wklejto.pl

Dodane przez: ~Kamel (2008-07-09 11:24) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
omboFix 08-07-08.5 - Marcin 2008-07-09 11:25:25.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1523 [GMT 2:00]
Running from: C:\\Documents and Settings\\Marcin\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Marcin\\Pulpit\\CFScript.txt.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\lsass.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\Marcin\\Dane aplikacji\\FunWebProducts
C:\\Documents and Settings\\Marcin\\Dane aplikacji\\FunWebProducts\\Data\\Marcin\\avatar.dat
C:\\Program Files\\FunWebProducts
C:\\Program Files\\FunWebProducts\\Shared\\Cache\\CursorManiaBtn.html
C:\\Program Files\\FunWebProducts\\Shared\\Cache\\SmileyCentralBtn.html
C:\\Program Files\\internet explorer\\msimg32.dll
C:\\Program Files\\MyWebSearch
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3BKGERR.JPG
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3CJPEG.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3DTACTL.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3HISTSW.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3HTMLMU.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3HTTPCT.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3IMSTUB.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3POPSWT.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3PSSAVR.SCR
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3RESTUB.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3SCHMON.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3SCRCTR.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3SPACER.WMV
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3WALLPP.DAT
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3WPHOOK.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\FWPBUDDY.PNG
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3FFXTBR.JAR
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3FFXTBR.MANIFEST
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3HIGHIN.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3HTML.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3IDLE.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3IMPIPE.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3MEDINT.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3MSG.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3NTSTBR.JAR
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3NTSTBR.MANIFEST
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3OUTLCN.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3PLUGIN.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKPLAY.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SLSRCH.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SRCHMN.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEPLG.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOESTB.DLL
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSSVC.EXE
C:\\Program Files\\MyWebSearch\\bar\\1.bin\\NPMYWEBS.DLL
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON.F3S
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\avatar.htm
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\bgfadel.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\bgfader.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\common-x.css
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\common.css
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\cornerbl.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\cornerbr.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\ext_def.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\ext_roll.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\include.js
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\index.htm
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\loader.htm
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\loading.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\logo.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\max_def.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\max_roll.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\min_def.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\min_roll.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\noflash.htm
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\res_def.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\res_roll.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\spacer.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\spacer.swf
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\topgrad.gif
C:\\Program Files\\MyWebSearch\\bar\\Avatar\\COMMON\\window.ico
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]00B7A6A
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]117F87C.bin
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]117FE87.bin
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]1180FFB.bin
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]1181376.bin
C:\\Program Files\\MyWebSearch\\bar\\Cache\\[u]0[/u]1181848.bin
C:\\Program Files\\MyWebSearch\\bar\\Cache\\files.ini
C:\\Program Files\\MyWebSearch\\bar\\Game\\CHECKERS.F3S
C:\\Program Files\\MyWebSearch\\bar\\Game\\CHESS.F3S
C:\\Program Files\\MyWebSearch\\bar\\Game\\REVERSI.F3S
C:\\Program Files\\MyWebSearch\\bar\\History\\search3
C:\\Program Files\\MyWebSearch\\bar\\icons\\CM.ICO
C:\\Program Files\\MyWebSearch\\bar\\icons\\MFC.ICO
C:\\Program Files\\MyWebSearch\\bar\\icons\\PSS.ICO
C:\\Program Files\\MyWebSearch\\bar\\icons\\SMILEY.ICO
C:\\Program Files\\MyWebSearch\\bar\\icons\\WB.ICO
C:\\Program Files\\MyWebSearch\\bar\\icons\\ZWINKY.ICO
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON.F3S
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\ask_logo.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\autoup.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\autoup.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\center.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\index.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\mid_dots.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\mws_logo.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\protect.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\shocked.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\stop.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\systray.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\systrayp.htm
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\tp_grad.gif
C:\\Program Files\\MyWebSearch\\bar\\Message\\COMMON\\warn.gif
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\COMMON.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\DOG.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\FISH.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\KUNGFU.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\LIFEGARD.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\MAID.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\MAILBOX.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\OPERA.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\ROBOT.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\SEDUCT.F3S
C:\\Program Files\\MyWebSearch\\bar\\Notifier\\SURFER.F3S
C:\\Program Files\\MyWebSearch\\bar\\Settings\\prevcfg2.htm
C:\\Program Files\\MyWebSearch\\bar\\Settings\\s_pid.dat
C:\\Program Files\\MyWebSearch\\bar\\Settings\\setting2.htm
C:\\Program Files\\MyWebSearch\\bar\\Settings\\settings.dat
C:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL
C:\\WINDOWS\\system32\\f3PSSavr.scr
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-09 to 2008-07-09  )))))))))))))))))))))))))))))))
.
