ComboFix 08-07-21.2 - Administrator 2008-07-22 22:00:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1423 [GMT 2:00] Running from: D:\Documents and Settings\Administrator\Moje dokumenty\My Completed Downloads\Combo-Fix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-22 21:58 . 2008-07-22 21:59 2008-07-22 18:32 . 2008-07-22 18:37 2008-07-22 17:49 . 2008-07-22 17:49 2008-07-22 17:49 . 2008-07-22 17:49 2008-07-19 16:32 . 2008-07-19 16:32 2008-07-19 16:32 . 2008-07-19 16:32 2008-07-16 21:25 . 2008-07-22 16:09 2008-07-16 21:25 . 2008-07-16 21:25 32 --a------ D:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-07-16 21:24 . 2008-07-22 21:57 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-15 18:21 . 2008-07-15 18:21 4 --a------ D:\WINDOWS\system32\proc-503976190.bin 2008-07-15 15:05 . 2008-07-15 15:05 2008-07-15 15:05 . 2002-01-01 03:28 860,211 --a-s---- D:\WINDOWS\system32\XSIFtk-3.6.2.1.dll 2008-07-13 13:47 . 2008-07-15 18:21 2008-07-13 13:46 . 2008-07-13 13:47 2008-07-11 23:38 . 2008-07-11 23:38 2008-07-07 15:13 . 2000-05-22 22:58 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx 2008-07-06 11:38 . 2008-07-18 13:15 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-06 11:38 . 2008-07-06 11:38 22,328 --a------ D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys 2008-07-06 11:28 . 2004-08-22 16:31 155,136 --a------ D:\WINDOWS\system32\drivers\d347bus.sys 2008-07-06 11:28 . 2004-08-22 16:31 5,248 --a------ D:\WINDOWS\system32\drivers\d347prt.sys 2008-07-06 11:27 . 2008-07-06 11:27 2008-07-06 10:26 . 2008-07-06 10:26 2008-07-06 10:25 . 2008-07-06 10:25 262,144 --a------ D:\WINDOWS\system32\wrap_oal.dll 2008-07-06 10:25 . 2008-07-06 10:25 86,016 --a------ D:\WINDOWS\system32\OpenAL32.dll 2008-07-01 19:31 . 2008-07-01 19:32 2008-07-01 19:31 . 2008-07-01 19:31 2008-07-01 19:31 . 2008-07-01 19:31 2008-07-01 19:31 . 2008-07-01 19:31 2008-06-30 09:20 . 2008-07-22 12:48 2008-06-28 19:23 . 2008-06-28 19:24 2008-06-28 19:13 . 2008-06-30 09:19 2008-06-28 17:16 . 2008-07-06 11:27 2008-06-28 13:52 . 2008-06-28 13:52 2008-06-28 12:24 . 2008-07-07 15:13 2008-06-26 17:03 . 2008-06-26 17:03 8,192 --ahs---- D:\WINDOWS\Thumbs.db 2008-06-26 12:38 . 2008-06-26 12:38 720,896 --a------ D:\WINDOWS\iun6002.exe 2008-06-26 12:38 . 2008-06-26 12:38 18,004 --a------ D:\WINDOWS\irunin.ini 2008-06-26 12:38 . 2008-06-26 12:38 15,938 --a------ D:\WINDOWS\irunin.lng 2008-06-26 12:38 . 2008-06-26 12:38 9,694 --a------ D:\WINDOWS\irunin.dat 2008-06-26 12:38 . 2008-06-26 12:38 8,134 --a------ D:\WINDOWS\irunin.bmp 2008-06-26 10:22 . 2008-06-30 09:20 2008-06-26 10:22 . 2008-06-26 10:22 479,298 --a------ D:\WINDOWS\system32\wbocx.ocx 2008-06-26 10:22 . 2008-06-26 10:22 172,032 --a------ D:\WINDOWS\system32\AniGIF.ocx 2008-06-26 10:22 . 2008-06-26 10:22 50,688 --a------ D:\WINDOWS\system32\wbhelp2.dll 2008-06-25 23:08 . 2008-06-26 09:31 2008-06-25 14:28 . 2008-06-25 14:28 2008-06-25 14:28 . 2008-07-01 22:52 2008-06-25 13:39 . 2008-06-25 13:39 2008-06-25 13:39 . 2004-10-25 20:02 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys 2008-06-25 13:39 . 1999-11-02 10:01 6,173 --a------ D:\WINDOWS\system32\drivers\Entech.vxd 2008-06-25 13:39 . 2004-06-22 15:44 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys 2008-06-25 13:39 . 2001-11-19 19:05 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys 2008-06-25 13:38 . 2008-06-25 13:38 2008-06-24 23:50 . 2008-06-24 23:50 2008-06-24 23:48 . 2008-06-24 23:49 2008-06-24 23:46 . 2008-06-24 23:46 2008-06-24 23:46 . 2008-07-22 17:49 2008-06-24 22:08 . 2008-06-28 22:48 2008-06-24 22:08 . 2008-06-27 21:51 2008-06-24 22:08 . 2008-06-24 22:08 2008-06-24 20:45 . 2008-06-24 20:45 417,792 --a------ D:\Documents and Settings\Administrator\GL4JavbJauGljJNI14.dll 2008-06-24 20:44 . 2008-06-24 20:44 2008-06-24 19:08 . 2008-06-24 19:08 2008-06-24 19:08 . 2008-06-24 19:08 2008-06-24 19:08 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-06-24 19:05 . 2008-06-24 19:05 2008-06-24 18:12 . 2008-06-24 18:12 0 --a------ D:\WINDOWS\nsreg.dat 2008-06-24 18:05 . 