wklejto.pl

Dodane przez: ~stalker (2008-07-10 18:51) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
ComboFix 08-07-09.5 - lol 2008-07-10 18:55:55.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1656 [GMT 2:00]
Running from: C:\\Documents and Settings\\lol\\Moje dokumenty\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\lol\\Moje dokumenty\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\BM2b205dc1.xml
C:\\WINDOWS\\system32\\SET11.tmp
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\WINDOWS\\BM2b205dc1.xml
C:\\WINDOWS\\system32\\SET11.tmp
.
---- Previous Run -------
.
C:\\WINDOWS\\system32\\geBspppn.dll
C:\\WINDOWS\\system32\\NqBdcMoq.ini
C:\\WINDOWS\\system32\\NqBdcMoq.ini2
C:\\WINDOWS\\system32\\onWaaGgh.ini
C:\\WINDOWS\\system32\\onWaaGgh.ini2
C:\\WINDOWS\\system32\\opnopQhI.dll
C:\\WINDOWS\\system32\\pmnkIccY.dll
C:\\WINDOWS\\system32\\qoMcdBqN.dll
C:\\WINDOWS\\system32\\setup.ini
C:\\WINDOWS\\system32\\urqOeBTj.dll
C:\\WINDOWS\\system32\\winmmt32.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-10 to 2008-07-10  )))))))))))))))))))))))))))))))
.
 
