@@@DyskC@@@\\\\games\\\\Age of Empires II\\\\empires2.exe\"=
\"C:\\\\programy\\\\FlashGet\\\\flashget.exe\"=
\"D:\\\\@@@DyskC@@@\\\\games\\\\Age of Empires II\\\\age2_x1\\\\age2_x1.exe\"=
\"D:\\\\Far Cry\\\\Bin32\\\\FarCry.exe\"=
\"D:\\\\FEAR\\\\FEAR.exe\"=
\"D:\\\\FEAR\\\\FEARMP.exe\"=
\"C:\\\\TmNationsForever\\\\TmForever.exe\"=
\"D:\\\\FEAR\\\\FEARServer.exe\"=
\"D:\\\\uTorrent\\\\utorrent.exe\"=
\"C:\\\\Documents and Settings\\\\ST\\\\Moje dokumenty\\\\Tibia stare\\\\illusion\\\\Work.exe\"=
\"C:\\\\Documents and Settings\\\\ST\\\\Moje dokumenty\\\\Tibia stare\\\\illusion\\\\devland.exe\"=
\"C:\\\\Program Files\\\\Tremulous\\\\tremulous.exe\"=
\"C:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\"=
\"C:\\\\Documents and Settings\\\\ST\\\\Moje dokumenty\\\\Tibia stare\\\\ots\\\\YurOTS.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\\WINDOWS\\system32\\drivers\\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\\WINDOWS\\system32\\drivers\\khips.sys [2007-04-26 10:21]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 SPF4;Sunbelt Personal Firewall 4;\"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe\" [2007-04-26 10:21]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\\WINDOWS\\system32\\DRIVERS\\WlanBZXP.sys [2005-12-22 15:45]
S3 XDva090;XDva090;C:\\WINDOWS\\system32\\XDva090.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\\WINDOWS\\system32\\ZDCndis5.SYS []
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 14:36:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-04 14:38:23
ComboFix-quarantined-files.txt  2008-07-04 12:38:17
ComboFix2.txt  2008-07-04 12:04:07
 
Pre-Run: 10,681,131,008 bajtów wolnych
Post-Run: 10,669,346,816 bajtów wolnych
 
188     --- E O F ---   2008-06-21 06:38:05
 
Wygenerowano w 0.092s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!