"Klaudiusz" - 2007-07-14 11:25:21 - ComboFix 07-07-13.8 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))
2007-07-14 11:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 15:14 <DIR> d-------- C:\WINDOWS\pss
2007-07-13 14:26 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-13 14:23 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-07-13 14:23 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-13 14:16 96,256 --a------ C:\WINDOWS\system32\drivers\sptd1357.sys
2007-07-13 14:16 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-13 12:01 <DIR> d-------- C:\Program Files\Winamp
2007-07-13 09:17 <DIR> d-------- C:\Program Files\SkanerOnline
2007-07-12 21:44 <DIR> dr-hs---- C:\Recycled
2007-07-12 15:20 <DIR> d-------- C:\DOCUME~1\KLAUDI~1\.gimp-2.3
2007-07-12 15:14 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-07-12 15:06 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-07-12 14:54 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-12 14:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-12 14:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-12 12:06 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-12 12:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-12 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-07-12 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Office Genuine Advantage
2007-07-11 11:14 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-11 11:14 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-11 11:14 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-10 19:26 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-10 14:05 <DIR> d-------- C:\Program Files\ivo
2007-07-10 13:53 <DIR> d-------- C:\WINDOWS\speech
2007-07-09 11:03 77,824 --a------ C:\WINDOWS\system32\vorbisfile.dll
2007-07-09 11:03 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-09 11:03 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-09 11:03 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 11:03 524,288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-07-09 11:03 49,152 --a------ C:\WINDOWS\system32\ogg.dll
2007-07-09 11:03 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-09 11:03 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 11:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 11:03 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-09 11:03 1,200,128 --a------ C:\WINDOWS\system32\vorbis.dll
2007-07-09 11:03 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 11:03 1,015,808 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-07-09 11:03 <DIR> d-------- C:\Program Files\Codec
2007-07-08 16:26 <DIR> d--hs---- C:\DOCUME~1\KLAUDI~1\UserData
2007-07-08 10:56 <DIR> d-------- C:\DOCUME~1\KLAUDI~1\DANEAP~1\Samsung
2007-07-08 10:54 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-07-08 10:54 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-07-08 10:54 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-07-08 10:54 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-07-08 10:54 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-07-08 10:54 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-07-08 10:54 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-07-08 10:54 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-07-08 10:53 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-07-08 10:53 <DIR> d-------- C:\Program Files\Samsung
2007-07-07 19:10 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-07 19:10 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-07 19:10 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-07 19:10 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-07 19:10 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-07-07 19:10 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-07 19:10 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-07-07 19:10 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-07 19:10 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-07 19:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-07 19:10 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-07 10:48 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-07 10:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-07 10:47 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-07-07 10:47 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-07-07 10:47 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-07 10:47 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-07 10:47 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-07-07 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-07-07 10:47 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-07 10:47 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-07-07 10:47 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-07-07 10:47 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-07-07 10:47 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-07-07 10:47 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-07-07 10:47 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-07 10:47 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-07-07 10:47 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-07-07 10:47 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-07 10:47 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-07-07 10:45 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-07 10:45 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-07-07 10:45 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-07 10:45 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-07 10:45 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-07 10:45 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-07 10:45 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-07 10:45 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-07 10:45 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-07 10:45 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-07-07 10:45 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-07-07 10:45 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-07-07 10:45 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-07 07:19:08 -------- d-----w C:\Program Files\Przeglądarka migawek
2007-07-07 07:03:45 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-07 07:03:45 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-07 06:55:52 -------- d-----w C:\Program Files\Usługi online
1999-05-17 11:58:52 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 00:53:54 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 00:53:54 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 00:53:54 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 00:53:54 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 00:53:54 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2007-07-02 17:10 1062184 --a------ C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 12:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
Open(&O)\command- Recycled\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1158135c-304b-11dc-98f0-00301b1c70fe}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{497d720a-30a4-11dc-98f5-00301b1c70fe}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 11:26:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-14 11:27:39
--- E O F ---
jeszcze zauwazylem ze w kazdym z dyskow tworzy sie plik autorun i wnim jest napisane zeby otwierac plik ctfmon.exe
to jest chyba komenda do tego wira.