Dodaje jeszcze log z COMBOFIX
ComboFix 08-07-27.2 - 2008-08-05 22:08:33.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.575 [GMT 1:00]
Running from: C:\Documents and Settings\Jan Jaworski\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3
C:\Program Files\rhc1e8j0eae3
C:\WINDOWS\system32\blphc5e8j0eae3.scr
C:\WINDOWS\system32\lphc5e8j0eae3.exe
C:\WINDOWS\system32\phc5e8j0eae3.bmp
C:\WINDOWS\system32\pphc5e8j0eae3.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-05 22:12 . 2008-08-05 22:12 133,120 --a------ C:\WINDOWS\system32\lphc5e8j0eae3.exe
2008-08-05 22:12 . 2008-08-05 22:12 90,838 --a------ C:\WINDOWS\system32\phc5e8j0eae3.bmp
2008-08-05 22:12 . 2008-08-05 22:12 77,824 --a------ C:\WINDOWS\system32\xglojwrq.exe
2008-08-05 22:12 . 2008-08-05 22:12 60,928 --a------ C:\WINDOWS\system32\blphc5e8j0eae3.scr
2008-08-05 21:38 . 2008-08-05 21:38 94,208 --a------ C:\WINDOWS\system32\30.tmp
2008-08-05 21:27 . 2008-08-05 21:27 77,824 --a------ C:\WINDOWS\system32\mnihebyj.exe
2008-08-05 21:11 . 2008-08-05 21:11 77,824 --a------ C:\WINDOWS\system32\gjezovqh.exe
2008-08-05 19:57 . 2008-08-05 19:57 77,824 --a------ C:\WINDOWS\system32\abqnepol.exe
2008-08-05 19:01 . 2008-08-05 19:01
2008-08-05 19:01 . 2008-08-05 19:01
2008-08-05 19:01 . 2008-08-05 19:01
2008-08-05 19:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-05 19:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-05 18:59 . 2008-08-05 18:59 77,824 --a------ C:\WINDOWS\system32\ifshsbij.exe
2008-08-05 07:17 . 2008-08-05 07:17
2008-08-05 07:16 . 2008-08-05 07:16 86,016 --a------ C:\WINDOWS\system32\chqnmhmz.exe
2008-08-04 18:30 . 2008-08-04 18:30
2008-08-04 18:04 . 2008-08-04 18:04 114,176 --a------ C:\WINDOWS\system32\lalalune.exe
2008-08-04 18:04 . 2008-08-04 18:04 81,920 --a------ C:\WINDOWS\system32\zuhebmxk.exe
2008-08-04 17:28 . 2008-08-04 17:28
2008-08-04 17:28 . 2008-08-04 17:28 90,112 --a------ C:\WINDOWS\system32\ulavgdal.exe
2008-08-03 16:51 . 2008-08-03 16:52
2008-07-28 00:46 . 2008-07-28 00:46
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2008-08-05 22:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-08-25 10:18
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2006-09-27 16:09
2008-07-27 14:12 . 2008-07-27 14:12
2008-07-27 13:38 . 2008-07-27 13:38
2008-07-27 13:38 . 2008-07-27 13:38 49,152 --a------ C:\WINDOWS~DF88CF.tmp
2008-07-26 20:13 . 2008-07-26 20:23 4,632,580 --a------ C:\Program Files\setuppol.exe
2008-07-26 19:53 . 2008-07-26 22:50
2008-07-25 20:03 . 2008-07-25 20:03
2008-07-25 18:22 . 2008-07-25 18:22 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-24 18:24 . 2008-07-24 19:37
2008-07-24 18:06 . 2008-07-24 18:06
2008-07-24 17:59 . 2008-07-25 20:48
2008-07-06 22:55 . 2008-07-06 22:55
2008-07-06 22:48 . 2008-07-06 22:48
2008-07-06 22:44 . 2008-07-06 22:44
2008-07-06 22:12 . 2008-07-06 22:16
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 21:12 --------- d-----w C:\Program Files\rhc1e8j0eae3
2008-08-05 07:54 --------- d-----w C:\Documents and Settings\Jan Jaworski\Dane aplikacji\uTorrent
2008-08-04 21:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-08-04 17:06 --------- d-----w C:\Documents and Settings\Jan Jaworski\Dane aplikacji\Skype
2008-08-04 16:41 --------- d-----w C:\Documents and Settings\Jan Jaworski\Dane aplikacji\skypePM
2008-07-26 20:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-26 20:19 --------- d-----w C:\Program Files\Symantec
2008-07-25 19:48 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-25 17:32 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-25 15:57 --------- d-----w C:\Program Files\Google
2008-06-30 16:25 8,213,400 ----a-w C:\Program Files\Firefox Setup 3.0.exe
2008-06-27 17:47 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-25 22:18 --------- d-----w C:\Documents and Settings\Jan Jaworski\Dane aplikacji\XnView
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 16:32 --------- d-----w C:\Program Files\Eidos
