wklejto.pl

Dodane przez: ~Piterw (2008-07-07 17:34) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
ComboFix 08-07-05.1 - Piter 2008-07-07 16:57:08.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.163 [GMT 2:00]
Running from: C:\\Documents and Settings\\Piter\\Pulpit\\ComboFix.exe
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.
 
2008-07-07 16:54 . 2008-07-07 16:54     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-07-07 11:43 . 2008-07-07 11:43     54,156  --ah-----       C:\\WINDOWS\\QTFont.qfn
2008-07-07 11:43 . 2008-07-07 11:43     1,409   --a------       C:\\WINDOWS\\QTFont.for
2008-06-30 15:39 . 2008-06-30 15:39     <DIR>   d--------       C:\\c
2008-06-30 15:39 . 2008-02-20 19:23     19,083  --a------       C:\\virus remover by harsh.EXE
2008-06-30 15:39 . 2008-01-30 10:52     524     --a------       C:\\activate.reg
2008-06-30 15:38 . 2008-06-30 15:38     <DIR>   d--------       C:\\xn1i9x.com remover
2008-06-30 10:58 . 2008-06-30 10:58     <DIR>   d--------       C:\\Program Files\\Alwil Software
2008-06-11 02:04 . 2008-06-11 02:04     1,044,480       --a------       C:\\WINDOWS\\system32\\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04     200,704 --a------       C:\\WINDOWS\\system32\\ssldivx.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 09:27        ---------       d-----w C:\\Program Files\\DivX
2008-07-07 09:01        136     ----a-w C:\\WINDOWS\\system32\\drivers\\ALCICH.DAT
2008-06-30 11:09        ---------       d-----w C:\\Documents and Settings\\Piter\\Dane aplikacji\\uTorrent
2008-06-29 20:19        ---------       d-----w C:\\Program Files\\eMule
2008-06-29 13:59        ---------       d-----w C:\\Program Files\\FlashGet
2008-05-31 20:14        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-05-31 20:09        ---------       d-----w C:\\Program Files\\7-Zip
2008-05-21 19:13        ---------       d-----w C:\\Program Files\\Easy CD-DA Extractor 9
2008-05-21 19:08        ---------       d-----w C:\\Program Files\\CDex_150
2008-05-18 20:14        ---------       d-----w C:\\Program Files\\Google
2008-05-18 17:29        737,280 ----a-w C:\\WINDOWS\\iun6002.exe
2008-05-17 18:57        ---------       d-----w C:\\Program Files\\3D Live Snooker
2005-11-14 10:47        36      ----a-w C:\\Documents and Settings\\Piter\\klextlock.dat
2003-03-21 11:45        250,544 ----a-w C:\\Program Files\\Common Files\\keyhelp.ocx
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36        1267040 --a------       C:\\Program Files\\Winamp Toolbar\\winamptb.dll
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
\"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\"= \"C:\\Program Files\\Winamp Toolbar\\winamptb.dll\" [2008-03-20 00:36 1267040]
 
[HKEY_CLASSES_ROOT\\clsid\\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\\TypeLib\\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLToolBand]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
\"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\"= \"C:\\Program Files\\Winamp Toolbar\\winamptb.dll\" [2008-03-20 00:36 1267040]
 
[HKEY_CLASSES_ROOT\\clsid\\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\\TypeLib\\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\\WINAMPTB.AOLToolBand]
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 01:44 15360]
\"Konnekt_6b95416a_Piter\"=\"C:\\Program Files\\Konnekt\\konnekt.exe\" [2005-05-24 23:41 503808]
\"RamBooster\"=\"C:\\PROGRA~1\\RAMBOO~1\\RAMBOO~1.EXE\" [1999-10-07 14:43 469504]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2004-07-15 12:42 4112384]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 11:50 155648]
\"MULTIMEDIA KEYBOARD\"=\"C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe\" [2002-07-23 02:55 167936]
\"Acrobat Assistant 7.0\"=\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\" [2006-01-12 21:52 483328]
\"NetLimiter\"=\"C:\\Program Files\\NetLimiter\\NetLimiter.exe\" [2004-03-31 15:23 823296]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"PCSuiteTrayApplication\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2007-03-23 13:20 227328]
\"Auto EPSON Stylus DX3800 Series na Ncc-1701-g (Kopia 2)\"=\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE\" [2005-02-08 07:00 98304]
\"avast!\"=\"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2008-05-16 01:19 79224]
\"SoundMan\"=\"soundman.exe\" [2001-05-29 11:02 124416 C:\\WINDOWS\\soundman.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 01:44 15360]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-03-27 15:58 1744896]
 
