wklejto.pl

Dodane przez: ~Magg (2008-07-11 21:12) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
ComboFix 08-07-11.1 - Magg 2008-07-11 21:04:35.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1341 [GMT 2:00]
Running from: C:\\Documents and Settings\\Magg\\Pulpit\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Magg\\Pulpit\\CFScript.txt
 * Created a new restore point
 
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
 
FILE ::
C:\\WINDOWS\\fsrpknov.dll
C:\\WINDOWS\\sqvgnrpx.dll
C:\\WINDOWS\\system32\\hrxlfnme.dll
C:\\WINDOWS\\system32\\pphcc6nj0ep5t.exe
C:\\WINDOWS\\system32\\yrcuxkvv.dll
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\Documents and Settings\\Magg\\Dane aplikacji\\rhc96nj0ep5t
C:\\Program Files\\rhc96nj0ep5t
C:\\Program Files\\rhc96nj0ep5t\\database.dat
C:\\Program Files\\rhc96nj0ep5t\\license.txt
C:\\Program Files\\rhc96nj0ep5t\\MFC71.dll
C:\\Program Files\\rhc96nj0ep5t\\MFC71ENU.DLL
C:\\Program Files\\rhc96nj0ep5t\\msvcp71.dll
C:\\Program Files\\rhc96nj0ep5t\\msvcr71.dll
C:\\Program Files\\rhc96nj0ep5t\\rhc96nj0ep5t.exe
C:\\Program Files\\rhc96nj0ep5t\\rhc96nj0ep5t.exe.local
C:\\Program Files\\rhc96nj0ep5t\\Uninstall.exe
C:\\WINDOWS\\adaway.lic
C:\\WINDOWS\\BM7b7f5f64.txt
C:\\WINDOWS\\eorp.exe
C:\\WINDOWS\\fsrpknov.dll
C:\\WINDOWS\\gpefaowr.exe
C:\\WINDOWS\\privacy_danger
C:\\WINDOWS\\privacy_danger\\images\\capt.gif
C:\\WINDOWS\\privacy_danger\\images\\danger.jpg
C:\\WINDOWS\\privacy_danger\\images\\down.gif
C:\\WINDOWS\\privacy_danger\\images\\spacer.gif
C:\\WINDOWS\\privacy_danger\\index.htm
C:\\WINDOWS\\sqvgnrpx.dll
C:\\WINDOWS\\system32\\ddcBRjGa.dll
C:\\WINDOWS\\system32\\dJRsBJjl.ini
C:\\WINDOWS\\system32\\dJRsBJjl.ini2
C:\\WINDOWS\\system32\\DLoVEfhk.ini
C:\\WINDOWS\\system32\\DLoVEfhk.ini2
C:\\WINDOWS\\system32\\emnflxrh.ini
C:\\WINDOWS\\system32\\gdvbcnxt.ini
C:\\WINDOWS\\system32\\hgGwXpnm.dll
C:\\WINDOWS\\system32\\hrxlfnme.dll
C:\\WINDOWS\\system32\\jkTCJRqr.ini
C:\\WINDOWS\\system32\\jkTCJRqr.ini2
C:\\WINDOWS\\system32\\MoXIRqss.ini
C:\\WINDOWS\\system32\\MoXIRqss.ini2
C:\\WINDOWS\\system32\\opyoxitx.ini
C:\\WINDOWS\\system32\\pphcc6nj0ep5t.exe
C:\\WINDOWS\\system32\\richvideocodec.dll
C:\\WINDOWS\\zeqbqwp.sys
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_GRANDE48
-------\\Legacy_ZEQBQWP
-------\\Service_grande48
-------\\Service_zeqbqwp
 
 
(((((((((((((((((((((((((   Files Created from 2008-06-11 to 2008-07-11  )))))))))))))))))))))))))))))))
.
 
