wklejto.pl

Dodane przez: ~astaroth (2008-07-08 16:48) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
ComboFix 08-07-07.3 - ` 2008-07-08 16:22:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1033.18.994 [GMT 2:00]
Running from: C:\\Users\\`\\Desktop\\ComboFix.exe
Command switches used :: C:\\Users\\`\\Desktop\\CFScript.txt
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Service_AOJD
-------\\Service_IUE
-------\\Service_SSWP
-------\\Service_ZYQMEAE
 
 
(((((((((((((((((((((((((   Files Created from 2008-06-08 to 2008-07-08  )))))))))))))))))))))))))))))))
.
 
2008-07-07 18:33 . 2008-07-07 18:33     <DIR>   d--------       C:\\Users\\All Users\\WindowsSearch
2008-07-07 18:33 . 2008-07-07 18:33     <DIR>   d--------       C:\\ProgramData\\WindowsSearch
2008-07-07 11:57 . 2008-07-07 23:07     <DIR>   d--------       C:\\Program Files\\Windows Live Safety Center
2008-07-07 11:54 . 2008-07-08 09:06     <DIR>   d--------       C:\\Users\\`\\DoctorWeb
2008-07-07 11:52 . 2008-07-07 11:52     <DIR>   d--------       C:\\Windows\\System32\\Kaspersky Lab
2008-07-07 09:19 . 2008-07-07 11:03     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\Grig Software
2008-07-07 09:19 . 2008-07-07 09:19     <DIR>   d--------       C:\\Program Files\\Compare It!
2008-07-06 23:09 . 2008-07-06 23:09     <DIR>   d--------       C:\\Program Files\\NiemPol
2008-07-06 23:09 . 2000-07-03 18:34     81,920  --a------       C:\\Windows\\System32\\SystemHook.dll
2008-07-06 23:09 . 2002-09-03 16:46     36,864  --a------       C:\\Windows\\System32\\XPButton.ocx
2008-07-06 21:01 . 2008-07-06 21:01     <DIR>   d--------       C:\\Program Files\\aod
2008-07-06 21:01 . 2008-07-06 21:01     <DIR>   d--------       C:\\My Music
2008-07-05 23:52 . 2008-07-05 23:52     <DIR>   d--------       C:\\Program Files\\SiSoftware
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Videos
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Searches
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Saved Games
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Pictures
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Music
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Links
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Downloads
2008-07-05 22:54 . 2008-07-05 22:54     <DIR>   dr-------       C:\\Windows\\System32\\config\\systemprofile\\Documents
2008-07-05 22:49 . 2008-07-05 22:50     36,429,824      --a------       C:\\Windows\\System32\\ZTCUQAELEYG
2008-07-05 22:34 . 2008-07-05 22:34     <DIR>   d--------       C:\\Program Files\\CCleaner
2008-07-05 21:37 . 2008-07-05 21:37     <DIR>   d--------       C:\\Program Files\\BlackIsle
2008-07-05 21:37 . 2008-07-05 21:37     52,736  --a------       C:\\Windows\\ipuninst.exe
2008-07-02 00:42 . 2008-07-08 09:23     <DIR>   d--------       C:\\Program Files\\WinClamAVShield
2008-07-01 23:37 . 2008-07-07 14:50     <DIR>   d--------       C:\\Users\\All Users\\Spyware Terminator
2008-07-01 23:37 . 2008-07-08 11:00     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\Spyware Terminator
2008-07-01 23:37 . 2008-07-07 14:50     <DIR>   d--------       C:\\ProgramData\\Spyware Terminator
2008-07-01 23:37 . 2008-07-07 12:01     <DIR>   d--------       C:\\Program Files\\Spyware Terminator
2008-07-01 23:37 . 2008-07-01 23:37     141,312 --a------       C:\\Windows\\System32\\drivers\\sp_rsdrv2.sys
2008-07-01 23:14 . 2008-07-01 23:14     <DIR>   d--------       C:\\Program Files\\Trend Micro
2008-07-01 23:11 . 2007-01-18 14:00     3,968   --a------       C:\\Windows\\System32\\drivers\\AvgArCln.sys
2008-07-01 17:30 . 2008-07-01 17:30     0       --ah-----       C:\\Windows\\System32\\drivers\\Msft_User_WpdFs_01_00_00.Wdf
2008-07-01 13:36 . 2008-07-01 13:36     <DIR>   d--------       C:\\PerfLogs
