ComboFix 08-07-15.4 - User 2008-07-17 17:58:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.542 [GMT 2:00]
Running from: C:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\check_LSA7.txt
C:\host.exe
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abykxmke.dll
C:\WINDOWS\system32\adeswdxv.dll
C:\WINDOWS\system32\allquvro.ini
C:\WINDOWS\system32\anmkpeob.ini
C:\WINDOWS\system32\bftfstak.ini
C:\WINDOWS\system32\brorruay.ini
C:\WINDOWS\system32\chqhikdk.ini
C:\WINDOWS\system32\cukggtdk.ini
C:\WINDOWS\system32\dhpuckin.ini
C:\WINDOWS\system32\dijcrxku.ini
C:\WINDOWS\system32\ekmxkyba.ini
C:\WINDOWS\system32\eusoukcb.ini
C:\WINDOWS\system32\evlbryvs.ini
C:\WINDOWS\system32\fatjphet.ini
C:\WINDOWS\system32\gfrbjvuv.ini
C:\WINDOWS\system32\ggchkrct.dll
C:\WINDOWS\system32\ghphqyiw.ini
C:\WINDOWS\system32\gjemyywu.ini
C:\WINDOWS\system32\gjwncfmf.ini
C:\WINDOWS\system32\haahctuy.ini
C:\WINDOWS\system32\hcwjbbcw.ini
C:\WINDOWS\system32\hlgifxwq.ini
C:\WINDOWS\system32\iblfypaq.ini
C:\WINDOWS\system32\ijeooccm.dll
C:\WINDOWS\system32\ilkwdsvk.ini
C:\WINDOWS\system32\itmbeken.dll
C:\WINDOWS\system32\jamhbssq.ini
C:\WINDOWS\system32\kburrmxy.dll
C:\WINDOWS\system32\kebbytch.ini
C:\WINDOWS\system32\kfkpnwwy.ini
C:\WINDOWS\system32\maamdogl.ini
C:\WINDOWS\system32\mccooeji.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\omkbyejq.ini
C:\WINDOWS\system32\omobicrn.ini
C:\WINDOWS\system32\ongnmpcf.ini
C:\WINDOWS\system32\oqyeqkxc.ini
C:\WINDOWS\system32\oswmdcyp.ini
C:\WINDOWS\system32\oxoaklhp.ini
C:\WINDOWS\system32\pdjnlngf.ini
C:\WINDOWS\system32\pigsgjvq.ini
C:\WINDOWS\system32\pjqkalyb.ini
C:\WINDOWS\system32\pqhwbdfm.ini
C:\WINDOWS\system32\qfprinof.ini
C:\WINDOWS\system32\qpnchncn.dll
C:\WINDOWS\system32\qruyqnor.ini
C:\WINDOWS\system32\rdwpbjdx.ini
C:\WINDOWS\system32\rhlskigm.ini
C:\WINDOWS\system32\sanfkiem.ini
C:\WINDOWS\system32\smglsdra.dll
C:\WINDOWS\system32\snvfqnoo.dll
C:\WINDOWS\system32\svyrblve.dll
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\system32\tkbisfog.ini
C:\WINDOWS\system32\tljjcmyb.ini
C:\WINDOWS\system32\tufadbdh.dll
C:\WINDOWS\system32\vrovigmr.ini
C:\WINDOWS\system32\waotlxvv.ini
C:\WINDOWS\system32\wioaxkwf.ini
C:\WINDOWS\system32\wumoexer.ini
C:\WINDOWS\system32\xeeourbi.ini
C:\WINDOWS\system32\xfvwjdtg.ini
C:\WINDOWS\system32\xggnhqpt.ini
C:\WINDOWS\system32\xvmjsxvv.ini
C:\WINDOWS\system32\yfgegyjk.dll
C:\WINDOWS\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-17 17:26 . 2008-07-17 17:26
2008-07-16 23:13 . 2008-07-16 23:13
2008-07-16 23:13 . 2008-07-16 23:14
2008-07-16 23:06 . 2008-07-16 23:07
2008-07-15 18:32 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-15 18:32 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-29 19:37 . 2008-07-01 18:12
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 11:49 --------- d-----w C:\Program Files\English Translator 3
2008-07-01 16:12 --------- d-----w C:\Program Files\Winamp
2008-06-29 18:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Hamachi
2008-06-29 17:46 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Winamp
2008-06-16 14:29 --------- d-----w C:\Program Files\Picasa2
2008-06-10 12:30 --------- d-----w C:\Program Files\PhotoScape
2008-06-07 11:25 --------- d-----w C:\Program Files\CPU Speed Pro
2008-05-26 12:46 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Talkback
2008-05-26 12:41 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-30 17:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-03-30 17:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-03-30 17:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2007-05-10 21:55 1423872 a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-18 20:40 68856]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-06-02 16:03 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768]
“CloneCDTray”=“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 21:21 57344]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“Pilot”=“C:\KS\KS-EWD\PILOT.EXE” [2008-02-08 20:38 5554688]
“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [2007-03-12 15:51 663552]
“ControlCenter3”=“C:\Program Files\Brother\ControlCenter3\brctrcen.exe” [2007-01-26 16:58 65536]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“SoundMan”=“SOUNDMAN.EXE” [2006-06-20 23:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-03-20 17:11:44 950272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableCAD”= 1 (0x1)
“DisableStatusMessages”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
“vidc.i420”= i420vfw.dll
“vidc.yv12”= yv12vfw.dll
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“msacm.imc”= imc32.acm
“VIDC.ACDV”= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Gadu-Gadu\gg.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“18261:TCP”= 18261:TCP:BitComet 18261 TCP
“18261:UDP”= 18261:UDP:BitComet 18261 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 18:13]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 18:13]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 11:14]
R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 01:08]
S3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14]
S3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e14adb8d-8bac-11dc-8ec7-000e50248795}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
*Newly Created Service* - HELPSVC
.
BHO-{AB5779ED-EC15-400C-B69F-58257D926094} - C:\WINDOWS\system32\geeba.dll
HKCU-Run-AQQ - C:\PROGRA~1\WapSter\AQQ\AQQ.exe
HKCU-Run-Steam - D:\Program Files\Steam\Steam.exe
HKLM-Run-SpeedTouch USB Diagnostics - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
Notify-efccyyw - efccyyw.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 18:01:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-17 18:03:35 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-07-17 16:03:31
Pre-Run: 3,020,177,408 bajtów wolnych
Post-Run: 3,281,362,944 bajt˘w wolnych
255