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-14 22:20 701,237 ----a-w C:\Program Files\budzik104.exe
2008-04-19 17:56 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2008-04-13 14:24 25,802,312 ----a-w C:\Program Files\wmp11-windowsxp-x86-PL-PL.exe
2008-04-10 20:47 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-03-09 18:06 3,061,518 ----a-w C:\Program Files\Setup_MagicISO.exe
2008-02-14 19:23 18,067,416 ----a-w C:\Program Files\setupUK.exe
2008-02-14 15:29 219,952 ----a-w C:\Program Files\utorrent.exe
2008-01-27 20:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-09-30 11:21 5,979,191 ----a-w C:\Program Files\realalt160.exe
2007-09-29 16:22 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-09-29 16:04 61,647,736 ----a-w C:\Program Files\directx_aug2007_redist.exe
2007-06-24 00:45 4,213,173 ----a-w C:\Program Files\ffdshow_rev1183_20070519_clsid.exe
2007-06-23 18:18 6,448,349 ----a-w C:\Program Files\realalt152.exe
2007-06-10 21:48 2,090,016 ----a-w C:\Program Files\aresregular209_installer.exe
2007-06-01 17:46 4,109,584 ----a-w C:\Program Files\gg77.exe
2007-05-25 20:37 2,248,200 ----a-w C:\Program Files\SopCast.zip
2007-05-25 20:10 1,925,464 ----a-w C:\Program Files\NeoDownloaderLiteSetup.exe
2007-05-25 19:04 11,832,700 ----a-w C:\Program Files\XnView-win-full.zip
2007-05-12 21:00 11,694,924 ----a-w C:\Program Files\QLoaderFull.exe
2007-04-18 19:37 21,734,668 ----a-w C:\Program Files\nero6009.exe
2007-04-13 20:02 750,527 ----a-w C:\Program Files\screamer038.exe
2006-10-15 19:27 1,441,018 ----a-w C:\Program Files\ALLPlayer.exe
2006-09-01 17:18 1,039,438 ----a-w C:\Program Files\wrar351pl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-27_20.37.14.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 21:11:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“actstrproc”=“C:\WINDOWS\system32\mnihebyj.exe” [2008-08-05 21:27 77824]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]
“actsmartchk”=“C:\WINDOWS\system32\xglojwrq.exe” [2008-08-05 22:12 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-05-01 12:04 7557120]
“lphc5e8j0eae3”=“C:\WINDOWS\system32\lphc5e8j0eae3.exe” [2008-08-05 22:12 133120]
“SMrhc1e8j0eae3”=“C:\Program Files\rhc1e8j0eae3\rhc1e8j0eae3.exe” [2008-08-05 12:43 9467904]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
“IZws0nOkF4”=“C:\Documents and Settings\All Users\Dane aplikacji\ipajadmr\elubkvgx.exe” [2008-08-04 17:28 57344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“NoDispBackgroundPage”= 1 (0x1)
“NoDispScrSavPage”= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2006-03-13 12:11 233472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“MonWin”= {31734C8A-D408-73CF-4445-0B8E5B11881E} - C:\Program Files\glhphed\MonWin.dll [2008-08-05 07:17 122880]
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Jan Jaworski^Menu Start^Programy^Autostart^Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\Jan Jaworski\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\actadmsrv]
–a------ 2008-08-05 21:11 77824 C:\WINDOWS\system32\gjezovqh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdmApi]
–a------ 2008-08-05 18:59 77824 C:\WINDOWS\system32\ifshsbij.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
–a------ 2007-05-04 01:32 961024 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
–a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
–a------ 2005-10-06 05:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnMnt]
–a------ 2008-08-05 19:57 77824 C:\WINDOWS\system32\abqnepol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2007-05-10 15:36 2111176 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
–a------ 2005-11-28 10:41 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
–a------ 2005-12-05 11:37 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc5e8j0eae3]
–a------ 2008-08-05 22:12 133120 C:\WINDOWS\system32\lphc5e8j0eae3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgsh]