2008-07-01 11:09 . 2008-01-19 09:35     4,875,776       --a------       C:\\Windows\\System32\\NlsData0009.dll
2008-07-01 11:08 . 2008-01-19 09:35     9,847,296       --a------       C:\\Windows\\System32\\NlsData000a.dll
2008-07-01 11:07 . 2008-01-19 09:32     5,714,432       --a------       C:\\Windows\\System32\\logon.scr
2008-07-01 11:06 . 2008-01-19 08:06     8,147,456       --a------       C:\\Windows\\System32\\wmploc.DLL
2008-07-01 11:05 . 2008-01-19 09:36     704,512 --a------       C:\\Windows\\System32\\SmiEngine.dll
2008-07-01 11:05 . 2008-01-19 09:36     357,888 --a------       C:\\Windows\\System32\\wbemcomn.dll
2008-07-01 11:05 . 2008-01-19 09:36     218,624 --a------       C:\\Windows\\System32\\wdscore.dll
2008-07-01 11:05 . 2008-01-19 09:36     139,264 --a------       C:\\Windows\\System32\\SmiInstaller.dll
2008-07-01 11:05 . 2008-01-19 09:33     130,560 --a------       C:\\Windows\\System32\\PkgMgr.exe
2008-07-01 11:04 . 2008-01-19 09:34     305,152 --a------       C:\\Windows\\System32\\msdelta.dll
2008-07-01 11:04 . 2008-01-19 09:34     258,560 --a------       C:\\Windows\\System32\\dpx.dll
2008-07-01 11:04 . 2008-01-19 09:34     246,784 --a------       C:\\Windows\\System32\\drvstore.dll
2008-07-01 11:04 . 2008-01-19 09:35     35,328  --a------       C:\\Windows\\System32\\mspatcha.dll
2008-07-01 11:04 . 2006-11-02 11:39     6,656   --a------       C:\\Windows\\System32\\kbd106.dll
2008-06-29 22:16 . 2008-06-29 22:16     <DIR>   d--------       C:\\Program Files\\Longman
2008-06-29 19:57 . 2008-06-29 19:57     <DIR>   d--------       C:\\NeverwinterNights
2008-06-29 19:47 . 2008-06-29 19:47     <DIR>   d--------       C:\\Program Files\\directx
2008-06-29 19:47 . 2008-06-29 19:47     0       --a------       C:\\Windows\\DXT6958.tmp
2008-06-29 19:44 . 2008-06-29 19:44     0       --a------       C:\\Windows\\DXT9DA2.tmp
2008-06-29 19:44 . 2008-06-29 19:44     0       --a------       C:\\Windows\\DXT9D72.tmp
2008-06-29 19:42 . 2008-06-29 19:42     <DIR>   d--------       C:\\Program Files\\Cryo
2008-06-29 19:28 . 2008-06-29 19:28     <DIR>   d--------       C:\\Program Files\\SSI
2008-06-29 10:32 . 1999-12-13 01:01     44,032  ---------       C:\\Windows\\System32\\CTSVCCDA.EXE
2008-06-29 10:32 . 1999-11-18 01:00     25,088  ---------       C:\\Windows\\System32\\CTSVCCTL.EXE
2008-06-28 22:23 . 2008-07-08 16:30     4       --a------       C:\\Windows\\System32\\msdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-06-28 22:23 . 2008-07-08 16:28     4       --a------       C:\\Windows\\System32\\fsdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-06-28 22:19 . 2008-06-28 22:19     <DIR>   d--------       C:\\Program Files\\GFI
2008-06-28 22:16 . 2008-06-28 22:16     <DIR>   d--------       C:\\Program Files\\Common Files\\Wise Installation Wizard
2008-06-28 14:15 . 2008-06-28 14:15     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\PC Tools
2008-06-28 14:15 . 2008-07-08 09:55     <DIR>   d--------       C:\\Program Files\\Spyware Doctor
2008-06-28 14:15 . 2008-06-10 21:22     81,288  --a------       C:\\Windows\\System32\\drivers\\iksyssec.sys
2008-06-28 14:15 . 2008-06-02 15:19     66,952  --a------       C:\\Windows\\System32\\drivers\\iksysflt.sys
2008-06-28 14:15 . 2008-06-02 15:19     42,376  --a------       C:\\Windows\\System32\\drivers\\ikfilesec.sys
2008-06-28 14:15 . 2008-06-02 15:19     29,576  --a------       C:\\Windows\\System32\\drivers\\kcom.sys
2008-06-28 14:04 . 2008-05-16 01:18     50,768  --a------       C:\\Windows\\System32\\drivers\\aswMonFlt.sys
2008-06-28 14:03 . 2008-06-28 14:03     <DIR>   d--------       C:\\Program Files\\Alwil Software
2008-06-28 13:30 . 2008-06-28 13:30     <DIR>   d--------       C:\\Users\\All Users\\Kaspersky Lab Setup Files
2008-06-28 13:30 . 2008-06-28 13:30     <DIR>   d--------       C:\\ProgramData\\Kaspersky Lab Setup Files