 
2008-07-01 00:09 . 2008-05-16 14:01     446,464 --a------       C:\\WINDOWS\\system32\\nvudisp.exe
2008-07-01 00:09 . 2008-05-16 14:01     18,070  --a------       C:\\WINDOWS\\system32\\nvdisp.nvu
2008-07-01 00:09 . 2008-07-09 11:28     104     --a------       C:\\WINDOWS\\system32\\nvapps.xml
2008-07-01 00:08 . 2008-07-01 00:08     <DIR>   d--------       C:\\NVIDIA
2008-07-01 00:08 . 2008-05-16 11:48     446,464 --a------       C:\\WINDOWS\\system32\\NVUNINST.EXE
2008-06-30 23:36 . 2008-03-30 20:03     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Ustawienia lokalne
2008-06-30 23:36 . 2008-03-30 20:03     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Ulubione
2008-06-30 23:36 . 2008-03-30 18:07     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Szablony
2008-06-30 23:36 . 2008-03-30 20:03     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Pulpit
2008-06-30 23:36 . 2008-03-30 20:03     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Moje dokumenty
2008-06-30 23:36 . 2008-03-30 20:03     <DIR>   dr-------       C:\\Documents and Settings\\Administrator\\Menu Start
2008-06-30 23:36 . 2008-06-30 23:53     <DIR>   dr-h-----       C:\\Documents and Settings\\Administrator\\Dane aplikacji
2008-06-30 23:36 . 2008-07-08 23:11     <DIR>   d--------       C:\\Documents and Settings\\Administrator
2008-06-30 23:00 . 2008-06-30 23:50     <DIR>   d--------       C:\\Program Files\\Driver Cleaner
2008-06-28 13:15 . 2008-06-28 16:25     77      --a------       C:\\WINDOWS\\VplayerINI.vpl
2008-06-28 13:14 . 2008-06-28 16:25     2,489   --a------       C:\\WINDOWS\\VPlayer.INI
2008-06-26 12:51 . 2008-06-27 10:30     61      --a------       C:\\WINDOWS\\wininit.ini
2008-06-25 20:34 . 2008-06-25 20:34     230     --a------       C:\\WINDOWS\\system32\\spupdsvc.inf
2008-06-25 20:01 . 2008-06-25 20:01     0       --a------       C:\\WINDOWS\\nsreg.dat
2008-06-25 09:58 . 2008-06-26 15:12     <DIR>   d--------       C:\\Program Files\\ATITool
2008-06-25 09:53 . 2008-06-25 09:53     <DIR>   d-a------       C:\\Program Files\\Guru3D.com
2008-06-25 09:37 . 2008-07-01 00:26     <DIR>   d--------       C:\\Program Files\\RivaTuner v2.09
2008-06-23 21:00 . 2008-06-23 21:00     <DIR>   d--------       C:\\Program Files\\OpenAL
2008-06-23 21:00 . 2008-06-23 21:00     409,600 --a------       C:\\WINDOWS\\system32\\wrap_oal.dll
2008-06-23 21:00 . 2008-06-23 21:00     114,688 --a------       C:\\WINDOWS\\system32\\OpenAL32.dll
2008-06-22 16:11 . 2008-07-01 00:10     <DIR>   d--------       C:\\WINDOWS\\nview
2008-06-22 16:11 . 2008-05-16 14:01     290,816 --a------       C:\\WINDOWS\\system32\\nvwrsth.dll
2008-06-22 16:10 . 2008-05-16 14:01     1,241,088       --a------       C:\\WINDOWS\\system32\\nvcuda.dll
2008-06-22 16:10 . 2008-06-22 16:10     472,576 --a------       C:\\WINDOWS\\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-06-22 11:59 . 2008-06-22 11:59     <DIR>   d--------       C:\\Program Files\\Common Files\\Wise Installation Wizard
2008-06-22 11:59 . 2008-06-22 11:59     <DIR>   d--------       C:\\Program Files\\AMD
2008-06-22 11:59 . 2006-06-27 14:24     31,744  --a------       C:\\WINDOWS\\system32\\drivers\\AmdTools.sys
2008-06-22 10:50 . 2008-06-26 15:04     <DIR>   d--------       C:\\Program Files\\Prince of Persia Sands of Time
2008-06-21 12:14 . 2008-07-01 15:56     <DIR>   d--------       C:\\Fraps
2008-06-20 04:27 . 2008-06-20 04:27     <DIR>   d--------       C:\\Program Files\\Paradox Interactive
2008-06-17 16:27 . 2008-06-17 16:27     <DIR>   d--------       C:\\Program Files\\EA GAMES
2008-06-15 21:32 . 2008-06-15 21:32     <DIR>   d--------       C:\\Program Files\\Apple Software Update
2008-06-15 21:32 . 2008-06-15 21:32     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple Computer
