ComboFix 08-01-11.3 - User 2008-01-12 20:17:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.709 [GMT 1:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.
2008-01-12 19:23 . 2008-01-12 19:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-12 19:23 . 2008-01-12 19:23 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-01-12 19:23 . 2008-01-12 19:23 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-12 19:23 . 2008-01-12 19:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-12 19:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 14:46 . 2008-01-12 19:14 171,520 --a------ C:\WINDOWS\system32\msconfig .exe
2008-01-12 14:36 . 2008-01-12 19:34 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Ustawienia lokalne
2008-01-12 14:36 . 2007-10-24 19:50 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Ulubione
2008-01-12 14:36 . 2007-10-24 17:56 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Szablony
2008-01-12 14:36 . 2007-10-24 19:50 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Pulpit
2008-01-12 14:36 . 2007-10-24 19:50 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Moje dokumenty
2008-01-12 14:36 . 2007-10-24 19:50 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Menu Start
2008-01-12 14:36 . 2007-10-24 19:50 <DIR> dr-h----- C:\Documents and Settings\MasterAdmin\Dane aplikacji
2007-12-31 09:33 . 2007-12-31 09:36 <DIR> d-------- C:\Program Files\Oil Tycoon
2007-12-30 15:40 . 2007-12-30 15:50 32 --a------ C:\WINDOWS\CD-Start.INI
2007-12-30 15:38 . 2007-12-30 15:38 <DIR> d-------- C:\Program Files\Techland
2007-12-25 21:11 . 2007-12-25 21:12 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\SecondLife
2007-12-22 17:34 . 2007-12-22 17:34 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2007-12-18 22:01 . 2007-12-18 22:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-15 19:31 . 2007-12-15 19:31 <DIR> d-------- C:\Program Files\City Interactive
2007-12-14 21:20 . 2007-12-14 21:20 <DIR> d-------- C:\FastDow - Pobrane
2007-12-14 20:59 . 2008-01-09 17:21 <DIR> d-------- C:\FastDow-Pob
2007-12-14 20:59 . 2008-01-07 20:06 <DIR> d-------- C:\FastDow
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:44 507,392 ----a-w C:\WINDOWS\system32\msconfig.exe
2008-01-08 21:32 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Skype
2007-12-31 08:36 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-12-30 14:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 13:19 --------- d-----w C:\Program Files\MoorHunt
2007-12-10 20:07 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-10 19:20 --------- d-----w C:\Program Files\Winamp
2007-12-10 16:21 --------- d-----w C:\Program Files\IrfanView
2007-11-30 19:58 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Nero
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-30 19:55 --------- d-----w C:\Program Files\Nero
2007-11-30 19:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-30 16:01 18,008 ----a-w C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-11-27 16:08 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\ESET
2007-11-27 16:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2007-11-23 20:52 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-11-23 20:52 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-11-23 20:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-11-23 20:50 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-11-23 20:50 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-16 17:50 --------- d-----w C:\Program Files\Electronic Arts
2007-11-16 17:42 --------- d-----w C:\Program Files\Eidos Interactive
2007-11-14 21:36 --------- d-----w C:\Program Files\Fox
2007-11-07 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-31 17:32 19,804,456 ----a-w C:\Program Files\Onet-SkypeSetup.exe
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
- Kod: Zaznacz wszystko
<pre>
----a-w 1,410,304 2008-01-12 18:14:04 C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1001\Dc1\ESET Smart Security\egui .exe
----a-w 298,584 2008-01-12 13:28:32 C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1001\Dc1\ESET Smart Security\nodlogin .exe
----a-w 171,520 2008-01-12 18:14:07 C:\WINDOWS\system32\msconfig .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 17:42 4112384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 17:42 81920]
"nwiz"="nwiz.exe" [2004-07-15 17:42 843776 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-23 21:51 1410304]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2007-12-30 16:00 298584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-05-10 15:39 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-10-23 14:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 C:\WINDOWS\VM_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:37 22983464 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ WebClient LmHosts RemoteRegistry upnphost SSDPSRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:19:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 20:19:50
ComboFix-quarantined-files.txt 2008-01-12 19:19:41
ComboFix2.txt 2008-01-12 18:34:52
ComboFix3.txt 2008-01-12 18:29:28