2008-06-18 13:04 . 2008-06-18 13:04     <DIR>   d--------       C:\\Program Files\\ElectriCalm 3D Screensaver
2008-06-17 11:43 . 2008-06-17 11:43     <DIR>   d--------       C:\\Program Files\\Common Files\\GIS
2008-06-17 11:40 . 2008-06-17 11:43     <DIR>   d--------       C:\\Program Files\\Common Files\\mapserv
2008-06-17 11:27 . 2008-06-17 11:27     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\InstallShield
2008-06-17 10:15 . 2008-06-17 10:15     0       --a------       C:\\Windows\\nsreg.dat
2008-06-14 18:48 . 2008-04-23 06:42     428,544 --a------       C:\\Windows\\System32\\EncDec.dll
2008-06-14 18:48 . 2008-04-23 06:42     293,376 --a------       C:\\Windows\\System32\\psisdecd.dll
2008-06-14 18:48 . 2008-04-23 06:41     218,624 --a------       C:\\Windows\\System32\\psisrndr.ax
2008-06-14 18:48 . 2008-01-19 09:33     80,896  --a------       C:\\Windows\\System32\\MSNP.ax
2008-06-14 18:48 . 2008-01-19 09:33     69,632  --a------       C:\\Windows\\System32\\Mpeg2Data.ax
2008-06-14 18:48 . 2008-04-23 06:41     57,856  --a------       C:\\Windows\\System32\\MSDvbNP.ax
2008-06-14 00:45 . 2008-06-14 00:45     <DIR>   d--------       C:\\Users\\All Users\\Auslogics
2008-06-14 00:45 . 2008-06-14 00:45     <DIR>   d--------       C:\\ProgramData\\Auslogics
2008-06-13 13:18 . 2008-06-13 13:18     <DIR>   d--------       C:\\Program Files\\Edgard Multimedia
2008-06-13 11:44 . 2008-06-13 11:44     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\AVS4YOU
2008-06-13 10:25 . 2008-06-13 10:25     <DIR>   d--------       C:\\Users\\All Users\\AVS4YOU
2008-06-13 10:25 . 2008-06-13 10:25     <DIR>   d--------       C:\\ProgramData\\AVS4YOU
2008-06-13 10:24 . 2008-06-13 10:25     <DIR>   d--------       C:\\Program Files\\Common Files\\AVSMedia
2008-06-13 10:24 . 2008-06-13 10:25     <DIR>   d--------       C:\\Program Files\\AVS4YOU
2008-06-12 20:17 . 2008-06-17 11:43     <DIR>   d--------       C:\\Program Files\\map&guide professional Version 13
2008-06-12 20:07 . 2004-11-08 11:00     523,024 ---------       C:\\Windows\\System32\\msxml.dll
2008-06-12 20:06 . 2008-06-17 10:38     <DIR>   d--------       C:\\Program Files\\fleet navigator 4
2008-06-11 19:40 . 2008-06-11 19:40     <DIR>   d--------       C:\\Users\\All Users\\Age of Empires 3
2008-06-11 19:40 . 2008-06-11 19:40     <DIR>   d--------       C:\\ProgramData\\Age of Empires 3
2008-06-11 18:45 . 2008-06-11 18:45     <DIR>   d--------       C:\\Program Files\\Common Files\\Microsoft Games
2008-06-10 19:58 . 2008-06-10 19:58     <DIR>   d--------       C:\\Program Files\\Speed Reader PL
2008-06-10 15:25 . 2008-06-13 19:09     <DIR>   d--------       C:\\Users\\`\\AppData\\Roaming\\Auslogics
2008-06-10 15:25 . 2008-06-13 17:50     <DIR>   d--------       C:\\Program Files\\Auslogics
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 14:30        ---------       d---a-w C:\\ProgramData\\TEMP
2008-07-08 14:28        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\uTorrent
2008-07-08 06:57        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\Skype
2008-07-08 06:06        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\skypePM
2008-07-06 20:54        ---------       d-----w C:\\Program Files\\Common Files\\Real
2008-07-06 16:23        ---------       d-----w C:\\ProgramData\\Roxio
2008-07-06 07:54        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-06 07:46        ---------       d-----w C:\\Program Files\\Google
2008-07-05 20:50        26,955  ----a-w C:\\Users\\`\\AppData\\Roaming\\nvModes.dat
2008-07-01 13:27        ---------       d-----w C:\\ProgramData\\Creative
2008-07-01 11:55        ---------       d-----w C:\\ProgramData\\NVIDIA
2008-07-01 11:50        174     --sha-w C:\\Program Files\\desktop.ini
