
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.952 [GMT 2:00]
Running from: E:\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-06-16 15:06 . 2008-06-16 15:06 35,440 --a------ C:\WINDOWS\system32\sschk.trb
2008-06-16 15:05 . 2008-06-16 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-16 15:05 . 2008-06-16 15:05 585,296 --a------ C:\WINDOWS\system32\trupd.trb
2008-06-16 15:04 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb
2008-06-16 15:04 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\rmvtrjan.trb
2008-06-16 15:04 . 2008-06-16 15:04 878,672 --a------ C:\WINDOWS\system32\trjscan.trb
2008-06-16 15:03 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-16 15:03 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-16 15:02 . 2008-06-16 15:03 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-16 15:02 . 2008-06-16 15:03 <DIR> d-------- C:\Documents and Settings\sharp\Dane aplikacji\Simply Super Software
2008-06-15 16:37 . 2008-06-08 16:12 276,992 --a------ C:\WINDOWS\system32\in_mp3.dll
2008-06-15 16:34 . 2006-09-24 20:37 169,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-15 16:27 . 2008-06-15 16:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 12:55 . 2008-06-15 12:55 <DIR> d-------- C:\Documents and Settings\sharp\Dane aplikacji\AdobeUM
2008-06-15 11:57 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-15 10:37 . 2008-06-15 10:37 <DIR> d-------- C:\Program Files\Winamp
2008-06-15 10:15 . 2008-06-15 10:15 <DIR> d-------- C:\Program Files\RegCleaner
2008-06-15 09:46 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-06-15 09:26 . 2008-06-15 21:17 313 --a------ C:\WINDOWS\LEXSTAT.INI
2008-06-15 09:25 . 2008-06-15 09:25 <DIR> d-------- C:\Documents and Settings\sharp\WINDOWS
2008-06-15 09:25 . 1997-04-18 11:52 298,496 --a------ C:\WINDOWS\unin0415.exe
2008-06-13 20:36 . 2008-06-13 20:36 <DIR> d---s---- C:\Documents and Settings\sharp\UserData
2008-06-13 20:34 . 2008-06-13 20:34 <DIR> d-------- C:\Documents and Settings\sharp\Gadu-Gadu
2008-06-13 20:34 . 2008-06-13 20:34 <DIR> d-------- C:\Documents and Settings\sharp\Dane aplikacji\Gadu-Gadu
2008-06-13 20:33 . 2008-06-13 20:33 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-13 20:32 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-13 20:32 . 2008-06-13 20:32 421 --a------ C:\WINDOWS\ODBC.INI
2008-06-13 20:30 . 2008-06-13 20:30 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-13 20:30 . 2008-06-13 20:30 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-06-13 20:30 . 2008-06-13 20:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-13 20:28 . 2008-06-13 20:28 <DIR> dr--s---- C:\Program Files\MYIE2
2008-06-13 20:28 . 2008-06-13 20:28 <DIR> d-------- C:\Program Files\ESET
2008-06-13 20:21 . 2008-06-13 20:21 <DIR> d-------- C:\Program Files\IrfanView
2008-06-13 20:16 . 2008-06-13 20:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-13 20:10 . 2008-06-13 20:10 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2008-06-13 20:09 . 2003-08-18 05:10 122,880 --a------ C:\WINDOWS\system32\directx.cpl
2008-06-13 20:09 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl
2008-06-13 20:09 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl
2008-06-13 20:09 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-06-13 20:09 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp
2008-06-13 20:08 . 2008-06-13 20:08 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-06-13 20:07 . 2008-06-13 20:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-13 20:01 . 2008-06-13 20:01 <DIR> d--hs---- C:\Recycled
2008-06-13 20:00 . 2008-06-13 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-13 20:00 . 2008-06-13 20:00 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-13 20:00 . 2008-06-13 20:00 584 --a------ C:\WINDOWS\system32\settings.sfm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 18:28 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-13 18:28 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-13 18:28 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-13 17:54 --------- d-----w C:\Program Files\Creative
2008-06-13 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 17:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-13 17:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-13 17:34 --------- d-----w C:\Program Files\Usługi online
.
------- Sigcheck -------
2004-11-23 21:03 359040 a14fafd66adbd55a86f17a37e5ec4263 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-06-13 20:10 98304]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-13 20:28 949376]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-19 11:39 35328]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-16 15:04 878672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 15:29:26
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
C:\WINDOWS\EXPLORER.EXE [1220] 0x8882F4E0
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-06-16 15:30:04
ComboFix-quarantined-files.txt 2008-06-16 13:30:00
Pre-Run: 2,047,647,744 bajtów wolnych
Post-Run: 2,051,473,408 bajtów wolnych
127