wklejto.pl

Dodane przez: ~kordix (2008-07-07 19:03) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
ComboFix 08-07-05.1 - Ja 2008-07-07 18:47:24.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1522 [GMT 2:00]
Running from: C:\\Documents and Settings\\Ja\\Pulpit\\Combo-Fix.exe
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
J:\\autorun.inf
.
---- Previous Run -------
.
C:\\Program Files\\myglobalsearch
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\M9FFXTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\M9FFXTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\M9NTSTBR.JAR
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\M9NTSTBR.MANIFEST
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\M9PLUGIN.DLL
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\MGSBAR.DLL
C:\\Program Files\\myglobalsearch\\bar\\2.bin\\NPMYGLSH.DLL
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.
 
2008-07-07 18:07 . 2008-07-07 18:07     <DIR>   d--------       C:\\Program Files\\Avramovic Web Solutions
2008-07-04 17:38 . 2008-07-04 19:25     <DIR>   d--------       C:\\Program Files\\Mozilla Thunderbird
2008-07-04 17:38 . 2008-07-04 17:38     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\Thunderbird
2008-07-03 20:15 . 2008-07-03 20:15     500     --a------       C:\\RATUJ.DOC
2008-07-03 18:49 . 2008-07-03 18:49     <DIR>   d--------       C:\\Documents and Settings\\Stanisław\\AbiSuite
2008-07-03 18:49 . 2008-07-03 18:49     <DIR>   d--------       C:\\Documents and Settings\\Stanisław\\AbiSuite
2008-07-03 14:26 . 2008-07-03 14:26     <DIR>   d--------       C:\\Documents and Settings\\Stanisław\\Dane aplikacji\\OpenOffice.org2
2008-07-02 17:04 . 2008-07-02 17:04     8,294,454       --a------       C:\\WINDOWS\\startup.bmp
2008-07-02 17:04 . 2006-03-02 14:00     219,648 --a------       C:\\WINDOWS\\system32\\uxtheme.backup
2008-07-02 17:01 . 2008-07-02 17:04     <DIR>   d--------       C:\\WINDOWS\\VistaMizer
2008-06-30 18:35 . 2008-06-30 18:36     <DIR>   d--------       C:\\Program Files\\Torrent Master
2008-06-30 17:17 . 2008-07-01 17:07     <DIR>   d--------       C:\\Documents and Settings\\Ja\\AbiSuite
2008-06-30 17:09 . 2008-06-30 17:09     <DIR>   d--------       C:\\Program Files\\AbiSuite2
2008-06-29 12:39 . 2008-07-01 17:07     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\OpenOffice.org2
2008-06-29 12:36 . 2008-06-29 12:36     <DIR>   d--------       C:\\Program Files\\OpenOffice.org 2.4
2008-06-29 10:32 . 2008-06-29 10:32     0       --a------       C:\\WINDOWS\\amapi.INI
2008-06-27 12:54 . 2008-06-27 12:54     <DIR>   d--------       C:\\Program Files\\Pivot Stickfigure Animator
2008-06-26 18:04 . 2008-06-26 18:04     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\PCF-VLC
2008-06-26 18:03 . 2008-06-26 18:03     <DIR>   d--------       C:\\Program Files\\Participatory Culture Foundation
2008-06-26 18:03 . 2008-06-26 18:03     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\Participatory Culture Foundation
2008-06-25 14:41 . 2008-06-25 14:41     <DIR>   d--------       C:\\Program Files\\Common Files\\ArcSoft
2008-06-25 14:41 . 2004-05-04 11:53     1,645,320       --a------       C:\\WINDOWS\\system32\\gdiplus.dll
2008-06-25 14:41 . 2004-03-10 01:59     143,360 --a------       C:\\WINDOWS\\system32\\PhotoBase Screen Saver.scr