2008-07-11 20:20 . 2008-07-11 20:20     90,838  --a------       C:\\WINDOWS\\system32\\phcc6nj0ep5t.bmp
2008-07-11 20:20 . 2008-07-11 20:20     60,928  --a------       C:\\WINDOWS\\system32\\blphcc6nj0ep5t.scr
2008-07-11 20:10 . 2008-07-11 20:20     <DIR>   d--------       C:\\Program Files\\RichVideoCodec
2008-07-11 20:04 . 2008-07-11 20:04     20,992  --a------       C:\\WINDOWS\\system32\\iefltr.dll
2008-07-11 19:35 . 2008-07-11 19:35     321,792 --a------       C:\\WINDOWS\\system32\\rqRJCTkj.dll
2008-07-11 19:35 . 2008-07-11 19:35     116,864 --a------       C:\\WINDOWS\\system32\\nundtgha.dll
2008-07-11 19:35 . 2008-07-11 19:35     116,864 --a------       C:\\WINDOWS\\system32\\kyudfa.dll
2008-07-11 18:29 . 2008-07-11 18:29     <DIR>   d-a------       C:\\Program Files\\Trojan Remover
2008-07-11 18:29 . 2008-07-11 18:29     <DIR>   d--------       C:\\Documents and Settings\\Magg\\Dane aplikacji\\Simply Super Software
2008-07-11 18:29 . 2008-07-11 18:29     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Simply Super Software
2008-07-11 18:29 . 2006-05-25 15:52     162,304 --a------       C:\\WINDOWS\\system32\\ztvunrar36.dll
2008-07-11 18:29 . 2003-02-02 20:06     153,088 --a------       C:\\WINDOWS\\system32\\UNRAR3.dll
2008-07-11 18:29 . 2005-08-26 01:50     77,312  --a------       C:\\WINDOWS\\system32\\ztvunace26.dll
2008-07-11 18:29 . 2002-03-06 01:00     75,264  --a------       C:\\WINDOWS\\system32\\unacev2.dll
2008-07-11 18:29 . 2006-06-19 13:01     69,632  --a------       C:\\WINDOWS\\system32\\ztvcabinet.dll
2008-07-11 18:11 . 2008-07-11 18:11     92,672  --a------       C:\\WINDOWS\\system32\\grepifsi.dll.vir
2008-07-11 18:10 . 2008-07-11 18:10     116,864 --a------       C:\\WINDOWS\\system32\\xffpiy.dll
2008-07-11 18:10 . 2008-07-11 18:10     116,864 --a------       C:\\WINDOWS\\system32\\ghwvwbov.dll
2008-07-11 18:05 . 2008-07-11 18:05     321,792 --a------       C:\\WINDOWS\\system32\\fccyxvSl.dll.vir
2008-07-11 18:00 . 2008-07-11 18:00     10,752  --a------       C:\\WINDOWS\\system32\\drivers\\clbdriver.sys.vir
2008-07-11 18:00 . 2006-03-02 14:00     4,224   --a------       C:\\WINDOWS\\system32\\beep.sys
2008-07-11 12:26 . 2008-07-11 12:26     109,056 --a------       C:\\WINDOWS\\system32\\lphcc6nj0ep5t.exe
2008-07-10 21:28 . 2007-11-11 19:51     158,066 --a------       C:\\WINDOWS\\system32\\nvapps.nvb
2008-07-10 21:14 . 2007-11-16 05:03     2,854,912       --a------       C:\\WINDOWS\\system32\\nvmoblsr.dll
2008-07-10 21:14 . 2007-11-16 05:03     87      --a------       C:\\WINDOWS\\system32\\nvuninst.bat
2008-07-10 00:10 . 2008-07-10 04:38     103,736 --a------       C:\\WINDOWS\\system32\\PnkBstrB.exe
2008-07-10 00:10 . 2008-07-10 04:38     66,872  --a------       C:\\WINDOWS\\system32\\PnkBstrA.exe
2008-07-10 00:10 . 2008-07-10 04:39     22,328  --a------       C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys
2008-07-09 23:32 . 2008-05-30 14:11     3,850,760       --a------       C:\\WINDOWS\\system32\\D3DX9_38.dll
2008-07-09 23:32 . 2008-05-30 14:11     1,491,992       --a------       C:\\WINDOWS\\system32\\D3DCompiler_38.dll
2008-07-09 23:32 . 2008-05-30 14:19     507,400 --a------       C:\\WINDOWS\\system32\\XAudio2_1.dll
2008-07-09 23:32 . 2008-05-30 14:11     467,984 --a------       C:\\WINDOWS\\system32\\d3dx10_38.dll
2008-07-09 23:32 . 2008-05-30 14:18     238,088 --a------       C:\\WINDOWS\\system32\\xactengine3_1.dll
2008-07-09 23:32 . 2008-05-30 14:17     65,032  --a------       C:\\WINDOWS\\system32\\XAPOFX1_0.dll
2008-07-09 23:32 . 2008-05-30 14:17     25,608  --a------       C:\\WINDOWS\\system32\\X3DAudio1_4.dll
2008-07-09 23:31 . 2008-07-10 21:46     <DIR>   d--h-----       C:\\WINDOWS\\msdownld.tmp
2008-07-09 23:31 . 2008-07-09 23:31     <DIR>   d--------       C:\\WINDOWS\\Logs
2008-07-09 23:02 . 2008-07-10 04:38     298     --a------       C:\\WINDOWS\\game.ini
2008-07-09 22:13 . 2008-07-09 22:13     <DIR>   d--hs----       C:\\WINDOWS\\ftpcache
2008-07-09 17:19 . 2008-07-09 17:19     <DIR>   d--------       C:\\Program Files\\OpenAL
2008-07-09 17:19 . 2008-07-09 17:19     409,600 --a------       C:\\WINDOWS\\system32\\wrap_oal.dll
2008-07-09 17:19 . 2008-07-09 17:19     114,688 --a------       C:\\WINDOWS\\system32\\OpenAL32.dll
2008-07-09 17:18 . 2008-07-09 17:18     <DIR>   d--------       C:\\WINDOWS\\system32\\xlive
2008-07-04 16:17 . 2008-07-04 16:17     <DIR>   d--------       C:\\Program Files\\directx
2008-07-04 16:11 . 2008-07-04 16:11     612     --a------       C:\\WINDOWS\\eReg.dat
2008-06-30 15:58 . 2008-06-30 15:58     <DIR>   d--------       C:\\Documents and Settings\\Magg\\Dane aplikacji\\Ulead Systems
2008-06-28 14:49 . 2008-06-28 14:49     <DIR>   d--------       C:\\Program Files\\InterVideo
2008-06-28 14:49 . 2008-06-28 14:49     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\InstallShield
2008-06-28 14:49 . 2002-11-22 02:57     204,800 --a------       C:\\WINDOWS\\system32\\IVIresizeW7.dll
2008-06-28 14:49 . 2002-11-22 02:57     200,704 --a------       C:\\WINDOWS\\system32\\IVIresizeA6.dll
2008-06-28 14:49 . 2002-11-22 02:57     192,512 --a------       C:\\WINDOWS\\system32\\IVIresizeP6.dll
2008-06-28 14:49 . 2002-11-22 02:57     192,512 --a------       C:\\WINDOWS\\system32\\IVIresizeM6.dll
