ComboFix 08-07-13.9 - Użytkownik 2008-07-14 13:05:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.238 [GMT 2:00]
Running from: C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
2008-07-14 09:17 . 2008-04-04 18:23 103,037 -rahs---- C:\ranvrgn.exe
2008-07-13 08:46 . 2008-07-13 08:46
2008-07-13 08:44 . 2008-07-13 08:44
2008-07-06 16:35 . 2008-07-06 16:36
2008-07-06 16:35 . 2008-07-06 16:36
2008-07-06 13:51 . 2008-07-06 13:51
2008-07-06 13:46 . 2008-07-13 08:30
2008-07-06 13:10 . 2008-07-06 13:10
2008-07-06 12:32 . 2008-07-06 12:32
2008-07-06 12:32 . 2008-07-06 12:32
2008-06-15 11:45 . 2008-06-15 11:45
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 17:58 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\OpenOffice.org2
2008-07-12 17:58 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\OpenOffice.org2
2008-07-12 17:58 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\OpenOffice.org2
2008-07-06 09:22 --------- d-----w C:\Program Files\Ganymede
2008-06-24 06:57 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\BearShare
2008-06-24 06:57 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\BearShare
2008-06-24 06:57 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\BearShare
2008-06-21 13:11 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Skype
2008-06-21 13:11 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Skype
2008-06-21 13:11 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Skype
2008-06-15 10:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 10:03 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\AdobeUM
2008-06-15 10:03 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\AdobeUM
2008-06-15 10:03 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\AdobeUM
2008-06-06 15:30 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-06 13:58 --------- d-----w C:\Program Files\Asprate
2008-06-01 06:59 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Winamp
2008-06-01 06:59 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Winamp
2008-06-01 06:59 --------- d-----w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\Dane aplikacji\Winamp
2008-05-22 14:04 --------- d-----w C:\Program Files\Advanced Grapher
2008-05-11 18:52 888 ----a-w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\chroma2.dat
2008-05-11 18:52 888 ----a-w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\chroma2.dat
2008-05-11 18:50 4,312 ----a-w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\chroma.dat
2008-05-11 18:50 4,312 ----a-w C:\Documents and Settings\Użytkownik.U-D4EC6129195B4\chroma.dat
2006-03-27 18:37 36 ----a-w C:\Documents and Settings\Użytkownik\klextlock.dat
1999-11-10 19:56 44 ----a-w C:\Program Files\safemode.bat
1999-10-23 22:42 32 ----a-w C:\Program Files\safemode.tcf
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 9.32.59.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 11:03:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-07-13 02:50 4112384]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-07-13 02:50 81920]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-01-10 16:27 385024]
“WinampAgent”=“D:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06 487424]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
“nwiz”=“nwiz.exe” [2004-07-13 02:50 843776 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
“Picasa Media Detector”=“D:\Picasa2\PicasaMediaDetector.exe” [2008-02-26 02:23 443968]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“vidc.3ivx”= 3ivxVfWCodec.dll
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.VP31”= vp31vfw.dll
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\WINDOWS\system32\dplaysvr.exe”=
“D:\Gadu-Gadu\gg.exe”=
“C:\Program Files\Mozilla Firefox\firefox.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\BearShare Applications\BearShare\BearShare.exe”=
“D:\Program Files\THawk2.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“25018:TCP”= 25018:TCP:BitComet 25018 TCP
“25018:UDP”= 25018:UDP:BitComet 25018 UDP
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 11:31]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
.
Contents of the ‘Scheduled Tasks’ folder
“2008-06-25 09:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 13:07:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-14 13:09:22
ComboFix-quarantined-files.txt 2008-07-14 11:08:54
ComboFix2.txt 2008-07-14 08:12:30
ComboFix3.txt 2008-07-14 07:33:41
Pre-Run: 5,229,826,048 bajtów wolnych
Post-Run: 5,219,753,984 bajtów wolnych
128