ComboFix 07-12-02.6 - Zielony 2007-12-04 12:51:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.29 [GMT 1:00]
Running from: C:\Documents and Settings\Zielony\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Dane aplikacji\NetMon
C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt
C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt
C:\Program Files\network monitor
C:\WINDOWS\emllbG9ueQ\
C:\WINDOWS\emllbG9ueQ\\yA55v36Ryk.vbs
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\config\45737186.Evt
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASC3550P
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\cmdService
-------\Network Monitor
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.
2007-12-04 12:43 . 2007-12-04 12:43
d-------- C:\Program Files\Trend Micro
2007-11-20 17:58 . 2007-11-20 17:58 1,024 --a------ C:\Documents and Settings\NetworkService\swu98ruw39u523j.exe
2007-11-20 17:58 . 2007-11-20 17:58 8 --a------ C:\asjojwqeras2384u9jdsfkasdf.dat
2007-11-20 17:58 . 2007-11-20 17:58 0 --a------ C:\WINDOWS\iejtdngdsfgmertje.dat
2007-11-13 00:21 . 2007-12-04 12:53 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-11-13 00:21 . 2007-09-19 22:54 d-------- C:\Documents and Settings\Administrator\Ulubione
2007-11-13 00:21 . 2007-09-19 21:02 d--h----- C:\Documents and Settings\Administrator\Szablony
2007-11-13 00:21 . 2007-09-19 22:54 d-------- C:\Documents and Settings\Administrator\Pulpit
2007-11-13 00:21 . 2007-09-19 22:54 d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-11-13 00:21 . 2007-09-19 22:54 dr------- C:\Documents and Settings\Administrator\Menu Start
2007-11-13 00:21 . 2007-09-19 22:54 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-11-13 00:14 . 2007-11-13 00:14 d--h----- C:\WINDOWS\PIF
2007-11-11 18:54 . 2007-11-11 18:54 d-------- C:\Program Files\Alwil Software
2007-11-11 18:54 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-11 18:54 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-11 18:54 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-11 18:54 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-11 18:54 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-11 18:54 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-11 18:54 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-11 18:54 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 18:34 . 2007-11-04 18:34 d-------- C:\Program Files\SlySoft
2007-11-04 18:20 . 2007-11-04 18:20 0 --ahs---- C:\WINDOWS\SDE0AF243.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 21:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-09 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-04 18:27 --------- d-----w C:\Program Files\InstallShield Installation Information
2007-11-04 08:04 --------- d-----w C:\Documents and Settings\Zielony\Dane aplikacji\Avant Profiles
2007-11-02 00:15 20,992 ----a-w C:\vcxitx.exe
2007-10-31 15:47 --------- d-----w C:\Program Files\Zylom Games
2007-10-30 23:49 --------- d-----w C:\Documents and Settings\Zielony\Dane aplikacji\Zylom
2007-10-30 23:49 --------- d-----w C:\Documents and Settings\Zielony\Dane aplikacji\Magic Academy
2007-10-29 19:23 --------- d-----w C:\Documents and Settings\Zielony\Dane aplikacji\GanymedeNet
2007-09-19 20:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
C:\WINDOWS\system\bremct32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-05 22:41]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-10-05 10:28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-06-15 16:20 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-05-19 09:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"DAEMON Tools"="D:\Użytkowe\Total Commander\Daemon Tools\daemon.exe" []
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 20:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"iiKlBZeGwH"= {54FBA986-FE51-032C-3848-1BEC7413D795} - C:\WINDOWS\system32\kgay.dll [ ]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mokkdl32.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
S1 kcp;kcp;\??\C:\WINDOWS\system32\drivers\kcp.sys
S2 Windows Management Service;Windows Management Service;C:\WINDOWS\system32\dmhfo.exe -service
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 18:38:50 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 12:56:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\WINDOWS\
**************************************************************************
.
Completion time: 2007-12-04 12:57:46 - machine was rebooted
.
--- E O F ---