ComboFix 08-07-17.4 - q 2008-07-18 14:39:16.1 - FAT32 x86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.319 [GMT 2:00]
Running from: C:\Documents and Settings\q\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-18 14:06 . 2008-07-18 14:06
2008-07-18 12:18 . 2008-07-18 12:18
2008-07-18 12:17 . 2008-07-18 12:17
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 09:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 09:49 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-04-16 12:00 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2003-04-16 12:00 13312]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f3e4fa3d-54bc-11dd-848a-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f3e4fa40-54bc-11dd-848a-806d6172696f}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f3e4fa41-54bc-11dd-848a-806d6172696f}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f3e4fa42-54bc-11dd-848a-806d6172696f}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f3e4fa43-54bc-11dd-848a-806d6172696f}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 14:40:02
Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-18 14:40:20
ComboFix-quarantined-files.txt 2008-07-18 12:40:18
Pre-Run: 8,345,919,488 bajtów wolnych
Post-Run: 8,361,730,048 bajtów wolnych
81