2008-06-28 14:49 . 2002-11-22 02:57     188,416 --a------       C:\\WINDOWS\\system32\\IVIresizePX.dll
2008-06-28 14:49 . 2002-11-22 02:57     20,480  --a------       C:\\WINDOWS\\system32\\IVIresize.dll
2008-06-28 14:48 . 2008-06-28 14:48     <DIR>   d--------       C:\\Program Files\\Windows Media Components
2008-06-28 14:47 . 2008-06-28 14:47     <DIR>   d--------       C:\\Program Files\\Ulead Systems
2008-06-28 14:47 . 2008-06-28 14:49     <DIR>   d--------       C:\\Program Files\\Common Files\\Ulead Systems
2008-06-28 14:47 . 2008-06-28 14:49     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Ulead Systems
2008-06-28 12:55 . 2008-06-28 12:56     <DIR>   d--------       C:\\Program Files\\PopCap Games
2008-06-25 20:54 . 2008-06-25 20:54     <DIR>   d--------       C:\\Program Files\\IrfanView
2008-06-25 13:42 . 2008-06-25 13:43     <DIR>   d--------       C:\\Program Files\\QuickTime
2008-06-25 13:42 . 2008-06-25 13:42     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple Computer
2008-06-25 13:33 . 2008-06-25 13:33     <DIR>   d--------       C:\\Program Files\\Apple Software Update
2008-06-25 13:33 . 2008-06-25 13:33     <DIR>   d--------       C:\\Documents and Settings\\All Users\\Dane aplikacji\\Apple
2008-06-23 00:54 . 2008-06-23 21:34     <DIR>   d--------       C:\\Program Files\\MP3 WAV Converter
2008-06-23 00:54 . 2008-06-23 00:55     2       --a------       C:\\WINDOWS\\system32\\RICHTX.DEP
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 18:51        ---------       d-----w C:\\Documents and Settings\\Magg\\Dane aplikacji\\MegauploadToolbar
2008-07-11 18:50        ---------       d-----w C:\\Program Files\\Mozilla Thunderbird
2008-07-11 17:52        ---------       d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP
2008-07-11 17:31        12,288  ----a-w C:\\WINDOWS\\system32\\drivers\\nhcDriver.sys
2008-07-11 16:26        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Tablet
2008-07-10 02:39        22,328  ----a-w C:\\Documents and Settings\\Magg\\Dane aplikacji\\PnkBstrK.sys
2008-07-09 21:02        ---------       d--h--w C:\\Program Files\\InstallShield Installation Information
2008-07-09 15:21        107,888 ----a-w C:\\WINDOWS\\system32\\CmdLineExt.dll
2008-07-07 16:39        ---------       d-----w C:\\Documents and Settings\\Magg\\Dane aplikacji\\Skype
2008-07-07 14:00        ---------       d-----w C:\\Documents and Settings\\Magg\\Dane aplikacji\\skypePM
2008-07-02 18:09        ---------       d-----w C:\\Program Files\\English Translator 3
2008-06-29 18:17        278,984 ----a-w C:\\WINDOWS\\system32\\drivers\\atksgt.sys
2008-06-28 12:49        ---------       d-----w C:\\Program Files\\Common Files\\InstallShield
2008-06-27 13:16        ---------       d-----w C:\\Program Files\\Common Files\\Adobe
2008-06-26 15:26        ---------       d-----w C:\\Documents and Settings\\Magg\\Dane aplikacji\\OpenOffice.org2
2008-06-24 20:15        ---------       d-----w C:\\Program Files\\Lx_cats
2008-06-20 17:42        246,784 ----a-w C:\\WINDOWS\\system32\\mswsock.dll
2008-06-20 10:45        360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys
2008-06-20 10:44        138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys
2008-06-20 09:52        225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys
2008-06-15 19:14        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Microsoft Help
2008-06-14 18:01        273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys
2008-06-03 16:17        ---------       d-----w C:\\Program Files\\Intelligent Converters
2008-05-31 19:59        ---------       d-----w C:\\Program Files\\Common Files\\Adobe Systems Shared
2008-05-31 19:31        ---------       d-----w C:\\Documents and Settings\\All Users\\Dane aplikacji\\Adobe Systems
2008-05-30 21:39        ---------       d-----w C:\\Documents and Settings\\Magg\\Dane aplikacji\\iuLab
2008-05-30 21:38        ---------       d-----w C:\\Program Files\\iuLAB
2008-05-30 21:38        ---------       d-----w C:\\Program Files\\Common Files\\iulab
2008-05-28 05:58        ---------       d-----w C:\\Program Files\\RL Harem 2
2008-05-28 05:27        50,688  ----a-w C:\\WINDOWS\\system32\\wbhelp2.dll
2008-05-28 05:26        ---------       d-----w C:\\Program Files\\FlashGet
2008-05-27 11:23        ---------       d-----w C:\\Program Files\\SystemRequirementsLab
2008-05-25 22:50        ---------       d-----w C:\\Program Files\\SubEdit-Player
2008-05-07 05:16        1,291,264       ----a-w C:\\WINDOWS\\system32\\quartz.dll
2008-04-21 07:03        662,016 ----a-w C:\\WINDOWS\\system32\\wininet.dll
2008-03-05 21:11        32      ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat
2006-12-12 10:13        32,768  ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\EBLib.dll
2006-07-28 15:25        19,456  ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\LPCFilter.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{8B2AE9C0-1555-4C92-905A-531532F15698}]
2008-07-11 20:04        20992   --a------       C:\\WINDOWS\\system32\\iefltr.dll
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{df355369-15d3-4ba6-b93b-270c3a9cb137}]
2008-07-11 19:35        116864  --a------       C:\\WINDOWS\\system32\\kyudfa.dll
 
