wklejto.pl

Dodane przez: ~PutineQ (2008-07-06 15:38) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
ComboFix 08-07-05.1 - oem 2008-07-06 15:38:57.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1603 [GMT 2:00]
Running from: C:\\Documents and Settings\\oem\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\oem\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\Program Files\\Mininova\\tbMin0.dll
C:\\WINDOWS\\system32\\qtqcviec.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\system32\\qtqcviec.dll
.
---- Previous Run -------
.
C:\\Documents and Settings\\oem\\Dane aplikacji\\rhcnp2j0e79t
C:\\Documents and Settings\\Przemek\\Dane aplikacji\\rhcnp2j0e79t
C:\\Program Files\\rhcnp2j0e79t
C:\\WINDOWS\\axrfgvek.dll
C:\\WINDOWS\\emkn.exe
C:\\WINDOWS\\mrvtdpqe.exe
C:\\WINDOWS\\nqgpedlr.dll
C:\\WINDOWS\\OPTIONS\\CABS\\_desktop.ini
C:\\WINDOWS\\privacy_danger
C:\\WINDOWS\\privacy_danger\\images\\capt.gif
C:\\WINDOWS\\privacy_danger\\images\\danger.jpg
C:\\WINDOWS\\privacy_danger\\images\\down.gif
C:\\WINDOWS\\privacy_danger\\images\\spacer.gif
C:\\WINDOWS\\privacy_danger\\index.htm
C:\\WINDOWS\\resources\\RunOnceUnknown.dll
C:\\WINDOWS\\system32\\778670
C:\\WINDOWS\\system32\\778670\\778670.dll
C:\\WINDOWS\\system32\\cbXOIaYS.dll
C:\\WINDOWS\\system32\\cbXRJAts.dll
C:\\WINDOWS\\system32\\ceivcqtq.ini
C:\\WINDOWS\\system32\\ddcArRhh.dll
C:\\WINDOWS\\system32\\dloanqns.dll
C:\\WINDOWS\\system32\\fihjknnn.ini
C:\\WINDOWS\\system32\\fihjknnn.ini2
C:\\WINDOWS\\system32\\mcrh.tmp
C:\\WINDOWS\\system32\\nnnkjhif.dll
C:\\WINDOWS\\system32\\okwtejvr.ini
C:\\WINDOWS\\system32\\snqnaold.ini
C:\\WINDOWS\\system32\\snqnaold.ini2
C:\\WINDOWS\\system32\\snqnaold.tmp
C:\\WINDOWS\\system32\\SYaIOXbc.ini
C:\\WINDOWS\\system32\\SYaIOXbc.ini2
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-06 to 2008-07-06  )))))))))))))))))))))))))))))))
.
 
2008-07-06 15:29 . 2008-07-06 15:29     294     ---hs----       C:\\WINDOWS\\system32\\ceivcqtq.ini
2008-07-05 22:50 . 2008-07-05 22:50     <DIR>   d--------       C:\\Program Files\\Windows Sidebar
2008-07-05 22:49 . 2008-07-05 22:50     <DIR>   d--------       C:\\Program Files\\Symantec
2008-07-05 22:49 . 2008-07-05 23:14     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Symantec
2008-07-05 22:49 . 2008-07-05 22:50     123,952 --a------       C:\\WINDOWS\\system32\\drivers\\SYMEVENT.SYS
2008-07-05 22:49 . 2008-07-05 22:50     60,808  --a------       C:\\WINDOWS\\system32\\S32EVNT1.DLL
2008-07-05 22:49 . 2008-07-05 22:50     10,652  --a------       C:\\WINDOWS\\system32\\drivers\\SYMEVENT.CAT
2008-07-05 22:49 . 2008-07-05 22:50     806     --a------       C:\\WINDOWS\\system32\\drivers\\SYMEVENT.INF
2008-07-05 22:44 . 2008-07-05 22:44     <DIR>   d--------       C:\\Program Files\\Nowy folder
2008-07-05 22:44 . 2008-07-06 13:48     <DIR>   d--------       C:\\Program Files\\Common Files\\Symantec Shared
2008-06-28 22:32 . 2008-06-28 22:32     <DIR>   d--------       C:\\Program Files\\uTorrent
2008-06-28 22:31 . 2008-07-06 01:14     <DIR>   d--------       C:\\Documents and Settings\\oem\\Dane aplikacji\\uTorrent
2008-06-28 22:25 . 2008-06-28 22:25     <DIR>   d--------       C:\\Program Files\\Conduit
2008-06-11 12:35 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-11 12:35 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 12:54        ---------       d-----w C:\\Documents and Settings\\oem\\Dane aplikacji\\GanymedeNet
2008-06-27 12:07        ---------       d-----w C:\\Program Files\\Ganymede
2008-05-17 20:43        ---------       d-----w C:\\Documents and Settings\\oem\\Dane aplikacji\\SpeedSim
2008-05-08 12:28        202,752 ----a-w C:\\WINDOWS\\system32\\drivers\\rmcast.sys
2007-09-07 19:06        24,192  ----a-w C:\\Documents and Settings\\Rozalia\\usbsermptxp.sys
2007-09-07 19:06        22,768  ----a-w C:\\Documents and Settings\\Rozalia\\usbsermpt.sys
.
 
