ComboFix 08-07-27.5 - Adamus 2008-10-08 21:07:00.2 - NTFSx86
Running from: C:\Documents and Settings\Adamus\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-05 12:24 . 2008-10-05 19:49
2008-10-05 12:24 . 2006-06-26 02:49 1,867,776 --a------ C:\WINDOWS\system32\python24.dll
2008-10-04 00:17 . 2008-10-04 00:17
2008-10-03 20:00 . 2008-08-16 11:42 597,518 --a------ C:\WINDOWS\win32up.exe
2008-10-03 20:00 . 2008-08-16 11:42 597,518 --a------ C:\WINDOWS\loadme.exe
2008-10-03 15:34 . 2008-10-08 19:30
2008-10-01 12:18 . 2008-10-06 12:53
2008-10-01 10:39 . 2008-10-01 12:05
2008-09-30 17:50 . 2008-09-30 17:50
2008-09-26 17:05 . 2008-09-26 17:05
2008-09-20 22:46 . 2008-09-20 22:47
2008-09-19 14:04 . 2008-09-19 16:43
2008-09-19 14:03 . 2008-10-05 12:25
2008-09-09 13:48 . 2008-09-09 13:48
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 12:55 --------- d-----w C:\Documents and Settings\Adamus\Dane aplikacji\teamspeak2
2008-09-11 13:00 --------- d-----w C:\Documents and Settings\Adamus\Dane aplikacji\mIRC
2008-09-05 21:03 --------- d-----w C:\Documents and Settings\Adamus\Dane aplikacji\HP
2008-09-05 19:30 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-25 18:10 --------- d-----w C:\Program Files\Valve
2008-08-16 17:58 --------- d-----w C:\Documents and Settings\Adamus\Dane aplikacji\Ulead Systems
2008-08-16 17:56 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-16 17:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-16 17:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-08-16 17:51 --------- d-----w C:\Program Files\Corel
2008-08-15 11:37 --------- d-----w C:\Program Files\Winamp
2008-07-12 15:15 295,936 ----a-w C:\WINDOWS\inf\isprnt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
“ares”=“C:\Program Files\Ares\Ares.exe” [2008-02-20 16:33 963072]
“Steam”=“C:\Program Files\Steam\Steam.exe” [2008-10-08 19:30 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-10-22 12:22 7700480]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2006-10-22 12:22 86016]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12 49152]
“WinampAgent”=“D:\Program Files\Winamp\winampa.exe” [2008-09-12 18:45 36352]
“Ulead AutoDetector v2”=“C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe” [2007-08-02 21:08 95504]
“nwiz”=“nwiz.exe” [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Oprogramowanie Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
R3 MouseCap;MouseCapture Driver;C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 14:44]
.
Contents of the ‘Scheduled Tasks’ folder
2008-10-04 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job
- C:\Program Files\Antispyware\Antispyware.exe []
2008-10-04 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job
- C:\Program Files\Antispyware []
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
HKCU-Run-AQQ - C:\PROGRA~1\WapSter\AQQ\AQQ.exe
HKLM-Run-C:\WINDOWS\system32\kdnlb.exe - C:\WINDOWS\system32\kdnlb.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fundusze.onet.pl/fundusz.html?rf … 1x=17y=6
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 21:08:16
Windows 5.1.2600 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
Completion time: 2008-10-08 21:11:43
ComboFix-quarantined-files.txt 2008-10-08 19:10:40
ComboFix2.txt 2008-07-28 09:09:13
Pre-Run: 7,639,138,304 bajtów wolnych
Post-Run: 7,889,727,488 bajtów wolnych
103
Oto on proszę zobaczyć czy czysty