2008-06-15 21:32 . 2008-06-15 21:32     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple
2008-06-15 21:28 . 2008-06-15 21:32     <DIR>   d--------       C:\\Program Files\\QuickTime
2008-06-15 19:04 . 2007-10-12 15:14     3,734,536       --a------       C:\\WINDOWS\\system32\\d3dx9_36.dll
2008-06-15 19:04 . 2007-07-19 18:14     3,727,720       --a------       C:\\WINDOWS\\system32\\d3dx9_35.dll
2008-06-15 19:04 . 2007-10-12 15:14     1,374,232       --a------       C:\\WINDOWS\\system32\\D3DCompiler_36.dll
2008-06-15 19:04 . 2007-07-19 18:14     1,358,192       --a------       C:\\WINDOWS\\system32\\D3DCompiler_35.dll
2008-06-15 19:04 . 2007-10-02 09:56     444,776 --a------       C:\\WINDOWS\\system32\\d3dx10_36.dll
2008-06-15 19:04 . 2007-07-19 18:14     444,776 --a------       C:\\WINDOWS\\system32\\d3dx10_35.dll
2008-06-15 19:04 . 2007-10-22 03:39     267,272 --a------       C:\\WINDOWS\\system32\\xactengine2_10.dll
2008-06-15 19:04 . 2007-07-20 00:57     267,112 --a------       C:\\WINDOWS\\system32\\xactengine2_9.dll
2008-06-14 13:32 . 2008-07-06 20:37     <DIR>   d-a------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-06-14 13:31 . 2008-06-14 14:31     <DIR>   d--------       C:\\Program Files\\Fraps
2008-06-14 12:04 . 2008-06-22 15:38     <DIR>   d--------       C:\\Program Files\\EA SPORTS
2008-06-11 08:33 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-11 08:33 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
2008-06-10 18:38 . 2008-06-10 18:43     <DIR>   d--------       C:\\Program Files\\Cooking Academy
2008-06-10 18:38 . 2008-06-10 18:38     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Fugazo
2008-06-10 13:49 . 2004-08-18 01:34     442,368 -ra------       C:\\WINDOWS\\system32\\vp6vfw.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 09:28        ---------       d-----w C:\\Program Files\\lg_fwupdate
2008-07-08 13:52        ---------       d-----w C:\\Program Files\\sXe Injected
2008-07-08 08:57        ---------       d-----w C:\\Program Files\\Counter-Strike 1.6
2008-07-08 08:37        196,608 ----a-w C:\\WINDOWS\\system32\\drivers\\nStandard.bin
2008-07-01 18:32        22,328  ----a-w C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys
2008-07-01 18:32        103,736 ----a-w C:\\WINDOWS\\system32\\PnkBstrB.exe
2008-07-01 08:13        2,516   --sha-w C:\\WINDOWS\\system32\\KGyGaAvL.sys
2008-07-01 08:13        ---------       d-----w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\Corel
2008-06-27 08:16        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-27 08:16        ---------       d-----w C:\\Program Files\\Futuremark
2008-06-24 18:25        ---------       d-----w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\DAEMON Tools
2008-06-22 13:38        ---------       d-----w C:\\Program Files\\Gothic III
2008-06-20 02:29        107,888 ----a-w C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-06-14 11:43        ---------       d-----w C:\\Program Files\\eMule
2008-06-10 16:43        ---------       d-----w C:\\Program Files\\Posh Boutique
2008-06-10 12:28        ---------       d-----w C:\\Program Files\\3DO
2008-06-08 14:01        ---------       d-----w C:\\Program Files\\Soldat
2008-06-08 14:01        ---------       d-----w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\Soldat
2008-06-07 12:10        ---------       d-----w C:\\Program Files\\Tibia Auto
2008-06-07 12:03        ---------       d-----w C:\\Program Files\\Tibia
2008-06-06 21:50        ---------       d-----w C:\\Program Files\\ReflexiveArcade
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\WinFlip
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\VisualTaskTips
