Professional Documents
Culture Documents
Combo Fix
Combo Fix
1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1543 [GMT 1:00]
Running from: F:\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
!![/b][/color]
.
(((((((((((((((((((((((((
))))))))))))))))))))))))
.
--a------
C:\WINDOWS\syste
--a------
C:\WINDOWS\syste
d--------
C:\Program Files
d--------
C:\Documents and
d--------
C:\Documents and
d--------
C:\Program Files
d--------
C:\Program Files
d--------
C:\Program Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2008-03-04 08:43
--------d-----w C:\Program Files\Winamp Toolbar
2008-03-04 08:42
--------d-----w C:\Program Files\MUSHclient
2008-03-04 08:38
--------d-----w C:\Program Files\Google
2008-03-04 08:38
--------d-----w C:\Program Files\Gadu-Gadu
2008-03-04 08:38
--------d-----w C:\Program Files\Common Files\Sy
mantec Shared
2008-03-04 08:38
--------d-----w C:\Program Files\Common Files\So
nic Shared
2008-03-04 08:37
--------d-----w C:\Program Files\Common Files\Li
ghtScribe
2008-02-25 08:51
--------d-----w C:\Program Files\Burn4Free
2008-02-20 07:45
--------d-----w C:\Program Files\Symantec
2008-02-20 07:45
--------d-----w C:\Documents and Settings\All Us
ers\Application Data\Symantec
2008-02-12 22:08
--------d-----w C:\Program Files\Common Files\Ad
obe
2008-02-06 14:06
--------d-----w C:\Documents and Settings\Admini
strator\Application Data\Winamp
2008-02-03 17:00
--------d-----w C:\Program Files\Norton Security
Scan
2008-02-02 11:56
--------d-----w C:\Program Files\Norton Ghost
2008-01-24 07:59
--------d-----w C:\Documents and Settings\All Us
ers\Application Data\Lavasoft
2008-01-24 07:58
9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-24 07:58
8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-24 07:58
12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 07:50
--------ers\Application Data\Kaspersky Lab
2008-01-21 16:07
229,728 ----a-w
_9375.exe
2008-01-11 08:58
--------nstallation Information
2008-01-11 08:58
--------2008-01-06 17:55
--------.
)))))))))))))))))))
:04 84640]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2007-04
-10 12:01 1537640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-0
9-25 01:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDes
ktop.exe" [2007-05-17 07:56 1831936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_s
l.exe" [2007-10-10 19:51 39792]
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Shortcut to Welcome.lnk - C:\Welcome\welcome.exe [2005-09-27 12:08:54 436224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\C
ineTray.exe [2005-03-30 11:22:00 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
rus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewa
ll]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 11:00]
R2 Harmonogram automatycznej uslugi LiveUpdate;Harmonogram automatycznej uslugi
LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-1
3 14:54]
S3 hpdat;hpdat;C:\WINDOWS\system32\DRIVERS\hpdat.sys [2005-07-06 07:42]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
[2001-08-17 12:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\{06c67930-a135-11dc-bede-0018fe6a417e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_
RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2008-03-04 11:24:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 11:24:18
.
2008-01-23 15:42:29
--- E O F ---