2008-07-10 17:41 . 2008-07-10 17:41     <DIR>   d--------       C:\\Program Files\\Lavasoft
2008-07-10 17:41 . 2008-07-10 18:09     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Lavasoft
2008-07-10 01:36 . 2008-07-10 01:36     <DIR>   d--------       C:\\Documents and Settings\\lol\\Dane aplikacji\\Ulead Systems
2008-07-10 01:34 . 2008-07-10 01:34     <DIR>   d--------       C:\\Program Files\\Corel
2008-07-10 01:34 . 2008-07-10 01:35     <DIR>   d--------       C:\\Program Files\\Common Files\\Ulead Systems
2008-07-10 01:34 . 2008-07-10 01:35     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Ulead Systems
2008-07-10 01:32 . 2008-07-10 01:32     <DIR>   d--------       C:\\WINDOWS\\Downloaded Installations
2008-07-10 01:02 . 2008-07-10 01:18     <DIR>   d--------       C:\\Program Files\\Cleanerzoomer
2008-07-10 00:51 . 2008-07-10 00:52     <DIR>   d--------       C:\\Program Files\\Picasa2
2008-07-09 23:10 . 2008-07-09 23:10     <DIR>   d--------       C:\\Documents and Settings\\lol\\Dane aplikacji\\ACD Systems
2008-07-09 23:09 . 2008-07-09 23:09     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\ACD Systems
2008-07-09 18:57 . 2008-07-09 18:57     9,568   --ah-----       C:\\WINDOWS\\system32\\mlfcache.dat
2008-07-08 21:37 . 2008-07-08 21:37     <DIR>   d--------       C:\\Program Files\\thriXXX
2008-07-08 15:19 . 2008-07-08 15:19     <DIR>   d--------       C:\\WINDOWS\\system32\\pl-pl
2008-07-03 14:44 . 2008-07-09 13:30     <DIR>   d--------       C:\\Program Files\\mIRC
2008-07-03 14:44 . 2008-07-09 21:25     <DIR>   d--------       C:\\Documents and Settings\\lol\\Dane aplikacji\\mIRC
2008-06-29 00:48 . 2008-06-29 00:52     <DIR>   d--------       C:\\Program Files\\EA Sports
2008-06-16 11:47 . 2008-07-10 18:56     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Ustawienia lokalne
2008-06-16 11:47 . 2008-05-19 18:13     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Ulubione
2008-06-16 11:47 . 2008-05-19 16:19     <DIR>   d--h-----       C:\\Documents and Settings\\Administrator\\Szablony
2008-06-16 11:47 . 2008-05-19 18:13     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Pulpit
2008-06-16 11:47 . 2008-05-19 18:13     <DIR>   d--------       C:\\Documents and Settings\\Administrator\\Moje dokumenty
2008-06-16 11:47 . 2008-05-19 18:13     <DIR>   dr-------       C:\\Documents and Settings\\Administrator\\Menu Start
2008-06-16 11:47 . 2008-05-19 18:13     <DIR>   dr-h-----       C:\\Documents and Settings\\Administrator\\Dane aplikacji
2008-06-16 11:47 . 2008-07-10 18:09     <DIR>   d--------       C:\\Documents and Settings\\Administrator
2008-06-15 15:33 . 2008-06-16 12:41     1,374   --a------       C:\\WINDOWS\\system32\\wpa.bak
2008-06-11 11:59 . 2008-06-14 20:01     273,024 ---------       C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-11 11:59 . 2008-06-14 20:01     273,024 -----c---       C:\\WINDOWS\\system32\\dllcache\\bthport.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:53        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\DNA
2008-07-09 23:36        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-09 22:39        ---------       d-----w C:\\Program Files\\CCleaner
2008-07-09 21:21        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\gtk-2.0
2008-07-09 14:38        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-07-08 15:44        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\BitTorrent
2008-07-03 18:34        ---------       d-----w C:\\Program Files\\eMule
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-07 10:19        ---------       d-----w C:\\Program Files\\BitPim
2008-06-06 15:30        ---------       d-----w C:\\Program Files\\Windows Media Components
2008-06-04 13:19        ---------       d-----w C:\\Program Files\\Common Files\\Download Manager
2008-06-04 13:19        ---------       d-----w C:\\Program Files\\Allok Video to FLV Converter
2008-06-03 21:48        ---------       d-----w C:\\Program Files\\MSXML 6.0
2008-06-03 17:55        ---------       d-----w C:\\Program Files\\GIMP-2.0
2008-06-02 20:27        ---------       d-----w C:\\Program Files\\Vstplugins
2008-06-02 20:27        ---------       d-----w C:\\Program Files\\Sony
2008-06-02 20:27        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Sony
2008-06-02 18:03        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Sony
2008-06-02 18:03        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Publish Providers
2008-06-02 17:51        ---------       d-----w C:\\Program Files\\MSBuild
2008-06-02 17:48        ---------       d-----w C:\\Program Files\\Reference Assemblies
2008-06-02 17:36        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Sony Setup
2008-06-02 13:11        ---------       d-----w C:\\Program Files\\Solveig Multimedia
2008-06-02 13:00        36,864  ----a-w C:\\WINDOWS\\unslive.exe
2008-06-02 12:04        ---------       d-----w C:\\Program Files\\Common Files\\Solveig Multimedia
2008-06-02 12:04        ---------       d-----w C:\\Program Files\\Common Files\\Elecard
2008-06-01 17:54        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\espionServerData
2008-06-01 10:16        9,464   ------w C:\\WINDOWS\\system32\\drivers\\cdralw2k.sys
2008-06-01 10:16        9,336   ------w C:\\WINDOWS\\system32\\drivers\\cdr4_xp.sys
2008-06-01 10:16        129,784 ------w C:\\WINDOWS\\system32\\pxafs.dll
2008-06-01 10:16        118,520 ------w C:\\WINDOWS\\system32\\pxinsi64.exe
2008-06-01 10:16        116,472 ------w C:\\WINDOWS\\system32\\pxcpyi64.exe
2008-05-28 21:52        ---------       d-----w C:\\Program Files\\MSXML 4.0
2008-05-28 14:00        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Adobe Systems
2008-05-28 13:59        ---------       d-----w C:\\Program Files\\Common Files\\Adobe Systems Shared
