ComboFix 08-05-09.1 - mariusz 2008-05-10 22:29:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.113 [GMT 2:00]
Running from: C:\Documents and Settings\mariusz\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo1.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-04-18 10:01 . 2008-04-18 10:06
2008-04-17 08:50 . 2008-04-17 08:49 116,606 -r-hs---- C:\x1dg.exe
2008-04-17 08:49 . 2008-04-14 07:58 116,759 -r-hs---- C:\vt6e.cmd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 20:28 --------- d-----w C:\Program Files\Neostrada TP
2008-05-10 17:43 --------- d-----w C:\Program Files\lg_fwupdate
2008-05-06 11:53 --------- d-----w C:\Documents and Settings\mariusz\Dane aplikacji\AdobeUM
2008-04-20 15:57 --------- d-----w C:\Documents and Settings\mariusz\Dane aplikacji\Skype
2008-04-20 14:09 --------- d-----w C:\Documents and Settings\mariusz\Dane aplikacji\skypePM
2008-03-16 21:03 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2008-02-26 16:58 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 13:00 40,960 -c–a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-11-23 18:45 68856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“PowerBar”=“C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” [2004-04-21 10:26 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2006-03-14 04:06 1397760]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“LGODDFU”=“C:\Program Files\lg_fwupdate\fwupdate.exe” [2007-08-25 09:13 249856]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12 49152]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480]
“WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” [2003-10-16 18:07 53248]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-21 11:34:21 966756]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Internet Explorer\iexplore.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“20921:TCP”= 20921:TCP:BitComet 20921 TCP
“20921:UDP”= 20921:UDP:BitComet 20921 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6d83d672-1d1f-11dd-bcd9-4d6564696130}]
\Shell\AutoRun\command - F:\x1dg.exe
\Shell\explore\Command - F:\x1dg.exe
\Shell\open\Command - F:\x1dg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{917d8668-9d04-11dc-baf6-4d6564696130}]
\Shell\AutoRun\command - F:\x1dg.exe
\Shell\explore\Command - F:\x1dg.exe
\Shell\open\Command - F:\x1dg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fa73497e-7b59-11dc-ba86-4d6564696130}]
\Shell\AutoRun\command - F:\x1dg.exe
\Shell\explore\Command - F:\x1dg.exe
\Shell\open\Command - F:\x1dg.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 22:32:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 22:34:14
ComboFix-quarantined-files.txt 2008-05-10 20:34:10
Pre-Run: 1,230,106,624 bajtów wolnych
Post-Run: 1,243,508,736 bajtów wolnych
111