C:\\Documents and Settings\\Piter\\Menu Start\\Programy\\Autostart\\
MagicDisc.lnk - C:\\Program Files\\MagicDisc\\MagicDisc.exe [2007-11-19 20:58:26 557568]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Adobe Acrobat Speed Launcher.lnk - C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000002}\\SC_Acrobat.exe [2005-02-07 11:40:54 25214]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
\"vidc.vp31\"= vp31vfw.dll
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Acrobat Speed Launcher.lnk
backup=C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk
backup=C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Microsoft Office.lnk
backup=C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Grzegorz^Menu Start^Programy^Autostart^BOINC Manager.lnk]
path=C:\\Documents and Settings\\Grzegorz\\Menu Start\\Programy\\Autostart\\BOINC Manager.lnk
backup=C:\\WINDOWS\\pss\\BOINC Manager.lnkStartup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Grzegorz^Menu Start^Programy^Autostart^Skrót do mirc.lnk]
path=C:\\Documents and Settings\\Grzegorz\\Menu Start\\Programy\\Autostart\\Skrót do mirc.lnk
backup=C:\\WINDOWS\\pss\\Skrót do mirc.lnkStartup
=
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DataLayer]
--a------ 2006-11-20 12:24 863744 C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Konnekt]
--a------ 2005-05-24 23:41 503808 C:\\Program Files\\Konnekt\\konnekt.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Konnekt_6b95416a_Grzesiu]
--a------ 2005-05-24 23:41 503808 C:\\Program Files\\Konnekt\\konnekt.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvMediaCenter]
--a------ 2004-07-15 12:42 81920 C:\\WINDOWS\\system32\\nvmctray.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
--a------ 2005-10-25 16:48 155648 C:\\Program Files\\QuickTime\\qttask.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RemoteControl]
--------- 2005-12-07 22:57 30208 C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services]
\"mnmsrvc\"=3 (0x3)
\"iPodService\"=3 (0x3)
\"BOINC\"=2 (0x2)
\"RichVideo\"=2 (0x2)
\"matlabserver\"=2 (0x2)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"C:\\\\Program Files\\\\Konnekt\\\\konnekt.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
\"C:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\"=
\"C:\\\\Program Files\\\\uTorrent\\\\utorrent.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"3389:TCP\"= 3389:TCP:@xpsp2res.dll,-22009
\"18744:TCP\"= 18744:TCP:BitComet 18744 TCP
\"18744:UDP\"= 18744:UDP:BitComet 18744 UDP
 