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Sidebar
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Photo Gallery
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Mail
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Journal
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Defender
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Collaboration
2008-07-01 11:37        ---------       d-----w C:\\Program Files\\Windows Calendar
2008-07-01 11:22        82,432  ----a-w C:\\Windows\\System32\\axaltocm.dll
2008-07-01 11:22        101,888 ----a-w C:\\Windows\\System32\\ifxcardm.dll
2008-06-29 20:29        ---------       d-----w C:\\Program Files\\Microsoft Games
2008-06-29 08:35        ---------       d--h--w C:\\Program Files\\Creative Installation Information
2008-06-29 08:29        409,600 ----a-w C:\\Windows\\System32\\wrap_oal.dll
2008-06-29 08:29        114,688 ----a-w C:\\Windows\\System32\\OpenAL32.dll
2008-06-29 07:11        ---------       d-----w C:\\Program Files\\WinTV
2008-06-28 22:30        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\BearShare
2008-06-28 11:27        ---------       d-----w C:\\Program Files\\Common Files\\Symantec Shared
2008-06-28 11:25        ---------       d-----w C:\\ProgramData\\Symantec
2008-06-18 11:43        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\Roxio
2008-06-15 11:13        ---------       d-----w C:\\Program Files\\BearShare Applications
2008-06-14 17:34        722     ----a-w C:\\Users\\`\\AppData\\Roaming\\wklnhst.dat
2008-06-13 17:51        ---------       d-----w C:\\ProgramData\\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-06-13 17:51        ---------       d-----w C:\\Program Files\\Modem Diagnostic Tool
2008-06-13 17:50        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\LimeWire
2008-06-13 06:22        ---------       d-----w C:\\Program Files\\Yahoo!
2008-06-10 20:14        ---------       d-----w C:\\ProgramData\\Dell
2008-06-10 15:59        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\GHISLER
2008-06-10 15:58        ---------       d-----w C:\\Program Files\\MoorHunt
2008-06-10 08:55        ---------       d-----w C:\\ProgramData\\HPSSUPPLY
2008-05-15 20:26        ---------       d-----w C:\\Program Files\\Common Files\\Onet.pl
2008-05-15 20:25        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\Flircik
2008-05-15 20:25        ---------       d-----w C:\\Users\\`\\AppData\\Roaming\\AutoUpdate
2008-05-10 01:33        113,664 ----a-w C:\\Windows\\system32\\drivers\\rmcast.sys
2008-04-29 03:54        181,760 ----a-w C:\\Windows\\System32\\fsquirt.exe
2008-04-26 08:08        1,314,816       ----a-w C:\\Windows\\System32\\quartz.dll
2008-04-25 04:35        826,880 ----a-w C:\\Windows\\System32\\wininet.dll
2007-12-26 19:36        32      ----a-w C:\\Users\\All Users\\ezsid.dat
2007-12-26 19:36        32      ----a-w C:\\ProgramData\\ezsid.dat
2007-11-20 19:07        76      --sh--r C:\\Windows\\CT4CET.bin
2008-01-17 17:16        16,384  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat
2008-01-17 17:16        32,768  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat
2008-01-17 17:16        16,384  --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"uTorrent\"=\"C:\\Users\\`\\Program Files\\uTorrent\\uTorrent.exe\" [2008-02-08 19:34 219952]
\"ISUSPM\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" [2006-03-20 19:34 213936]
\"WMPNSCFG\"=\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\" [2008-01-19 09:33 202240]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-04-28 02:35 857648]
\"OEM02Mon.exe\"=\"C:\\Windows\\OEM02Mon.exe\" [2007-08-29 07:54 36864]
\"SunJavaUpdateSched\"=\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\" [2007-11-20 20:59 77824]
\"DELL Webcam Manager\"=\"C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe\" [2007-07-27 18:43 118784]