2008-06-25 14:41 . 2003-09-19 16:45     21,248  --a------       C:\\WINDOWS\\system32\\drivers\\pfc.sys
2008-06-25 14:40 . 2008-06-25 14:40     <DIR>   d--------       C:\\Program Files\\ArcSoft
2008-06-25 14:40 . 1995-07-31 12:44     212,480 --a------       C:\\WINDOWS\\PCDLIB32.DLL
2008-06-24 16:24 . 2008-06-24 16:24     <DIR>   d--------       C:\\Program Files\\Codemasters
2008-06-23 17:15 . 2008-06-23 17:15     <DIR>   d--------       C:\\Program Files\\MozBackup
2008-06-23 10:48 . 2008-06-23 10:48     448,348 --a------       C:\\WINDOWS\\system32\\prfh0415.dat
2008-06-23 10:48 . 2008-06-23 10:48     74,450  --a------       C:\\WINDOWS\\system32\\prfc0415.dat
2008-06-23 10:47 . 2008-06-23 10:47     <DIR>   d--------       C:\\Kopia _backup
2008-06-18 22:55 . 2008-06-18 22:55     <DIR>   d--------       C:\\Program Files\\Stardock
2008-06-12 20:03 . 2008-06-12 20:03     <DIR>   d--------       C:\\games
2008-06-11 17:04 . 2008-06-11 17:04     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\Ashampoo
2008-06-10 19:37 . 2008-06-10 20:08     <DIR>   d--------       C:\\Program Files\\ChomikBox
2008-06-08 17:34 . 2008-06-08 17:34     <DIR>   d--------       C:\\Documents and Settings\\Ja\\Dane aplikacji\\Diino
2008-06-08 14:42 . 2008-06-26 18:51     <DIR>   d--------       C:\\Bierzmowanie
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 16:49        ---------       d-----w C:\\Program Files\\Common Files\\Symantec Shared
2008-07-07 15:57        ---------       d-----w C:\\Program Files\\AutoConnect
2008-07-07 15:14        ---------       d-----w C:\\Program Files\\FlashGet
2008-07-07 14:58        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\Skype
2008-07-06 20:11        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\gtk-2.0
2008-07-06 16:27        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Symantec
2008-07-04 18:10        ---------       d-----w C:\\Program Files\\TuneUp Utilities 2007
2008-07-04 12:41        ---------       d-----w C:\\Program Files\\PogoSticker
2008-07-03 09:22        25,992  ----a-w C:\\WINDOWS\\system32\\pgdfgsvc.exe
2008-07-02 15:04        219,648 ----a-w C:\\WINDOWS\\system32\\uxtheme.dll
2008-06-25 12:40        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-23 15:23        ---------       d-----w C:\\Program Files\\Widelands
2008-06-23 15:22        ---------       d-----w C:\\Program Files\\IrfanView
2008-06-19 17:21        2,289,664       ----a-w C:\\WINDOWS\\system32\\TUKernel.exe
2008-06-16 20:08        ---------       d-----w C:\\Program Files\\neostrada tp
2008-06-05 13:57        ---------       d-----w C:\\Program Files\\Winamp Remote
2008-06-04 13:07        ---------       d-----w C:\\Program Files\\Winamp
2008-06-02 08:31        ---------       d-----w C:\\Program Files\\AIDA32 - Personal System Information
2008-06-01 13:34        805     ----a-w C:\\WINDOWS\\system32\\drivers\\SYMEVENT.INF
2008-06-01 13:34        60,800  ----a-w C:\\WINDOWS\\system32\\S32EVNT1.DLL
2008-06-01 13:34        123,952 ----a-w C:\\WINDOWS\\system32\\drivers\\SYMEVENT.SYS
2008-06-01 13:34        10,671  ----a-w C:\\WINDOWS\\system32\\drivers\\SYMEVENT.CAT
2008-06-01 13:34        ---------       d-----w C:\\Program Files\\Symantec
