ComboFix 08-07-31.01 - Przemek 2008-07-31 19:56:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.652 [GMT 2:00]
Running from: C:\Documents and Settings\Przemek\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\tmp24.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-31 15:57 . 2008-07-31 15:57
2008-07-31 15:57 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-31 15:56 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-27 01:14 . 2008-07-27 01:14
2008-07-25 04:11 . 2008-07-25 04:11
2008-07-25 04:11 . 2008-07-25 04:11 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-25 04:11 . 2008-07-25 04:11 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-24 13:48 . 2008-07-24 13:48
2008-07-24 13:46 . 2008-07-24 13:46
2008-07-19 12:32 . 2008-07-19 12:32
2008-07-18 14:39 . 2008-07-18 14:39
2008-07-18 14:26 . 2008-07-18 14:43
2008-06-22 21:13 . 2008-06-22 21:13
2008-06-22 21:00 . 2008-06-22 21:00
2008-06-08 20:26 . 2008-06-16 21:59
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 22:52 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Skype
2008-07-24 11:40 --------- d-----w C:\Program Files\SubEdit-Player
2008-07-20 01:26 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\OpenOffice.org2
2008-07-19 10:34 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-08 18:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-30 22:33 --------- d-----w C:\Program Files\Apple Software Update
2008-05-30 22:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-10 17:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-25 22:49 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-01-25 22:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-01-25 22:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012520080126\index.dat
2008-01-25 22:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2008-02-01 09:20 2194744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2006-12-18 13:39 94720]
“OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2006-12-29 15:06 335872]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe
“BitComet”=“C:\Program Files\BitComet\BitComet.exe” /tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“Smapp”=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
“Easy-PrintToolBox”=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“20302:TCP”= 20302:TCP:BitComet 20302 TCP
“20302:UDP”= 20302:UDP:BitComet 20302 UDP
R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 14:53]
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 13:56]
R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2006-12-13 15:23]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2006-12-18 13:39]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:44]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2006-12-18 13:40]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2006-12-18 13:40]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2006-12-18 13:40]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2006-12-18 13:39]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2006-12-18 13:40]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2006-12-18 13:39]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2006-12-18 13:39]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2006-12-18 13:40]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2006-12-18 13:40]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2006-12-18 13:40]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2006-12-18 13:40]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2006-12-18 13:40]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2006-12-18 13:40]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-26 17:51]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder
2008-06-06 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 16:17]
2008-05-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Przemek\Dane aplikacji\Mozilla\Firefox\Profiles\d9n5027h.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 20:01:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-31 20:03:11
ComboFix-quarantined-files.txt 2008-07-31 18:02:57
Pre-Run: 23,777,931,264 bajtów wolnych
Post-Run: 24,065,318,912 bajtów wolnych
137 — E O F — 2008-01-26 14:11:10
Jakby ktoś rzucił okiem byłoby ok.Komp jest znajomego i uparł się na formata.