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\VistaDriveIcon
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\TrueTransparency
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\Thoosje Sidebar V2.3
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\Styler
2008-06-04 16:05        ---------       d-----w C:\\Program Files\\Blaero Start Orb
2008-06-04 15:09        110,592 ----a-w C:\\WINDOWS\\system32\\scriptz.exe
2008-05-31 10:18        ---------       d-----w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\Winamp
2008-05-31 10:14        ---------       d-----w C:\\Program Files\\Winamp
2008-05-31 09:56        ---------       d-----w C:\\Program Files\\Valve
2008-05-31 07:17        ---------       d-----w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\Tibia
2008-05-31 07:16        ---------       d-----w C:\\Program Files\\Asprate
2008-05-30 19:32        ---------       d-----w C:\\Program Files\\Trend Micro
2008-05-30 19:22        7,296   ----a-w C:\\WINDOWS\\system32\\drivers\\AMD64CAx86.sys
2008-05-30 15:39        ---------       d-----w C:\\Program Files\\DivX
2008-05-29 21:33        ---------       d-----w C:\\Program Files\\Microsoft Bootvis
2008-05-26 07:04        ---------       d-----w C:\\Program Files\\Gadu-Gadu
2008-05-26 06:53        ---------       d-----w C:\\Program Files\\DIFX
2008-05-26 06:53        ---------       d-----w C:\\Program Files\\Common Files\\Symantec Shared
2008-05-26 06:50        ---------       d-----w C:\\Program Files\\DAEMON Tools Lite
2008-05-26 06:49        ---------       d-----w C:\\Program Files\\BitComet
2008-05-26 06:44        ---------       d-----w C:\\Program Files\\Firaxis Games
2008-05-26 06:43        ---------       d-----w C:\\Program Files\\Activision
2008-05-26 06:41        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Symantec
2008-05-19 19:23        271,360 ----a-w C:\\WINDOWS\\system32\\drivers\\atksgt.sys
2008-05-19 19:23        18,048  ----a-w C:\\WINDOWS\\system32\\drivers\\lirsgt.sys
2008-05-14 04:50        ---------       d-----w C:\\Program Files\\Alcohol Soft
2008-05-14 04:35        ---------       d-----w C:\\Program Files\\Bethesda Softworks
2008-05-13 14:21        43,520  ----a-w C:\\WINDOWS\\system32\\CmdLineExt03.dll
2008-05-13 13:10        717,296 ----a-w C:\\WINDOWS\\system32\\drivers\\sptd.sys
2008-05-13 01:51        200,704 ----a-w C:\\WINDOWS\\system32\\ssldivx.dll
2008-05-13 01:51        1,044,480       ----a-w C:\\WINDOWS\\system32\\libdivx.dll
2008-05-10 17:12        23,600  ----a-w C:\\WINDOWS\\system32\\drivers\\TVICHW32.SYS
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-05-05 21:02        66,872  ----a-w C:\\WINDOWS\\system32\\PnkBstrA.exe
2008-05-05 13:59        22,328  ----a-w C:\\Documents and Settings\\Marcin\\Dane aplikacji\\PnkBstrK.sys
2008-04-30 13:43        2,560   ----a-w C:\\WINDOWS\\system32\\bitcometres.dll
2008-04-21 07:03        662,016 ----a-w C:\\WINDOWS\\system32\\wininet.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-11-14 12:54 2131392]
\"BitComet\"=\"C:\\Program Files\\BitComet\\BitComet.exe\" [2008-03-25 08:38 2196280]
\"DAEMON Tools Lite\"=\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" [2008-04-01 11:39 486856]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LGODDFU\"=\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\" [2008-03-30 19:20 249856]
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\qttask.exe\" [2008-06-15 21:28 413696]
\"amd_dc_opt\"=\"C:\\Program Files\\AMD\\amd_dc_opt\\amd_dc_opt.exe\" [2006-06-28 15:42 106496]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2008-05-16 14:01 13529088]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2008-05-16 14:01 86016]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-09-27 14:20 16844800 C:\\WINDOWS\\RTHDCPL.exe]