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{EE2642A2-7304-43AD-82FD-D50E145A3BA1}]
2008-07-11 19:35        321792  --a------       C:\\WINDOWS\\system32\\rqRJCTkj.dll
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2006-03-02 14:00 15360]
\"TOSCDSPD\"=\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\" [2005-04-11 12:26 65536]
\"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-07-09 09:39 2119104]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"IMJPMIG8.1\"=\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" [2006-03-02 14:00 208952]
\"PHIME2002ASync\"=\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" [2006-03-02 14:00 455168]
\"PHIME2002A\"=\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" [2006-03-02 14:00 455168]
\"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-11-11 19:51 8523776]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-09-23 18:49 888832]
\"Camera Assistant Software\"=\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" [2007-05-22 11:50 413696]
\"IntelZeroConfig\"=\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\" [2007-06-01 11:51 823296]
\"IntelWireless\"=\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" [2007-06-01 11:49 974848]
\"CeEKEY\"=\"C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe\" [2006-04-12 17:31 638976]
\"HWSetup\"=\"C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe\" [2004-05-01 14:45 28672]
\"SVPWUTIL\"=\"C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe\" [2006-05-25 12:17 65536]
\"TPNF\"=\"C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe\" [2007-06-01 06:40 53248]
\"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 12:50 155648]
\"LXBTCATS\"=\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBTtime.dll\" [2004-03-17 18:30 65536]
\"Logitech Hardware Abstraction Layer\"=\"C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\" [2006-07-19 13:03 94208]
\"NotebookHardwareControl\"=\"C:\\Program Files\\Notebook Hardware Control\\nhc.exe\" [2006-09-01 19:40 2228224]
\"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\" [2008-02-22 04:25 144784]
\"QuickTime Task\"=\"C:\\Program Files\\QuickTime\\QTTask.exe\" [2008-05-27 10:50 413696]
\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2008-01-11 22:16 39792]
\"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-11-11 19:51 81920]
\"TrojanScanner\"=\"C:\\Program Files\\Trojan Remover\\Trjscan.exe\" [2008-07-11 18:28 878672]
\"nwiz\"=\"nwiz.exe\" [2007-11-11 19:51 1626112 C:\\WINDOWS\\system32\\nwiz.exe]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-09-23 18:40 16384000 C:\\WINDOWS\\RTHDCPL.EXE]
\"TDispVol\"=\"TDispVol.exe\" [2005-12-27 14:06 73728 C:\\WINDOWS\\system32\\TDispVol.exe]
\"Zooming\"=\"ZoomingHook.exe\" [2005-06-06 10:58 24576 C:\\WINDOWS\\system32\\ZoomingHook.exe]
\"Kernel and Hardware Abstraction Layer\"=\"KHALMNPR.EXE\" [2006-07-19 13:03 94208 C:\\WINDOWS\\KHALMNPR.Exe]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2006-03-02 14:00 15360]
 