2008-07-22 16:32 3,875 --a------ D:\WINDOWS\wincmd.ini 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\UC.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\RAR.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKZIP.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKUNZIP.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\NOCLOSE.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\LHA.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\ARJ.PIF 2008-06-24 18:05 . 2008-07-20 21:49 191 --a------ D:\WINDOWS\wcx_ftp.ini 2008-06-24 18:03 . 2008-06-24 18:03 87 --a------ D:\WINDOWS\system32\EpfwUser.dat 2008-06-24 17:08 . 2008-06-24 17:08 2008-06-24 17:08 . 2008-06-24 17:08 2008-06-24 17:01 . 2004-08-03 22:31 20,992 --a------ D:\WINDOWS\system32\drivers\RTL8139.sys 2008-06-24 17:01 . 2004-08-03 22:31 20,992 --a–c— D:\WINDOWS\system32\dllcache\rtl8139.sys 2008-06-24 12:48 . 2008-06-14 20:01 273,024 --------- D:\WINDOWS\system32\drivers\bthport.sys 2008-06-24 12:48 . 2008-06-14 20:01 273,024 -----c— D:\WINDOWS\system32\dllcache\bthport.sys 2008-06-24 12:41 . 2008-06-24 12:41 2008-06-24 12:27 . 2008-07-09 14:35 2008-06-24 12:10 . 2008-06-24 12:10 2008-06-24 12:10 . 2008-07-22 22:00 2008-06-24 11:47 . 2008-06-24 11:47 2008-06-24 11:47 . 2001-03-02 10:41 634 --a------ D:\WINDOWS\system32\MAPISVC.INF 2008-06-24 11:43 . 2008-06-24 11:43 2008-06-24 11:43 . 2007-03-07 13:27 4,245,008 --a------ D:\WINDOWS\system32\qtp-mt334.dll 2008-06-24 11:43 . 2007-03-07 13:27 247,824 --a------ D:\WINDOWS\system32\prgiso.dll 2008-06-24 11:43 . 2007-03-07 13:27 38,448 --a------ D:\WINDOWS\system32\drivers\hotcore3.sys 2008-06-24 11:43 . 2007-03-07 13:27 13,840 --a------ D:\WINDOWS\system32\wnaspi32.dll 2008-06-24 11:09 . 2008-03-03 14:25 5,702 --ah----- D:\WINDOWS\nod32restoretemdono.reg 2008-06-24 11:09 . 2008-03-03 18:21 568 --ah----- D:\WINDOWS\nod32fixtemdono.reg 2008-06-23 01:14 . 2008-06-23 01:14 2008-06-23 01:14 . 2008-06-23 01:14 2008-06-23 01:14 . 2008-06-17 19:13 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll 2008-06-23 01:14 . 2008-06-17 19:13 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll 2008-06-23 01:14 . 2008-06-17 19:13 60,273 --a------ D:\WINDOWS\system32\pthreadGC2.dll 2008-06-23 01:14 . 2008-06-17 19:13 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll 2008-06-23 01:14 . 2008-06-17 19:13 547 --a------ D:\WINDOWS\system32\ff_vfw.dll.manifest 2008-06-23 01:10 . 2008-06-23 01:10 2008-06-23 01:10 . 2008-07-22 14:46 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-06-23 01:09 . 2008-06-23 01:09 2008-06-23 01:09 . 2004-08-03 23:08 26,496 --a–c— D:\WINDOWS\system32\dllcache\usbstor.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 11:15 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2008-07-06 09:37 669,184 ----a-w D:\WINDOWS\system32\pbsvc.exe 2008-07-06 09:37 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2008-06-28 15:18 --------- d–h--w D:\Program Files\InstallShield Installation Information 2008-06-24 09:47 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-06-20 17:42 246,784 ----a-w D:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 13:47 --------- d-----w D:\Program Files\Guitar Pro 5 2008-06-18 19:05 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-06-18 18:02 --------- d-----w D:\Program Files\NeroInstall.bak 2008-06-18 18:02 --------- d-----w D:\Documents and Settings\Administrator\Dane aplikacji\Nero 2008-06-18 18:01 --------- d-----w D:\Program Files\Nero 2008-06-18 18:01 --------- d-----w D:\Program Files\Common Files\Nero 2008-06-18 18:01 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-06-18 17:55 --------- d-----w D:\Program Files\DVD Shrink 2008-06-18 01:11 --------- d-----w D:\Program Files\Gigabyte 2008-06-18 01:09 15,600 ----a-w D:\WINDOWS\gdrv.sys 2008-06-17 21:37 315,392 ----a-w D:\WINDOWS\HideWin.exe 2008-06-17 21:37 --------- d-----w D:\Program Files\Realtek 2008-06-17 21:36 --------- d-----w D:\Program Files\DIFX 2008-06-17 21:36 --------- d-----w D:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-06-17 21:35 --------- d-----w D:\Program Files\Yahoo! 