ComboFix 08-04-20.5 - Administrator 2008-04-22 17:58:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.691 [GMT 2:00]
Running from: D:\CF\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-11 18:55 . 2008-04-18 20:30 1,712 --a------ C:\WINDOWS\SysMech6.INI
2008-04-11 18:40 . 2008-04-11 18:40
2008-04-11 18:40 . 2006-12-20 12:39 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-04-11 18:40 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-04-11 18:40 . 2005-09-12 13:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-04-11 18:40 . 2008-04-11 19:52 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 17:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-08 17:22 --------- d-----w C:\Program Files\SkanerOnline
2007-07-28 13:53 9,270,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-28 13:53 315,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-06-01 13:32 94208]
“EPSON Stylus Photo R285 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.exe” [2007-04-13 08:00 182272]
“SMSystemAnalyzer”=“D:\programy do kompa\mechanikkc\System Mechanic 6\SMSystemAnalyzer.exe” [2006-12-20 12:38 557056]
“System Mechanic Popup Blocker”=“D:\programy do kompa\mechanikkc\System Mechanic 6\PopupBlocker.exe” [2006-12-20 12:38 752128]
“Gadu-Gadu”=“D:\inne\giegie\Gadu-Gadu\gg.exe” [2006-02-17 15:03 2396160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skrót do strony właściwości High Definition Audio”=“HDAudPropShortcut.exe” [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
“SoundMan”=“SOUNDMAN.EXE” [2007-03-29 23:16 77824 C:\WINDOWS\SOUNDMAN.EXE]
“AlcWzrd”=“ALCWZRD.EXE” [2007-03-29 23:16 2559488 C:\WINDOWS\ALCWZRD.EXE]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40 155648]
“COMODO Firewall Pro”=“D:\bear\fire\comodo\cfp.exe” [2008-01-20 17:39 1481984]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 03:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveSearch”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoInstrumentation”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
–a------ 2007-03-30 13:34 25263144 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2006-06-21 19:14 35328 D:\inne\hvo\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“D:\inne\giegie\Gadu-Gadu\gg.exe”=
“D:\csik\CSCS\hl.exe”=
“D:\Nowy folder (2)\Soldier of Fortune II - Double Helix MP TEST\SoF2MP-Test.exe”=
“D:\GOLD\SoF2MP.exe”=
“D:\bear\Nowy folder (3)\The All-Seeing Eye\eye.exe”=
“D:\round + mousetrap sprawnySTARSZA WESRSJA\The All-Seeing Eye\eye.exe”=
“D:\RedAlert\game.exe”=
“D:\csik\CSCS\hlds.exe”=
“D:\bear\utorrent\utorrent.exe”=
“D:\programy do kompa\Magic Speed\MagicSpeed.exe”=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-20 17:39]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-20 17:39]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:11:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\System32\winlogon.exe
- C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-04-22 18:13:48
ComboFix-quarantined-files.txt 2008-04-22 16:13:09
ComboFix2.txt 2008-03-15 12:43:18
Pre-Run: 27,000,426,496 bajtów wolnych
Post-Run: 26,994,384,896 bajtów wolnych
90 — E O F — 2008-01-05 09:53:42