2008-06-01 09:11        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\BitTorrent
2008-06-01 07:38        ---------       d-----w C:\\Program Files\\Jahshaka
2008-06-01 07:37        86,016  ----a-w C:\\WINDOWS\\system32\\OpenAL32.dll
2008-06-01 07:37        262,144 ----a-w C:\\WINDOWS\\system32\\wrap_oal.dll
2008-06-01 07:37        ---------       d-----w C:\\Program Files\\OpenLibraries
2008-06-01 07:37        ---------       d-----w C:\\Program Files\\mlt
2008-06-01 07:37        ---------       d-----w C:\\Program Files\\gtk2
2008-05-31 20:07        ---------       d-----w C:\\Program Files\\Norton Internet Security
2008-05-31 14:58        108,144 ----a-w C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-05-31 14:48        ---------       d-----w C:\\Program Files\\THQ
2008-05-31 13:17        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\Serif
2008-05-31 13:05        ---------       d-----w C:\\Program Files\\Serif
2008-05-29 19:10        ---------       d-----w C:\\Program Files\\Opera
2008-05-29 15:59        ---------       d-----w C:\\Documents and Settings\\Stanisław\\Dane aplikacji\\gtk-2.0
2008-05-27 17:43        ---------       d-----w C:\\Program Files\\Sparkle
2008-05-27 14:19        ---------       d-----w C:\\Program Files\\SlySoft
2008-05-26 21:06        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\Tibia
2008-05-26 21:04        ---------       d-----w C:\\Program Files\\Tibia
2008-05-25 12:19        ---------       d-----w C:\\Program Files\\iTunes
2008-05-25 12:19        ---------       d-----w C:\\Program Files\\iPod
2008-05-25 12:18        ---------       d-----w C:\\Program Files\\QuickTime
2008-05-24 19:25        ---------       d-----w C:\\Program Files\\Team17
2008-05-23 15:04        315,392 ----a-w C:\\WINDOWS\\HideWin.exe
2008-05-23 15:04        ---------       d-----w C:\\Program Files\\Realtek
2008-05-22 21:12        ---------       d-----w C:\\Program Files\\Video mp3 Extractor
2008-05-22 18:10        ---------       d-----w C:\\Program Files\\RealVNC
2008-05-20 14:15        ---------       d-----w C:\\Program Files\\Executive Software
2008-05-19 15:39        164,352 ----a-w C:\\WINDOWS\\system32\\SpoonUninstall.exe
2008-05-19 15:39        ---------       d-----w C:\\Program Files\\Groovy Lime
2008-05-14 14:24        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TrackMania
2008-05-13 10:28        ---------       d-----w C:\\Program Files\\TmNationsForever
2008-05-13 08:24        ---------       d-----w C:\\Program Files\\GIMPshop
2008-05-12 08:47        ---------       d-----w C:\\Program Files\\DNA
2008-05-12 08:47        ---------       d-----w C:\\Program Files\\BitTorrent_DNA
2008-05-11 12:25        ---------       d-----w C:\\Program Files\\Koala
2008-05-10 17:37        ---------       d-----w C:\\Program Files\\Systweak Photo Studio V2
2008-05-10 17:37        ---------       d-----w C:\\Documents and Settings\\Ja\\Dane aplikacji\\Systweak
2008-04-12 12:02        19,552  ----a-w C:\\Documents and Settings\\Ja\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2008-02-07 19:18        17,976  ----a-w C:\\Documents and Settings\\Stanisław\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2006-06-23 12:48        32,768  ----a-w C:\\WINDOWS\\inf\\UpdateUSB.exe
2004-09-28 02:00        26,240  ----a-w C:\\WINDOWS\\inf\\RAMDSK.SYS
.
 