C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\
Bluetooth Manager.lnk - C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe [2007-05-22 17:57:26 2756608]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.l3fhg\"= mp3fhg.acm
\"msacm.divxa32\"= divxa32.acm
\"VIDC.X264\"= x264vfw.dll
\"VIDC.HFYU\"= huffyuv.dll
\"vidc.i263\"= i263_32.drv
\"VIDC.YV12\"= yv12vfw.dll
\"msvideo9\"= SDVC03.drv
\"msacm.mpegacm\"= mpegacm.acm
\"msacm.ulmp3acm\"= ulmp3acm.acm
\"msacm.dvacm\"= C:\\PROGRA~1\\COMMON~1\\ULEADS~1\\vio\\dvacm.acm
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Logitech Desktop Messenger.lnk
backup=C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
path=C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Logitech SetPoint.lnk
backup=C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Magg^Menu Start^Programy^Autostart^OpenOffice.org 2.3.lnk]
path=C:\\Documents and Settings\\Magg\\Menu Start\\Programy\\Autostart\\OpenOffice.org 2.3.lnk
backup=C:\\WINDOWS\\pss\\OpenOffice.org 2.3.lnkStartup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Gadu-Gadu]
--a------ 2007-07-09 09:39 2119104 C:\\Program Files\\Gadu-Gadu\\gg.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LDM]
--a------ 2008-02-23 19:30 36864 C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Lexmark 5200 series]
--a------ 2004-06-04 12:03 57344 C:\\Program Files\\Lexmark 5200 Series\\lxbtbmgr.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\\Program Files\\QuickTime\\QTTask.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
-ra------ 2008-02-01 18:26 22014760 C:\\Program Files\\Skype\\Phone\\Skype.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SmoothView]
--a------ 2007-05-11 11:06 143360 C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\\Program Files\\Winamp\\winampa.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
\"FirewallOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"=
\"C:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"C:\\\\Program Files\\\\Logitech\\\\Desktop Messenger\\\\8876480\\\\Program\\\\LogitechDesktopMessenger.exe\"=
\"C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"C:\\\\WINDOWS\\\\system32\\\\PnkBstrA.exe\"=
\"C:\\\\WINDOWS\\\\system32\\\\PnkBstrB.exe\"=
\"C:\\\\Program Files\\\\BitTornado\\\\btdownloadgui.exe\"=
\"E:\\\\Gry\\\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\\\bin\\\\XR_3DA.exe\"=
\"E:\\\\Gry\\\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\\\bin\\\\dedicated\\\\XR_3DA.exe\"=
\"E:\\\\Gry\\\\World in Conflict\\\\wic.exe\"=
\"E:\\\\Gry\\\\World in Conflict\\\\wic_online.exe\"=
\"E:\\\\Gry\\\\World in Conflict\\\\wic_ds.exe\"=
\"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
\"E:\\\\Gry\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"9582:TCP\"= 9582:TCP:BitComet 9582 TCP
\"9582:UDP\"= 9582:UDP:BitComet 9582 UDP
\"10050:TCP\"= 10050:TCP:b
\"10051:TCP\"= 10051:TCP:b1
\"10052:TCP\"= 10052:TCP:b2
\"10053:TCP\"= 10053:TCP:bt
 