(((((((((((((((((((((((((((((   snapshot@2008-07-06_15.04.40.84   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 13:01:14   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
+ 2008-07-06 13:41:06   2,048   --s-a-w C:\\WINDOWS\\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\"=\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\" [2006-11-16 19:04 139264]
\"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2007-09-12 08:16 68856]
\"Gadu-Gadu\"=\"E:\\MARCIN\\PROGRAMY\\Gadu-Gadu\\gg.exe\" [2007-09-24 18:10 2119104]
\"ctfmon.exe\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"JMB36X IDE Setup\"=\"C:\\WINDOWS\\JM\\JMInsIDE.exe\" [2006-10-30 14:44 36864]
\"36X Raid Configurer\"=\"C:\\WINDOWS\\system32\\JMRaidSetup.exe\" [2007-02-06 14:08 1953792]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-04-12 17:44 8429568]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-04-12 17:44 81920]
\"NeroFilterCheck\"=\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2006-01-12 15:40 155648]
\"SpeedTouch USB Diagnostics\"=\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" [2004-01-26 11:38 866816]
\"Share-to-Web Namespace Daemon\"=\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\" [2002-04-17 10:42 69632]
\"REGSHAVE\"=\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" [2002-02-04 23:32 53248]
\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2007-05-11 14:06 40048]
\"ccApp\"=\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" [2007-08-24 23:07 51048]
\"osCheck\"=\"E:\\MARCIN\\PROGRAMY\\Norton\\osCheck.exe\" [2007-08-24 22:53 714608]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-04-12 11:33 16132608 C:\\WINDOWS\\RTHDCPL.exe]
\"nwiz\"=\"nwiz.exe\" [2007-04-12 17:44 1626112 C:\\WINDOWS\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Picasa Media Detector\"=\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\" [2007-09-28 03:17 443968]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
\"axrfgvek\"= {CEB8FDE1-0AB6-4B08-B67A-3A143566666F} - C:\\WINDOWS\\axrfgvek.dll [BU]
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Synchronizer.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BearShare]
--a------ 2006-08-01 17:04 3313664 E:\\MARCIN\\PROGRAMY\\BearShare\\BearShare.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\\WINDOWS\\system32\\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Picasa Media Detector]
--a------ 2007-09-28 03:17 443968 C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\swg]
--a------ 2007-09-12 08:16 68856 C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"UpdatesDisableNotify\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"E:\\\\MARCIN\\\\PROGRAMY\\\\BearShare\\\\BearShare.exe\"=
\"E:\\\\MARCIN\\\\PROGRAMY\\\\Gadu-Gadu\\\\gg.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\dpvsetup.exe\"=
\"E:\\\\MARCIN\\\\PROGRAMY\\\\Opera\\\\Opera.exe\"=
\"C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\"=
\"C:\\\\Documents and Settings\\\\oem\\\\Pulpit\\\\uTorrent.exe\"=
 
R0 AFPAnsi;G-DATA Hidder Ansi;C:\\WINDOWS\\system32\\Drivers\\AFPAnsi.sys [2002-10-09 16:53]
R1 GLogin;GLogin;C:\\WINDOWS\\system32\\drivers\\GLogin.sys [2007-06-14 15:14]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe [2007-08-24 23:07]
S2 KbdLockService;G DATA Keyboard Protector Service;C:\\WINDOWS\\system32\\KbdLockService.exe []
S3 COH_Mon;COH_Mon;C:\\WINDOWS\\system32\\Drivers\\COH_Mon.sys [2008-03-06 21:32]
 
.
Contents of the \'Scheduled Tasks\' folder
\"2007-11-02 01:52:00 C:\\WINDOWS\\Tasks\\Kalkulator.job\"
- C:\\WINDOWS\\system32\\calc.exe
\"2008-07-05 21:58:32 C:\\WINDOWS\\Tasks\\Norton AntiVirus - Uruchom pełne skanowanie systemu - oem.job\"
 
Wygenerowano w 0.065s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!