------- Sigcheck -------
 
2007-08-22 14:58  668160  07608337038c78cdaba8650089837a58      C:\\WINDOWS\\$hf_mig$\\KB939653\\SP2QFE\\wininet.dll
2007-10-11 08:11  668672  334d5a77651092b0d0ee79dd9e194517      C:\\WINDOWS\\$hf_mig$\\KB942615\\SP2QFE\\wininet.dll
2007-12-07 02:48  668672  5c0b1281e1245d2f4af571b21b0ab21f      C:\\WINDOWS\\$hf_mig$\\KB944533\\SP2QFE\\wininet.dll
2007-12-07 03:08  662016  d337ab52ead29afff58bc70bda22e9a4      C:\\WINDOWS\\SoftwareDistribution\\Download\\85c25307802ce7da8e16b341d8577ba4\\sp2gdr\\wininet.dll
2008-02-16 11:05  662016  37c7b292d6fcd9636d42c738cd288db8      C:\\WINDOWS\\SoftwareDistribution\\Download\\d60395829b8e75e863df2a5e0b559a5e\\sp2gdr\\wininet.dll
2008-02-16 11:32  668672  193f94d811881d00867aeb1d6780f44f      C:\\WINDOWS\\SoftwareDistribution\\Download\\d60395829b8e75e863df2a5e0b559a5e\\sp2qfe\\wininet.dll
2006-03-02 14:00  803840  fa593fc36ac2ed005c1ec09a3e991ec4      C:\\WINDOWS\\system32\\wininet.dll
2006-03-02 14:00  803840  fa593fc36ac2ed005c1ec09a3e991ec4      C:\\WINDOWS\\system32\\dllcache\\wininet.dll
2006-03-02 14:00  658944  d37dafb534ac8343d59a1b501abe852c      C:\\WINDOWS\\VistaMizer\\old\\wininet.dll
 
2006-03-02 14:00  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\system32\\winlogon.exe
2006-03-02 14:00  544256  87d414eba254e42649f4d0a00bb653c6      C:\\WINDOWS\\system32\\dllcache\\winlogon.exe
2006-03-02 14:00  504832  0344407089b08548d4feba62bb0f32d0      C:\\WINDOWS\\VistaMizer\\old\\winlogon.exe
 
2005-03-02 20:14  2058240  35d11fdc381536ab95e3005489131f44     C:\\WINDOWS\\$hf_mig$\\KB890859\\SP2QFE\\ntkrnlpa.exe
2007-02-28 18:09  2060672  2f4a36b1b03d64fb176cb0f3eb597118     C:\\WINDOWS\\$hf_mig$\\KB931784\\SP2QFE\\ntkrnlpa.exe
2007-02-28 18:04  2058880  2bdc1a6cefe320e9c39fabf1961ebb9d     C:\\WINDOWS\\SoftwareDistribution\\Download\\a5506577491f4ecc1370b18df3c5a494\\sp2gdr\\ntkrnlpa.exe
2005-03-02 20:08  2058112  0f6990820c6ce0a7a911fae5937ef1f6     C:\\WINDOWS\\SoftwareDistribution\\Download\\ef0eb4021a89170edd4d57c53df1dbef\\sp2gdr\\ntkrnlpa.exe
2006-03-02 14:00  2273792  cec61675ec045c782411f3c8f3b10222     C:\\WINDOWS\\system32\\ntkrnlpa.exe
2006-03-02 14:00  2016768  33fdad88eec315ee4cfb147fb19fd2b6     C:\\WINDOWS\\VistaMizer\\old\\ntkrnlpa.exe
 
2005-03-02 20:14  2180864  dba3e4215279c8012b37d2135b531258     C:\\WINDOWS\\$hf_mig$\\KB890859\\SP2QFE\\ntoskrnl.exe
2007-02-28 18:09  2183424  c450518ef9acc02a2d799698021e31a8     C:\\WINDOWS\\$hf_mig$\\KB931784\\SP2QFE\\ntoskrnl.exe
2007-02-28 18:04  2181632  c378be3a1edc5e4421d428655ac4a48c     C:\\WINDOWS\\SoftwareDistribution\\Download\\a5506577491f4ecc1370b18df3c5a494\\sp2gdr\\ntoskrnl.exe
2005-03-02 20:09  2180608  3f3612846d67352468d2286fc23fb0c2     C:\\WINDOWS\\SoftwareDistribution\\Download\\ef0eb4021a89170edd4d57c53df1dbef\\sp2gdr\\ntoskrnl.exe
2006-03-02 14:00  2406912  2bd0ae86279790504c2d54de8c3029cd     C:\\WINDOWS\\system32\\ntoskrnl.exe
2006-03-02 14:00  2149888  a1b8225d45ef88fa294fe1e371bb594a     C:\\WINDOWS\\VistaMizer\\old\\ntoskrnl.exe
 