\"nwiz\"=\"nwiz.exe\" [2008-05-16 14:01 1630208 C:\\WINDOWS\\system32\\nwiz.exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 00:44 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ASUSGamerOSD]
--a------ 2007-07-12 10:03 380928 C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\\Program Files\\BitComet\\BitComet.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Corel Photo Downloader]
--a------ 2007-02-06 11:20 478800 C:\\Program Files\\Corel\\Corel Snapfire Plus\\Corel Photo Downloader.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\\Program Files\\DAEMON Tools Lite\\daemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Gadu-Gadu]
--a------ 2007-11-14 12:54 2131392 C:\\Program Files\\Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\sXe Injected]
--a------ 2008-06-28 23:14 593920 C:\\Program Files\\sXe Injected\\sXe Injected.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\\Program Files\\Winamp\\winampa.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\\WINDOWS\\Alcmtr.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\\WINDOWS\\system32\\nwiz.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SkyTel]
--a------ 2007-08-03 13:22 1826816 C:\\WINDOWS\\SkyTel.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Valve\\\\hl.exe\"=
\"C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"C:\\\\Program Files\\\\Activision\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"=
\"C:\\\\Program Files\\\\ASUS\\\\GamerOSD\\\\SBS.exe\"=
\"C:\\\\Program Files\\\\Nero\\\\Nero 7\\\\Nero ShowTime\\\\ShowTime.exe\"=
\"C:\\\\Program Files\\\\Nero\\\\Nero 7\\\\Nero Home\\\\NeroHome.exe\"=
\"C:\\\\Program Files\\\\Counter-Strike 1.6\\\\hl.exe\"=
\"C:\\\\Program Files\\\\Soldat\\\\Soldat.exe\"=
\"D:\\\\THQ\\\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\\\bin\\\\XR_3DA.exe\"=
\"D:\\\\THQ\\\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\\\bin\\\\dedicated\\\\XR_3DA.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"9031:TCP\"= 9031:TCP:BitComet 9031 TCP
\"9031:UDP\"= 9031:UDP:BitComet 9031 UDP
\"10868:TCP\"= 10868:TCP:BitComet 10868 TCP
\"10868:UDP\"= 10868:UDP:BitComet 10868 UDP
 
R3 AmdTools;AMD Special Tools Driver;C:\\WINDOWS\\system32\\DRIVERS\\AmdTools.sys [2006-06-27 14:24]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\\WINDOWS\\system32\\drivers\\asusgsb.sys [2007-07-12 10:03]
R3 Video3D;ASUS Video3D Service;C:\\WINDOWS\\system32\\Drivers\\Video3D32.sys [2007-07-12 10:03]
S2 MyWebSearchService;My Web Search Service;C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwssvc.exe []
S3 AMD64CA;AMD64CA;C:\\WINDOWS\\System32\\Drivers\\AMD64CAx86.sys [2008-05-30 21:22]
 
.
Contents of the \'Scheduled Tasks\' folder
\"2008-07-01 21:43:01 C:\\WINDOWS\\Tasks\\AppleSoftwareUpdate.job\"
- C:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
 
HKCU-Run-ares - C:\\Program Files\\Ares\\Ares.exe
HKLM-Run-lsass.exe - C:\\WINDOWS\\lsass.exe
HKLM-Run-MyWebSearch Plugin - C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-BearShare - C:\\Program Files\\BearShare\\BearShare.exe
MSConfigStartUp-swg - C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 11:28:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\WINDOWS\\ATKKBService.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
C:\\WINDOWS\\system32\\PSIService.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-09 11:29:54 - machine was rebooted [Marcin]
ComboFix-quarantined-files.txt  2008-07-09 09:29:52
 
Pre-Run: 48,249,335,808 bajtów wolnych
Post-Run: 49,061,396,480 bajt˘w wolnych
 
368     --- E O F ---   2008-06-26 10:27:31
Wygenerowano w 0.161s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!