R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-05-16 01:16]
R2 LBeepKE;LBeepKE;C:\\WINDOWS\\system32\\Drivers\\LBeepKE.sys [2006-09-01 13:32]
S3 DVC;USB DVC Svc;C:\\WINDOWS\\system32\\Drivers\\DVC.sys [2003-04-01 17:19]
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{500f1a8a-026b-11dd-a321-0016d4fa35b0}]
\\Shell\\Auto\\command - I:\\activexdebugger32.exe f
\\Shell\\AutoRun\\command - C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\\Shell\\explore\\Command - I:\\activexdebugger32.exe f
\\Shell\\open\\Command - I:\\activexdebugger32.exe f
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{500f1a8b-026b-11dd-a321-0016d4fa35b0}]
\\Shell\\AutoRun\\command - J:\\USBNB.exe
 
.
Contents of the \'Scheduled Tasks\' folder
\"2008-06-25 11:33:52 C:\\WINDOWS\\Tasks\\AppleSoftwareUpdate.job\"
- C:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-Anti Trojan Elite - C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe
HKLM-Run-784c6cf8 - C:\\WINDOWS\\system32\\hrxlfnme.dll
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-NDSTray.exe - NDSTray.exe
SSODL-fsrpknov-{95877F97-B117-428C-92C5-9B4016B6452D} - C:\\WINDOWS\\fsrpknov.dll
 
 
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 21:12:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\agrsmsvc.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe
C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
C:\\WINDOWS\\system32\\cmd.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
C:\\WINDOWS\\system32\\PnkBstrB.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
C:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\TosBtSrv.exe
C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe
C:\\WINDOWS\\system32\\wdfmgr.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Program Files\\Synaptics\\SynTP\\SynToshiba.exe
C:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe
C:\\Program Files\\Camera Assistant Software for Toshiba\\CEC_MAIN.exe
C:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe
C:\\WINDOWS\\system32\\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-11 21:18:18 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-11 19:17:35
 
Pre-Run: 16,142,127,104 bajtów wolnych
Post-Run: 16,248,700,928 bajt˘w wolnych
 
352     --- E O F ---   2008-07-09 11:45:56
Wygenerowano w 0.159s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!