ComboFix 08-01-14.3 - xxxx 2008-01-14 12:44:48.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.157 [GMT 1:00] Running from: C:\Documents and Settings\xxxx\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))) . 2008-01-12 16:25 . 2008-01-12 20:43 2008-01-12 10:01 . 2008-01-12 10:01 2008-01-12 10:00 . 2008-01-12 14:28 2008-01-06 12:51 . 2008-01-06 12:51 2008-01-04 15:34 . 2008-01-04 15:34 1,312,103 --a------ C:\021.rar 2008-01-02 20:21 . 2008-01-12 20:37 2008-01-02 20:21 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-01-02 20:18 . 2008-01-12 20:37 2007-12-21 17:10 . 2008-01-13 09:39 2007-12-21 17:10 . 2007-12-21 17:10 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 06:58 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp 2008-01-14 06:58 2,941,952 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp 2008-01-13 22:50 3,083,776 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp 2008-01-13 22:50 2,941,440 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp 2008-01-13 21:34 --------- d-----w C:\Program Files\Valve 2008-01-12 09:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-12 07:40 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Audacity 2008-01-07 09:54 2,939,392 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp 2008-01-06 20:48 --------- d-----w C:\Program Files\AV VCS 3.0 2008-01-04 20:22 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Skype 2008-01-03 20:39 2,975,232 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp 2008-01-03 20:39 2,917,376 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp 2008-01-02 08:47 2,911,232 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp 2008-01-02 08:47 1,722,880 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2007-12-31 18:04 3,082,752 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp 2007-12-31 18:04 2,906,112 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2007-12-25 10:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-12-21 10:14 --------- d-----w C:\Program Files\Winamp 2007-12-20 17:54 2,886,144 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp 2007-12-20 17:54 2,783,744 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2007-12-17 21:20 3,159,552 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp 2007-12-17 21:20 2,882,048 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2007-12-10 20:35 --------- d-----w C:\Program Files\Java 2007-12-10 20:29 --------- d-----w C:\Program Files\Common Files\Java 2007-12-07 08:45 2,854,912 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-02 18:06 2,850,816 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp 2007-12-02 17:21 2,850,304 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp 2007-12-02 17:20 2,981,376 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp 2007-11-30 15:03 --------- d-----w C:\Program Files\sXe Injected 2007-11-27 14:30 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-27 14:23 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-25 10:13 --------- d-----w C:\Program Files\Native Instruments 2007-11-25 10:12 --------- d-----w C:\Program Files\SpacialAudio 2007-11-24 21:56 3,132,416 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp 2007-11-24 21:56 2,832,384 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp 2007-11-23 16:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-11-23 16:09 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-23 14:15 13,107,316 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-11-21 17:22 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-21 17:15 2,818,560 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp 2007-11-16 17:28 3,654,656 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp 2007-11-16 17:28 2,807,296 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp 2007-11-15 16:32 --------- d-----w C:\Program Files\Ares 2007-11-13 19:13 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp 2007-11-13 19:13 1,723,904 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp 2007-11-12 21:17 3,065,344 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp 2007-11-12 21:17 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp 2007-11-10 08:48 3,271,680 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp 2007-11-10 08:48 2,784,256 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp 2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-26 14:02 2,732,032 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-19 20:55 3,016,704 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp 2007-10-19 20:55 2,706,944 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp 2007-10-14 18:56 1,194,496 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp 2007-10-14 18:55 2,689,536 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp 2007-10-14 14:40 3,056,640 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp 2007-10-14 14:40 2,691,584 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp 2007-10-10 19:45 2,921,984 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp 2007-10-10 19:45 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp 2007-10-09 14:19 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp 2007-10-09 14:19 2,671,616 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp 2007-10-06 11:39 2,949,120 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp 2007-10-06 11:39 2,665,984 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp 2007-10-04 20:32 3,004,928 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp 2007-09-28 15:25 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp 2007-09-27 21:03 2,692,608 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp 2007-09-25 18:43 3,044,864 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp 2007-09-16 14:45 2,854,400 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp 2007-09-16 14:45 2,609,664 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp 2007-09-15 19:13 4,135,424 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp 2007-09-15 19:13 2,605,568 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp 2007-09-06 09:49 3,320,832 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp 2007-09-06 09:49 2,572,288 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp 2007-08-26 20:09 3,756,032 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp 2007-08-26 20:09 2,538,496 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp 2007-08-23 20:06 722,432 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp 2007-08-23 18:27 798,720 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp 2007-08-23 18:27 2,528,768 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp 2007-08-23 16:54 460,288 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp 2007-08-23 16:54 2,528,768 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp 2007-08-23 15:50 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp 2007-08-23 15:49 2,528,768 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp 2007-08-23 15:40 3,336,704 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp 2007-08-23 13:36 2,527,744 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp 2007-08-18 09:02 3,145,728 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp 2007-08-18 09:02 2,494,976 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp 2007-08-13 20:37 2,715,648 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp 2007-08-13 20:37 2,475,520 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp 2007-08-13 17:22 2,475,008 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp 2007-08-13 07:26 2,931,200 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp 2007-08-12 15:06 729,088 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 16:41 45056] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-23 23:38 968696] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47 31016] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nlsf”=“cmd.exe” [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] “nlhr”=“C:\WINDOWS\System32\AdvPack.Dll” [2004-08-03 23:43 100864] “tscuninstall”=“C:\WINDOWS\system32\tscupgrd.exe” [2004-08-03 23:33 44544] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 09:16:02] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlmaint.exe [2002-12-17 17:23:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoUserNameInStartMenu”= 0 (0x0) “NoTrayContextMenu”= 0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 06:45] R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 13:36] R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2006-09-17 17:24] R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2005-11-30 11:43] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 18:07] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 10:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 10:07] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [] S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\Valve\sXe Injected\ddsxei.sys [2008-01-09 07:12] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 02:59] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42] . Contents of the ‘Scheduled Tasks’ folder “2008-01-01 13:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 12:49:53 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-14 12:52:56 . 2008-01-10 06:20:10 — E O F — Prosze wszystkich o pomoc!