2008-06-17 19:35 --------- d-----w D:\Program Files\microsoft frontpage 2008-06-17 19:33 --------- d-----w D:\Program Files\Usługi online 2008-06-10 16:56 34,312 ----a-w D:\WINDOWS\system32\drivers\epfwtdir.sys 2008-06-10 16:48 53,256 ----a-w D:\WINDOWS\system32\drivers\easdrv.sys 2008-06-10 16:47 39,944 ----a-w D:\WINDOWS\system32\drivers\eamon.sys 2008-05-07 05:16 1,291,264 ----a-w D:\WINDOWS\system32\quartz.dll 2008-04-30 15:27 442,368 ----a-w D:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360] “Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392] “Skype”=“D:\Program Files\Skype\Phone\Skype.exe” [2007-12-12 15:23 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “EasyTuneV”=“D:\Program Files\Gigabyte\ET5\ETcall.exe” [2007-08-14 14:10 20480] “NeroFilterCheck”=“D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664] “egui”=“D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-06-10 18:52 1447168] “SunJavaUpdateSched”=“D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784] “DownloadAccelerator”=“D:\Program Files\DAP\DAP.EXE” [2008-06-26 10:22 3053056] “DAEMON Tools-1033”=“D:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05 81920] “NvCplDaemon”=“D:\WINDOWS\system32\NvCpl.dll” [2008-05-03 05:46 13529088] “nwiz”=“nwiz.exe” [2008-05-03 05:46 1630208 D:\WINDOWS\system32\nwiz.exe] “Resume copy”=“copyfstq.exe” [2002-03-24 12:54 46080 D:\WINDOWS\COPYFSTQ.EXE] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360] D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] D:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 13:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 17:07 1828136 D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-03 05:46 13529088 D:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-03 05:46 86016 D:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 D:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 D:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-03 09:52 16841216 D:\WINDOWS\RTHDCPL.exe [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\totalcmd\TOTALCMD.EXE”= “D:\Program Files\DAP\DAP.exe”= “F:\Gry\TDU\TestDriveUnlimited.exe”= “D:\Program Files\Gadu-Gadu\gg.exe”= “F:\Gry\crysis\Bin32\Crysis.exe”= “F:\Gry\crysis\Bin32\CrysisDedicatedServer.exe”= “D:\WINDOWS\system32\PnkBstrA.exe”= “D:\WINDOWS\system32\PnkBstrB.exe”= “E:\do spr\stary\Szpol\Wolf\Nowy folder\ETDED.exe”= “E:\do spr\stary\Szpol\Wolf\Nowy folder\ET.exe”= “D:\Program Files\Skype\Phone\Skype.exe”= R0 hotcore3;hotcore3;D:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 13:27] R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56] S2 NOD32FiXTemDono;Eset Nod32 Boot;D:\WINDOWS\system32\regedt32.exe [2004-08-04 14:00] *Newly Created Service* - CATCHME *Newly Created Service* - NTMSSVC *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-amva - D:\WINDOWS\system32\amvo.exe MSConfigStartUp-Rapget - G:\aukcja\rapget.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com O8 -: Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 -: Download with DAP - D:\Program Files\DAP\dapextie.htm O8 -: Download all with DAP - D:\Program Files\DAP\dapextie2.htm O8 -: Download with Rapget - G:\aukcja\rapget.htm O17 -: HKLM\CCS\Interface{5A7D9618-94D4-4840-BD9D-F4F4B09EBD84}: NameServer = 1.1.1.1,1.5.4.7 O17 -: HKLM\CCS\Interface{D99AA5DC-E3F8-4738-9657-BD1706F7DE27}: NameServer = 213.25.34.2,34.2.2.2 O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - D:\PROGRA~1\DAP\dapie.dll O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - D:\PROGRA~1\DAP\dapie.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 22:01:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-22 22:02:16 ComboFix-quarantined-files.txt 2008-07-22 20:02:12 Pre-Run: 10,317,615,104 bajtów wolnych Post-Run: 10,320,646,144 bajtów wolnych 249 — E O F — 2008-07-09 22:08:03 teraz to juz calkiem nic nie wiem
ps. warto inwestowac w nod32?