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\\WINDOWS\\system32\\drivers\\sfsync03.sys [2005-12-06 17:11]
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\\WINDOWS\\system32\\DRIVERS\\msikbd2k.sys [2001-12-20 10:02]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 nhksrv;Netropa NHK Server;C:\\Program Files\\Netropa\\Multimedia Keyboard\\nhksrv.exe [2001-08-06 07:41]
S2 FILESpy;FILESpy;C:\\Program Files\\Softwin\\BitDefender9\\filespy.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\\WINDOWS\\system32\\DRIVERS\\Amps2prt.sys []
S3 LUMDriver;LUMDriver;C:\\WINDOWS\\system32\\drivers\\LUMDriver.sys [2003-07-11 14:22]
S3 usb2vcom;USB to Serial Bridge Controller;C:\\WINDOWS\\system32\\Drivers\\usb2vcom.sys []
S4 BOINC;BOINC;C:\\Program Files\\BOINC\\boinc.exe [2005-11-29 02:54]
S4 Chaoogolns;Chaoogolns;C:\\WINDOWS\\system32\\drivers\\IdeChnDr.sys [2001-08-20 01:00]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0d0416a6-6af3-11da-b378-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{0f073066-3cdd-11da-8404-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{13281596-3f27-11da-9041-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{1dd338c6-7393-11da-a251-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{2168a144-1e30-11da-9d08-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{2168a146-1e30-11da-9d08-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{228ec5a1-673c-11d9-a7f0-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{26760c56-6b2a-11da-9cee-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{27b9cc94-1eea-11da-89f3-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{27b9cc96-1eea-11da-89f3-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{2ad25404-faf2-11db-8c52-0050fcfb3347}]
\\Shell\\AutoRun\\command - G:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{2f662ee6-40d1-11da-9462-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{34b26336-2ff9-11da-8381-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{395614a6-478b-11da-b46f-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{3ce38744-1d1e-11da-9d18-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{402cc9f4-1d1f-11da-9965-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{40870116-22a1-11da-8072-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{408f1652-d305-11da-89a3-0050bac909d2}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{491418e6-3d55-11da-a4f8-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{5341cfd4-b632-11d9-aa45-0050bac909d2}]
\\Shell\\AutoRun\\command - Total Commander PowerPack\\TCPowerPack.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{53948cd0-c355-11db-8b8b-0050fcfb3347}]
\\Shell\\AutoRun\\command - I:\\xn1i9x.com
\\Shell\\explore\\Command - I:\\xn1i9x.com
\\Shell\\open\\Command - I:\\xn1i9x.com
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{6fe6f696-1f9f-11da-ae7e-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{71de7ef6-7c86-11da-9865-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{77a9bfe6-26d3-11da-b417-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{7a1dacc6-2229-11da-8614-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{818311c6-4714-11da-a920-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{86d2dee6-4238-11da-8ab4-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{8b07f106-3829-11da-94a7-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{929d5146-7c76-11da-b99d-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{a20fa944-1e00-11da-a804-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{a525a3a6-4897-11da-91db-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b38a81f6-80eb-11da-8759-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{bbc4c626-65cc-11da-9833-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{be463746-7d5b-11da-be31-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\pc__8_3\\files\\autorun\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c26f0446-304a-11da-8123-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c7cb6fc4-1c93-11da-ad97-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{c8c249e6-22b6-11da-9591-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ce6ee2c6-7bb2-11da-93af-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ddb97a44-1eb7-11da-9a5d-806d6172696f}]
\\Shell\\AutoRun\\command - G:\\Setup.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ddb97a46-1eb7-11da-9a5d-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e1d0bba6-6895-11da-9291-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e3b446a6-66fe-11da-97ce-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e78e1616-52ad-11da-80cf-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ed32eec6-8992-11da-a3ee-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ef526860-31e5-11da-812f-0050fcfb3347}]
\\Shell\\AutoRun\\command - J:\\TotalCommanderPowerPack/TCPowerPack.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ef68f7e6-85aa-11da-a8ac-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\Autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{efa23457-a886-11da-9500-0050bac909d2}]
\\Shell\\AutoRun\\command - J:\\PStart.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{f53e74b6-3c90-11da-a21e-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{f6e81cb6-3a85-11da-9d46-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{fc33bf96-477f-11da-bd21-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{ffd23506-42d7-11da-99ce-806d6172696f}]
\\Shell\\AutoRun\\command - I:\\autorun.exe
 
*Newly Created Service* - CATCHME
.
Contents of the \'Scheduled Tasks\' folder
\"2005-03-21 17:24:23 C:\\WINDOWS\\Tasks\\Funkcja One Button Checkup pakietu Norton SystemWorks.job\"
- C:\\Program Files\\Norton SystemWorks\\OBC.exe
\"2005-03-27 22:00:00 C:\\WINDOWS\\Tasks\\Symantec Drmc.job\"
- C:\\Program Files\\Common Files\\Symantec Shared\\SymDrmc.exe
\"2005-08-31 10:47:45 C:\\WINDOWS\\Tasks\\Symantec NetDetect.job\"
- C:\\Program Files\\Symantec\\LiveUpdate\\NDETECT.EXE
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 16:59:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\\WINDOWS\\system32\\lsass.exe
-> C:\\Program Files\\NetLimiter\\nl_lsp.dll
-> C:\\WINDOWS\\system32\\nl_msgc.dll
.
Completion time: 2008-07-07 17:01:38
ComboFix-quarantined-files.txt  2008-07-07 15:01:20
ComboFix2.txt  2008-07-07 14:40:37
 
Pre-Run: 5,099,102,208 bajtów wolnych
Post-Run: 5,097,492,480 bajtów wolnych
 
278
 
Wygenerowano w 0.044s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!