ComboFix 08-07-10.1 - Admin 2008-07-11 14:12:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.99 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Starware347
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\findithotxp.png
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\finditxp.png
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\highlightxp.png
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\logo.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\buttons\pranks.bmp
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\contexts\error.xml
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\contexts\related.xml
C:\Documents and Settings\All Users\Dane aplikacji\Starware347\contexts\travel.xml
C:\Documents and Settings\TOMEK\Dane aplikacji\Starware347
C:\Documents and Settings\TOMEK\Dane aplikacji\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\TOMEK\Dane aplikacji\Starware347\Manager\ManagerOptions.xml.backup
C:\Program Files\Starware347
C:\Program Files\Starware347\brand.bmp
C:\Program Files\Starware347\icons\star_16.ico
C:\Program Files\Starware347\Starware347Config.xml
.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.
2008-07-11 10:50 . 2008-07-11 10:50
2008-07-11 10:50 . 2008-07-11 10:50
2008-07-11 10:49 . 2008-07-11 10:49
2008-07-08 22:20 . 2008-07-09 14:30
2008-06-11 04:08 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 04:08 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 11:43 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-07-06 20:35 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Tlen.pl
2008-07-02 08:23 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Tibia
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 08:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 08:24 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\AdobeUM
2008-06-09 04:28 --------- d-----w C:\Program Files\eMule
2008-06-07 09:48 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-06-07 09:46 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\skypePM
2008-06-01 19:34 --------- d-----w C:\Program Files\Pedagoguery Software
2008-05-27 13:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Image Zone Express
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-24 13:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]
“Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UMonit”=“C:\WINDOWS\system32\umonit.exe” [2003-08-21 14:47 49152]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“WinampAgent”=“D:\Program Files\Winamp\winampa.exe” [2007-02-13 20:29 35328]
“RemoteControl”=“D:\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-02-07 09:39 94208]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-02-07 09:36 77824]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-02-07 09:40 118784]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-12-10 22:52 49152]
“RTHDCPL”=“RTHDCPL.EXE” [2007-11-06 11:50 16855552 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“D:\Program Files\WapSter\AQQ\AQQ.exe”=
“D:\PROGRA~1\WapSter\AQQ\AQQ.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“9911:TCP”= 9911:TCP:BitComet 9911 TCP
“9911:UDP”= 9911:UDP:BitComet 9911 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 14:49]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 21:19]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e3e8f618-5109-11db-8651-0014851fe043}]
\Shell\AutoRun\command - J:\Autorun.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 14:15:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\umonit.exe?eader\WinXP\fixustor.sys???#?C?US???8???UB???w???tq ?l???|p??|???m??|d??w???#?B$?|???w???w*?,???#???w???tq ???T??? ???tq ???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-11 14:17:59
ComboFix-quarantined-files.txt 2008-07-11 12:17:12
Pre-Run: 25,875,623,936 bajtów wolnych
Post-Run: 26,835,349,504 bajtów wolnych
122 — E O F — 2008-07-09 08:22:43