2008-05-28 13:59        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-05-27 18:33        82,432  ----a-w C:\\WINDOWS\\system32\\msxml4r.dll
2008-05-26 12:27        ---------       d-----w C:\\Program Files\\ZTE ZXDSL 852
2008-05-24 22:59        ---------       d-----w C:\\Program Files\\Real Alternative
2008-05-24 22:59        ---------       d-----w C:\\Program Files\\Media Player Classic
2008-05-24 22:59        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Media Player Classic
2008-05-24 14:18        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\GetRightToGo
2008-05-23 18:57        101,376 ----a-w C:\\WINDOWS\\system32\\drivers\\ACEDRV07.sys
2008-05-23 18:56        ---------       d-----w C:\\Program Files\\Skispringen 2007
2008-05-22 23:13        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\FLEXnet
2008-05-22 20:10        ---------       d-----w C:\\Program Files\\Cream Software
2008-05-22 20:10        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Cream Software
2008-05-22 16:34        ---------       d-----w C:\\Program Files\\Bonjour
2008-05-22 16:29        ---------       d-----w C:\\Program Files\\Common Files\\Macrovision Shared
2008-05-22 16:22        ---------       d-----w C:\\Program Files\\PowerISO
2008-05-22 15:50        ---------       d-----w C:\\Program Files\\Activision Value
2008-05-20 14:17        ---------       d-----w C:\\Program Files\\DNA
2008-05-20 14:17        ---------       d-----w C:\\Program Files\\BitTorrent
2008-05-19 20:14        ---------       d-----w C:\\Program Files\\DAEMON Tools Lite
2008-05-19 16:36        717,296 ----a-w C:\\WINDOWS\\system32\\drivers\\sptd.sys
2008-05-19 16:36        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\DAEMON Tools
2008-05-19 16:26        ---------       d-----w C:\\Program Files\\SMPlayer
2008-05-19 16:09        ---------       d-----w C:\\Program Files\\Analog Devices
2008-05-19 15:59        ---------       d-----w C:\\Program Files\\Alwil Software
2008-05-19 15:57        ---------       d-----w C:\\Program Files\\SystemRequirementsLab
2008-05-19 15:57        ---------       d-----w C:\\Program Files\\Sun
2008-05-19 15:56        ---------       d-----w C:\\Program Files\\Java
2008-05-19 15:54        ---------       d-----w C:\\Program Files\\Common Files\\Java
2008-05-19 15:39        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Gadu-Gadu
2008-05-19 15:38        ---------       d-----w C:\\Program Files\\Gadu-Gadu
2008-05-19 15:21        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-05-19 15:08        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\Talkback
2008-05-19 14:39        ---------       d-----w C:\\Documents and Settings\\lol\\Dane aplikacji\\AdobeUM
2008-05-19 14:22        ---------       d-----w C:\\Program Files\\microsoft frontpage
2008-05-19 14:21        ---------       d-----w C:\\Program Files\\Usługi online
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-30 15:27        442,368 ----a-w C:\\WINDOWS\\system32\\NVUNINST.EXE
2008-04-21 07:03        662,016 ----a-w C:\\WINDOWS\\system32\\wininet.dll
2007-09-27 14:02        2,510,070       ----a-w C:\\WINDOWS\\inf\\SET5E.tmp
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{A4046591-2C15-4C71-A49B-51F85270C489}]
C:\\WINDOWS\\system32\\hgGaaWno.dll [BU]
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 14:00 15360]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2008-03-20 12:04 2127296]
\"BitTorrent DNA\"=\"C:\\Program Files\\DNA\\btdna.exe\" [2008-05-20 16:17 289088]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2008-05-03 05:46 13529088]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2008-05-03 05:46 86016]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"Ulead AutoDetector v2\"=\"C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe\" [2007-08-02 21:08 95504]
\"MSConfig\"=\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe\" [2007-10-29 14:00 159744]
\"Adobe Photo Downloader\"=\"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\apdproxy.exe\" [2007-09-11 00:43 67488]
\"nwiz\"=\"nwiz.exe\" [2008-05-03 05:46 1630208 C:\\WINDOWS\\system32\\nwiz.exe]
\"AdslTaskBar\"=\"stmctrl.dll\" [2007-02-06 16:47 167936 C:\\WINDOWS\\system32\\stmctrl.dll]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2004-08-04 14:00 15360]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\winmmt32]
winmmt32.dll [BU]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\apdproxy.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\\Program Files\\DAEMON Tools Lite\\daemon.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\\Program Files\\PowerISO\\PWRISOVM.EXE
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAX]
--------- 2006-07-13 07:12 729088 C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAXPnP]
-ra------ 2006-12-18 15:34 868352 C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\eMule\\\\emule.exe\"=
\"C:\\\\Program Files\\\\DNA\\\\btdna.exe\"=
\"C:\\\\Program Files\\\\BitTorrent\\\\bittorrent.exe\"=
\"C:\\\\Program Files\\\\Activision Value\\\\Soldier of Fortune Payback\\\\sof3.exe\"=
\"C:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"C:\\\\totalcmd\\\\TOTALCMD.EXE\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\mIRC\\\\mirc.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\winver.exe\"=
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R3 Stmatm;ATM/ADSL miniport;C:\\WINDOWS\\system32\\DRIVERS\\stmatm.sys [2007-01-22 11:52]
R3 TaurusUsb;ADSL Modem USB Service;C:\\WINDOWS\\system32\\DRIVERS\\torususb.sys [2007-02-06 16:08]
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 18:56:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-10 18:57:18
ComboFix-quarantined-files.txt  2008-07-10 16:57:04
 
Pre-Run: 183,725,572,096 bajtów wolnych
Post-Run: 183,716,397,056 bajtów wolnych
 
208     --- E O F ---   2008-07-10 00:07:05
 
Wygenerowano w 0.096s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!