\"RoxWatchTray\"=\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\" [2006-11-05 13:22 221184]
\"PCMService\"=\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\" [2007-04-16 18:10 184320]
\"dscactivate\"=\"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\" [2007-11-15 11:24 16384]
\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2007-05-11 05:06 40048]
\"PWRISOVM.EXE\"=\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\" [2008-01-20 09:05 217088]
\"ISUSPM\"=\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" [2006-03-20 19:34 213936]
\"ISTray\"=\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\" [2008-06-10 21:22 1163656]
\"VolPanel\"=\"C:\\Program Files\\Creative\\SBAudigy\\Volume Panel\\VolPanlu.exe\" [2006-11-27 09:14 180224]
\"NvSvc\"=\"C:\\Windows\\system32\\nvsvc.dll\" [2007-09-25 10:41 86016]
\"NvCplDaemon\"=\"C:\\Windows\\system32\\NvCpl.dll\" [2007-09-25 10:40 8478720]
\"NvMediaCenter\"=\"C:\\Windows\\system32\\NvMcTray.dll\" [2007-09-25 10:40 81920]
\"NVHotkey\"=\"C:\\Windows\\system32\\nvHotkey.dll\" [2007-09-25 10:40 81920]
\"SpywareTerminator\"=\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\" [2008-07-01 23:37 1817600]
\"DellSupportCenter\"=\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" [2007-11-15 11:23 202544]
 
C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
Bluetooth.lnk - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe [11/3/2006 7:55:50 PM 703280]
Digital Line Detect.lnk - C:\\Program Files\\Digital Line Detect\\DLG.exe [11/20/2007 9:00:41 PM 50688]
HP Digital Imaging Monitor.lnk - C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [3/11/2007 9:26:24 PM 210520]
QuickSet.lnk - C:\\Windows\\Installer\\{7F0C4457-8E64-491B-8D7B-991504365D1E}\\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [11/20/2007 9:03:05 PM 45056]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"EnableUIADesktopToggle\"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.ac3filter\"= ac3filter.acm
\"msacm.l3codec\"= l3codecp.acm
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DellSupportCenter]
--a------ 2007-11-15 11:23 202544 C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ECenter]
--a------ 2007-05-25 08:03 17920 C:\\DELL\\E-Center\\EULALauncher.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ISUSScheduler]
--a------ 2006-03-20 19:34 86960 C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Onet.pl AutoUpdate]
--a------ 2006-02-08 16:40 260096 C:\\Program Files\\Common Files\\Onet.pl\\AutoUpdate.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\UpdReg]
--------- 2000-05-11 01:00 90112 C:\\Windows\\Updreg.EXE
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\\Program Files\\Winamp\\winampa.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\McAfeeAntiSpyware]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecAntiVirus]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\SymantecFirewall]
\"DisableMonitoring\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc\\S-1-5-21-1500205620-3224671638-30330247-1000]
\"EnableNotificationsRef\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\FirewallRules]
\"{2811DF78-A53E-456F-924F-DF464AFC679D}\"= UDP:C:\\Program Files\\LimeWire\\LimeWire.exe:LimeWire
\"{C53007AC-752F-49EF-9442-E6FBB912D340}\"= TCP:C:\\Program Files\\LimeWire\\LimeWire.exe:LimeWire
\"{3474D7D1-E82B-46A2-9D3F-EF709FD6AEE2}\"= C:\\Program Files\\Cyberlink\\PowerDVD\\PowerDVD.EXE:CyberLink PowerDVD
\"{B61C08C7-9461-4161-9C08-A06E555B7300}\"= UDP:C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:Age of Empires III - The Asian Dynasties
\"{98CCA0B3-6A04-4DA3-9633-F216C774D2C7}\"= TCP:C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:Age of Empires III - The Asian Dynasties