–a------ 2008-08-04 17:28 90112 C:\WINDOWS\system32\ulavgdal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
–a------ 2006-05-01 12:04 7557120 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
–a------ 2006-05-01 12:04 49152 C:\WINDOWS\system32\nvsysrot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\procchkwin]
–a------ 2008-08-04 18:04 81920 C:\WINDOWS\system32\zuhebmxk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1e8j0eae3]
–a------ 2008-08-05 12:43 9467904 C:\Program Files\rhc1e8j0eae3\rhc1e8j0eae3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
–a------ 2006-03-02 15:02 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
–a------ 2006-01-05 14:02 352256 C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
–a------ 2005-04-12 12:04 65536 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
–a------ 2006-02-02 12:11 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinStrUtil]
–a------ 2008-08-05 07:16 86016 C:\WINDOWS\system32\chqnmhmz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
–a------ 2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
–a------ 2006-05-01 12:04 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
–a------ 2005-12-09 23:49 15691264 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
–a------ 2005-09-16 14:44 73728 C:\WINDOWS\system32\TDispVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
–a------ 2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\utorrent.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\CS1.6 pod-Bot\hl.exe”=
“C:\Program Files\Toshiba\ConfigFree\CFXFER.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Ares\Ares.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1700:TCP”= 1700:TCP:MioNet Remote Drive Access
“1641:TCP”= 1641:TCP:MioNet Remote Drive Verification
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 nenum13E;nenum13E;C:\DOCUME~1\JANJAW~1\USTAWI~1\Temp\nenum13E.sys []
S3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS []
S3 WZCOOK;WEP/WPA-PMK key recovery service;C:\Documents and Settings\Jan Jaworski\Pulpit\aircrack-ng-0.9.2-win\bin\wzcook.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{538fafde-2d88-11dc-b0e6-00a0d164c1dc}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f323e479-5050-11dc-b140-00a0d164c1dc}]
\Shell\AutoRun\command - F:\USBNB.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-ww\msntabres.dll.mui/229?9c654e89597640308ff3e7ea5560729f
O8 -: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-ww\msntabres.dll.mui/230?9c654e89597640308ff3e7ea5560729f
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 22:12:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\HKCU
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\HKCU\RunOnce
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\HKLM
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\HKLM\RunOnce
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\StartMenuAllUsers
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Autorun\StartMenuCurrentUser
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\BrowserObjects
C:\Documents and Settings\Jan Jaworski\Dane aplikacji\rhc1e8j0eae3\Quarantine\Packages
C:\WINDOWS\system32\lphc5e8j0eae3.exe 133120 bytes executable
C:\WINDOWS\system32\phc5e8j0eae3.bmp 90838 bytes
C:\WINDOWS\system32\xglojwrq.exe 77824 bytes executable
C:\WINDOWS\system32\pphc5e8j0eae3.exe 94208 bytes executable
scan completed successfully
hidden files: 15
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\pphc5e8j0eae3.exe
.
**************************************************************************
.
Completion time: 2008-08-05 22:17:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 21:17:30
ComboFix2.txt 2008-08-05 20:30:35
ComboFix3.txt 2008-08-05 17:50:51
ComboFix4.txt 2008-08-05 17:38:45
ComboFix5.txt 2008-08-05 21:08:22
Pre-Run: 61,801,938,944 bajtów wolnych
Post-Run: 61,777,403,904 bajt˘w wolnych
297 — E O F — 2008-07-24 10:21:03