2006-03-02 14:00  1551872  fe6ddf00b672c3647b9f20e09b7774ee     C:\\WINDOWS\\explorer.exe
2007-06-13 15:12  1034752  8db0650b211425b9cdb7d1c4a8f6b482     C:\\WINDOWS\\$hf_mig$\\KB938828\\SP2QFE\\explorer.exe
2007-06-13 15:23  1034752  029a562e81bbee088c61d418bf408f44     C:\\WINDOWS\\SoftwareDistribution\\Download\\8d454b309577cd5649a81b0f39c2c9c7\\sp2gdr\\explorer.exe
2006-03-02 14:00  1551872  fe6ddf00b672c3647b9f20e09b7774ee     C:\\WINDOWS\\system32\\dllcache\\explorer.exe
2006-03-02 14:00  1033728  379098a96e6c165b659de7e4328010ea     C:\\WINDOWS\\VistaMizer\\old\\explorer.exe
 
2006-03-02 14:00  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\system32\\ctfmon.exe
2006-03-02 14:00  25088  36eab91ffd244d3202830e417c45e0a5       C:\\WINDOWS\\system32\\dllcache\\ctfmon.exe
2006-03-02 14:00  15360  cbfa30492d70ce3938d8a7783d0c0436       C:\\WINDOWS\\VistaMizer\\old\\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"AutoConnect\"=\"C:\\Program Files\\AutoConnect\\AutoConnect.exe\" [2006-12-03 01:14 310784]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Google Desktop Search\"=\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" [2008-05-25 10:54 29744]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-12-05 01:41 8523776]
\"CloneCDTray\"=\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" [2005-05-19 15:47 57344]
\"ccApp\"=\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" [2007-01-09 23:59 115816]
\"osCheck\"=\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\" [2007-01-14 01:11 771704]
\"WinampAgent\"=\"C:\\Program Files\\Winamp\\winampa.exe\" [2008-04-01 20:49 36352]
\"TkBellExe\"=\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" [2008-04-15 20:59 185896]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2006-03-02 14:00 25088]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"DisableStatusMessages\"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"NoLowDiscSpaceChecks\"= 000000000000f03f
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
\"AppInit_DLLs\"=C:\\PROGRA~1\\Google\\GOOGLE~3\\GoogleDesktopNetwork3.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"VIDC.YV12\"= yv12vfw.dll
HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\amva
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BearShare]
--a------ 2006-08-01 18:04 3313664 C:\\Program Files\\BearShare\\BearShare.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\\Program Files\\iTunes\\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\\WINDOWS\\system32\\nvcpl.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\\Program Files\\QuickTime\\QTTask.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Alcmtr]
-r------- 2005-05-03 20:43 69632 C:\\WINDOWS\\Alcmtr.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RTHDCPL]
-r------- 2007-03-21 16:49 16126464 C:\\WINDOWS\\RTHDCPL.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run-]
\"iTunesHelper\"=\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
\"BearShare\"=\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause
\"NvCplDaemon\"=RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
\"WinampAgent\"=\"C:\\Program Files\\Winamp\\winampa.exe\"
\"TkBellExe\"=\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot
\"MSConfig\"=C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Common Files\\\\Ahead\\\\Nero Web\\\\SetupX.exe\"=
\"C:\\\\Program Files\\\\eMule\\\\eMule.exe\"=
\"C:\\\\Program Files\\\\Real\\\\RealPlayer\\\\realplay.exe\"=
\"C:\\\\Program Files\\\\BitTorrent_DNA\\\\dna.exe\"=
\"C:\\\\Program Files\\\\BitTorrent\\\\bittorrent.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\dplaysvr.exe\"=
\"C:\\\\Program Files\\\\Eggsucker\\\\eggsucker.exe\"=
\"C:\\\\Program Files\\\\FlashGet\\\\flashget.exe\"=
\"C:\\\\Program Files\\\\LittleFighter2\\\\LF2_v1.9c\\\\lf2.exe\"=
\"C:\\\\Program Files\\\\Valve\\\\hl.exe\"=
\"C:\\\\Program Files\\\\Valve\\\\hltv.exe\"=
\"C:\\\\Documents and Settings\\\\All Users\\\\Dane aplikacji\\\\Kaspersky Lab Setup Files\\\\Kaspersky Anti-Virus 7.0.1.325\\\\Polish\\\\setup.exe\"=
\"C:\\\\Program Files\\\\VUGames\\\\Tribes Zemsta\\\\Program\\\\Bin\\\\TV_CD_DVD.exe\"=
\"C:\\\\totalcmd\\\\TOTALCMD.EXE\"=
\"C:\\\\Program Files\\\\Rockstar Games\\\\GTA2\\\\gta2.exe\"=
\"C:\\\\Program Files\\\\BearShare\\\\BearShare.exe\"=
\"C:\\\\Program Files\\\\DNA\\\\btdna.exe\"=
\"C:\\\\Program Files\\\\iTunes\\\\iTunes.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
R2 UxTuneUp;TuneUp Theme Extension;C:\\WINDOWS\\System32\\svchost.exe [2006-03-02 14:00]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\\WINDOWS\\system32\\DRIVERS\\atl01_xp.sys [2007-03-15 16:12]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\\WINDOWS\\system32\\DRIVERS\\e4usbaw.sys [2006-09-19 11:03]
R3 NmPar;MosChip PCI Parallel Port;C:\\WINDOWS\\system32\\DRIVERS\\NmPar.sys [2007-01-12 05:08]
S1 HekkoVirtualCD;Hekko Virtual CD Driver;C:\\WINDOWS\\system32\\Drivers\\hvcd.sys []
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\\WINDOWS\\system32\\Drivers\\e4ldr.sys [2006-09-15 11:07]
S3 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe [2008-05-25 10:54]
S3 K320bus;Sony Ericsson K320 driver (WDM);C:\\WINDOWS\\system32\\DRIVERS\\K320bus.sys [2006-08-18 11:10]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;C:\\WINDOWS\\system32\\DRIVERS\\K320mdfl.sys [2006-08-18 12:10]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;C:\\WINDOWS\\system32\\DRIVERS\\K320mdm.sys [2006-08-18 12:10]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);C:\\WINDOWS\\system32\\DRIVERS\\K320mgmt.sys [2006-08-18 11:10]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;C:\\WINDOWS\\system32\\DRIVERS\\K320obex.sys [2006-08-18 11:10]
S3 SER120;OTI Serial port driver;C:\\WINDOWS\\system32\\DRIVERS\\SER120.sys [2005-03-22 11:03]
 
