ComboFix 08-07-17.4 - admin 2008-07-18 13:21:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.513 [GMT 2:00]
Running from: D:\programy\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-17 13:11 . 2008-07-17 13:11 2,066,298 --a------ C:\INSTRUKCJA.bmp
2008-07-17 13:11 . 2008-07-17 13:11 22,048 --a------ C:\faza.exe
2008-07-04 15:33 . 2008-07-04 15:33 12,800 --ahs---- C:\Thumbs.db
2008-07-04 15:33 . 2008-07-04 15:33 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-24 17:36 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-24 17:35 . 2008-06-24 17:35 <DIR> d-------- C:\Program Files\OpenAL
2008-06-24 17:35 . 2008-06-24 17:35 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-24 17:35 . 2008-06-24 17:35 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 11:21 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-18 08:51 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-16 08:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-11 19:32 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Skype
2008-07-11 19:31 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\skypePM
2008-07-10 18:29 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\DMCache
2008-06-24 15:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 18:09 817,664 ---h--w C:\WINDOWS\system32\wodfamoh.dll
2008-05-29 19:21 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Image Zone Express
2008-05-29 08:49 --------- d-----w C:\Program Files\ChickenInvaders2Polish
2008-05-29 08:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
2008-05-28 14:45 --------- d-----w C:\Program Files\Sierra
2008-05-27 06:28 --------- d-----w C:\Program Files\Abrosoft
2008-05-27 05:47 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2008-05-24 15:23 --------- d-----w C:\Program Files\EA GAMES
2008-05-21 09:12 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\PC Tools
2008-05-21 08:36 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Reallusion
2008-05-21 08:33 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-05-21 07:22 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\PCToolsFirewallPlus
2008-05-21 07:21 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-03-21 12:53 24,192 ----a-w C:\Documents and Settings\admin\usbsermptxp.sys
2008-03-21 12:53 22,768 ----a-w C:\Documents and Settings\admin\usbsermpt.sys
2008-02-15 09:28 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-19 19:22 20,592 ----a-w C:\Documents and Settings\admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-24 14:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 15:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 14:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 13:21 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.xvid"= xvid.dll
"vidc.ffds"= ffdshow.ax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Webteh\\BSplayerPro\\bsplayer.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 20:38]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-22 11:55]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045adee-1c1d-11dd-bca0-001404355128}]
\Shell\AutoRun\command - G:\AutoRun.exe TMM70
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b609c499-1c3f-11dd-bca2-001404355128}]
\Shell\AutoRun\command - G:\AutoRun.exe TMM70
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b609c4a3-1c3f-11dd-bca2-001404355128}]
\Shell\AutoRun\command - H:\AutoRun.exe TMM70
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b609c4a4-1c3f-11dd-bca2-001404355128}]
\Shell\AutoRun\command - I:\AutoRun.exe TMM70
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 13:22:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
Completion time: 2008-07-18 13:23:33
ComboFix-quarantined-files.txt 2008-07-18 11:23:25
Pre-Run: 4,218,007,552 bajtów wolnych
Post-Run: 4,220,350,464 bajtów wolnych
156 --- E O F --- 2008-02-15 09:20:59