ComboFix 08-04-20.2 - dom 2008-04-20 21:03:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.252 [GMT 1:00]
Running from: C:\Documents and Settings\dom\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\Config.xml
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\dom\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 12:27 . 2008-04-20 12:27 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\LEGO Company
2008-04-20 12:25 . 2008-04-20 12:25 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\RateMyScreensaver
2008-04-20 11:24 . 2008-04-20 11:24 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\COWON
2008-04-20 11:03 . 2008-04-20 11:04 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-04-17 20:49 . 2008-04-17 20:49 2,243,260 --ah----- C:\WINDOWS\system32\spython.bin
2008-04-09 22:43 . 2008-04-09 22:43 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\Talkback
2008-04-09 22:26 . 2008-04-10 21:01 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\SiteAdvisor
2008-04-09 22:26 . 2008-04-09 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-04-09 22:26 . 2008-04-09 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-04-09 21:08 . 2008-04-09 21:08 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-09 15:15 . 2008-04-17 21:04 1,432 --a------ C:\WINDOWS\SysMech6.INI
2008-04-08 21:32 . 2008-04-08 21:32 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-08 21:31 . 2008-04-08 21:31 <DIR> d-------- C:\Program Files\iolo
2008-04-08 21:31 . 2006-12-20 12:39 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-04-08 21:31 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-04-08 21:31 . 2005-09-12 13:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-04-06 21:19 . 2008-04-17 15:06 9,253 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-03-31 21:28 . 2008-04-06 21:52 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\Canon
2008-03-30 13:50 . 2008-03-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-03-29 13:59 . 2008-04-12 16:31 0 --a------ C:\hpfr5550.xml
2008-03-29 13:58 . 2008-03-29 13:58 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\AdobeUM
2008-03-26 16:04 . 2008-03-26 16:04 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\ArcaBit
2008-03-23 13:21 . 2008-04-20 10:46 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\skypePM
2008-03-23 13:21 . 2008-03-23 13:21 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-23 13:19 . 2008-03-23 13:19 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-20 09:09 . 2008-03-20 09:09 1,845,504 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 17:39 --------- d-----w C:\Program Files\Kalendarz XP
2008-04-20 13:38 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\Skype
2008-04-20 10:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 19:03 --------- d-----w C:\Program Files\ArcSoft
2008-03-30 12:41 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\CyberLink
2008-03-29 12:36 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\BearShare
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 12:53 --------- d-----w C:\Program Files\Java
2008-03-08 19:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-23 17:10 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-23 17:09 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\DAEMON Tools
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:44 15360]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-05-02 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2007-04-05 19:16 327680]
"Realtime Audio Engine"="mmrtkrnl.exe" [2005-01-20 12:02 53248 C:\WINDOWS\system32\MMRTKRNL.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 01:37 188416]
"C-Media Mixer"="Mixer.exe" [2002-06-12 08:23 1495040 C:\WINDOWS\mixer.exe]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 08:42 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:44 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-06-09 01:11 24576 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Background Optimizer]
D:\Program Files\Background Optimizer\Optimizer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 D:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoZip]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
--a------ 2006-12-20 12:38 557056 D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Watcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"D:\\Program Files\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26290:TCP"= 26290:TCP:BitComet 26290 TCP
"26290:UDP"= 26290:UDP:BitComet 26290 UDP
"14709:TCP"= 14709:TCP:BitComet 14709 TCP
"14709:UDP"= 14709:UDP:BitComet 14709 UDP
"7449:TCP"= 7449:TCP:BitComet 7449 TCP
"7449:UDP"= 7449:UDP:BitComet 7449 UDP
"8737:TCP"= 8737:TCP:BitComet 8737 TCP
"8737:UDP"= 8737:UDP:BitComet 8737 UDP
"23083:TCP"= 23083:TCP:BitComet 23083 TCP
"23083:UDP"= 23083:UDP:BitComet 23083 UDP
"7780:TCP"= 7780:TCP:BitComet 7780 TCP
"7780:UDP"= 7780:UDP:BitComet 7780 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};D:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce8d2180-0a50-11dd-8cfd-0014787240b0}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc678aa4-e1e6-11db-ac38-00116730fa58}]
\Shell\AutoRun\command - xn1i9x.com
\Shell\explore\Command - xn1i9x.com
\Shell\open\Command - xn1i9x.com
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 20:05:51 C:\WINDOWS\Tasks\defragmentacja.job"
- C:\Documents and Settings\dom\Moje dokumenty\MOJE_DOKUMENTY\defragmentacja.cmd
"2008-04-20 11:02:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{182DCC8E-2EB4-4C84-B630-4A59658BDD30}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 21:06:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\D:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-04-20 21:08:45
ComboFix-quarantined-files.txt 2008-04-20 20:08:36
Pre-Run: 9,379,540,992 bajtów wolnych
Post-Run: 9,386,016,768 bajtów wolnych
170 --- E O F --- 2008-04-18 10:21:48