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost  - NetSvcs
UxTuneUp
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{46846c95-cbe0-11dc-b4a1-4d6564696130}]
\\Shell\\AutoRun\\command - x6.bat
\\Shell\\explore\\Command - x6.bat
\\Shell\\open\\Command - x6.bat
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{6526c66f-4b77-11dd-b7c1-4d6564696130}]
\\Shell\\AutoRun\\command - C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe
\\Shell\\Open(&0)\\command - Recycled\\ctfmon.exe
 
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the \'Scheduled Tasks\' folder
\"2008-07-04 15:16:06 C:\\WINDOWS\\Tasks\\1-Click Maintenance.job\"
- C:\\Program Files\\TuneUp Utilities 2007\\SystemOptimizer.exe
\"2008-06-16 18:51:15 C:\\WINDOWS\\Tasks\\Norton Internet Security - Run Full System Scan - Ja.job\"
- C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\Navw32.exef/TASK:
.
- - - - ORPHANS REMOVED - - - -
 
WebBrowser-{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - (no file)
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 18:49:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-07 18:49:37
ComboFix-quarantined-files.txt  2008-07-07 16:49:35
 
Pre-Run: 93,093,273,600 bajtów wolnych
Post-Run: 93,150,269,440 bajtów wolnych
 
286     --- E O F ---   2008-07-06 16:34:49
 
Wygenerowano w 0.140s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!