ComboFix 07-09-18.4 - “Dom” 2007-09-19 18:50:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.
2007-09-19 18:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-19 18:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-19 18:23 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-19 18:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-19 18:23 1,958 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-19 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 16:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-17 16:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-17 16:52 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-17 16:52 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-17 16:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-17 16:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-17 16:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-17 16:52 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-17 16:52
2007-09-09 15:45
2007-09-09 15:45
2007-08-23 14:23 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-23 14:12
2007-08-21 08:55
2007-08-20 22:14 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-20 17:42
2007-08-20 17:24 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-20 11:55
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 17:32 --------- d-------- C:\Program Files\Symantec
2007-09-17 17:32 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-17 17:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec
2007-09-08 21:17 --------- d-------- C:\Program Files\Knight Online-ok
2007-09-07 16:36 560 --a------ C:\Program Files\Global.sw
2007-08-24 14:07 --------- d-------- C:\Program Files\TCC
2007-08-21 09:12 --------- d–h----- C:\Program Files\InstallShield Installation Information
2007-08-21 09:10 --------- d-------- C:\Program Files\BFG
2007-08-18 20:29 --------- d-------- C:\Program Files\Winamp
2007-08-16 17:20 --------- d-------- C:\Program Files\SoftwrapLicense
2007-08-12 20:07 --------- d-------- C:\Program Files\Dear Camy
2007-08-12 20:05 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-08-12 20:05 286720 --------- C:\WINDOWS\Setup1.exe
2007-07-12 09:12 81920 --a------ C:\WINDOWS\system32\frapsvid.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 13:22]
“nwiz”=“nwiz.exe” [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-10-22 13:22 C:\WINDOWS\system32\nvmctray.dll]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“Steam”=“C:\Program Files\Valve\Steam\Steam.exe” []
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 NTSIM;NTSIM;??\C:\WINDOWS\system32\ntsim.sys
S3 XDva009;XDva009;??\C:\WINDOWS\system32\XDva009.sys
S3 XDva010;XDva010;??\C:\WINDOWS\system32\XDva010.sys
S3 XDva012;XDva012;??\C:\WINDOWS\system32\XDva012.sys
S3 XDva013;XDva013;??\C:\WINDOWS\system32\XDva013.sys
S3 XDva014;XDva014;??\C:\WINDOWS\system32\XDva014.sys
S3 XDva016;XDva016;??\C:\WINDOWS\system32\XDva016.sys
S3 XDva020;XDva020;??\C:\WINDOWS\system32\XDva020.sys
S3 XDva025;XDva025;??\C:\WINDOWS\system32\XDva025.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{506b55c2-8a2b-11db-a0fe-806d6172696f}]
AutoRun\command- D:_AUTORUN\AUTORUN.EXE
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 18:51:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
Completion time: 2007-09-19 18:53:14
.
— E O F —
Złączono Posta : 20.09.2007 (Czw) 16:12
PS.Masz dobry podpis dotyczący formata :]
Wszyscy radzili mi format z tymi wirusami ale zależało mi na plikach