\"TCP Query User{8AB92150-4014-497B-9E07-0FBED91AAC56}C:\\\\users\\\\`\\\\documents\\\\downloads\\\\call of duty\\\\coduomp.exe\"= UDP:C:\\users\\`\\documents\\downloads\\call of duty\\coduomp.exe:coduomp.exe
\"UDP Query User{793251D4-80D8-4C02-99CA-01B1B295DB09}C:\\\\users\\\\`\\\\documents\\\\downloads\\\\call of duty\\\\coduomp.exe\"= TCP:C:\\users\\`\\documents\\downloads\\call of duty\\coduomp.exe:coduomp.exe
 
R1 aswSP;avast! Self Protection;C:\\Windows\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\\Windows\\system32\\drivers\\sp_rsdrv2.sys [2008-07-01 23:37]
R2 AESTFilters;Andrea ST Filters Service;C:\\Windows\\system32\\aestsrv.exe [2007-08-29 23:25]
R2 aswFsBlk;aswFsBlk;C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2008-05-16 01:18]
R2 GFI LANguard N.S.S. 5.0 attendant service;GFI LANguard N.S.S. 5.0 attendant service;C:\\Program Files\\GFI\\LANguard Network Security Scanner 5.0\\lnssatt.exe [2004-04-08 13:10]
R3 btwaudio;Bluetooth Audio Device Service;C:\\Windows\\system32\\drivers\\btwaudio.sys [2006-11-07 03:37]
R3 btwavdt;Bluetooth AVDT;C:\\Windows\\system32\\drivers\\btwavdt.sys [2006-11-07 01:13]
R3 btwrchid;btwrchid;C:\\Windows\\system32\\DRIVERS\\btwrchid.sys [2006-11-07 01:13]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\\Windows\\system32\\DRIVERS\\OEM02Dev.sys [2007-08-29 07:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\\Windows\\system32\\DRIVERS\\OEM02Vfx.sys [2007-08-29 07:55]
S2 HPFECP13;HPFECP13;C:\\Windows\\system32\\drivers\\HPFECP13.SYS [1998-09-25 10:55]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\\Windows\\system32\\DRIVERS\\athrusb.sys [2006-12-22 22:05]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\\PROGRA~1\\WinTV\\HCWTVS~1.EXE [2007-02-20 17:11]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\\Windows\\system32\\Drivers\\hcw95bda.sys [2007-04-04 20:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\\Windows\\system32\\DRIVERS\\hcw95rc.sys [2007-04-04 20:48]
S3 MODRC;Hauppauge Nova-T IR Driver;C:\\Windows\\system32\\DRIVERS\\hcw95rc.sys [2007-04-04 20:48]
S4 EPGService;EPGService;C:\\PROGRA~1\\WinTV\\EPG Services\\System\\EPGService.exe [2006-11-28 19:17]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
bthsvcs REG_MULTI_SZ    BthServ
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 16:31:26
Windows 6.0.6001 Service Pack 1 NTFS
 
detected NTDLL code modification:
ZwClose
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Windows\\System32\\audiodg.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\Program Files\\Common Files\\Creative Labs Shared\\Service\\CreativeLicensing.exe
C:\\Windows\\System32\\CTSVCCDA.EXE
C:\\Program Files\\Common Files\\InterVideo\\RegMgr\\iviRegMgr.exe
C:\\Program Files\\GFI\\LANguard Network Security Scanner 5.0\\lnsscomm.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatch9.exe
C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe
C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\Program Files\\Spyware Terminator\\sp_rsser.exe
C:\\Windows\\System32\\stacsv.exe
C:\\Windows\\System32\\drivers\\XAudio.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe
C:\\Windows\\System32\\conime.exe
C:\\Program Files\\Sigmatel\\C-Major Audio\\WDM\\sttray.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\wbem\\unsecapp.exe
C:\\Windows\\System32\\msiexec.exe
C:\\Program Files\\Dell\\QuickSet\\quickset.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Windows Media Player\\wmpnetwk.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-07-08 16:43:18 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-08 14:41:25
ComboFix2.txt  2008-07-06 17:32:17
 
Pre-Run: 101,267,427,328 bytes free
Post-Run: 101,106,421,760 bytes free
 
316     --- E O F ---   2008-07-01 11:25:24
 
Wygenerowano w 0.164s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!