ComboFix 07-11-19.3 - www 2007-11-21 20:24:06.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.200 [GMT 1:00] Running from: C:\Documents and Settings\www\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat . ((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))) . 2007-11-20 23:12 d-------- C:\Temp 2007-11-20 23:12 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Prevx 2007-11-20 22:54 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-20 22:03 d-------- C:\Program Files\Trend Micro 2007-11-06 08:36 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-05 21:06 d-------- C:\WINDOWS\Asus_A6_ScreenSaver dir 2007-11-05 21:06 d-------- C:\Program Files\Lavasoft 2007-11-05 21:06 d-------- C:\Program Files\Common Files\Adobe 2007-11-05 21:06 d-------- C:\Program Files\7-Zip 2007-11-04 22:29 d-------- C:\Documents and Settings\www\Contacts(2) 2007-10-30 21:40 d-------- C:\Program Files\Java 2007-10-30 21:40 d-------- C:\Program Files\Common Files\Java 2007-10-29 23:30 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-29 22:33 d-------- C:\totalcmd 2007-10-25 14:09 d-------- C:\Program Files\CONEXANT 2007-10-25 13:03 d-------- C:\Program Files\PC Drivers HeadQuarters 2007-10-21 21:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel 2007-10-21 21:45 23 --a------ C:\WINDOWS\system32\drivers\verfile.tic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-29 22:33 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-29 22:33 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-21 20:58 606,848 ----a-w C:\WINDOWS\flashax.exe 2007-10-21 20:58 503,808 ----a-w C:\WINDOWS\Asus_A6_ScreenSaver.scr 2007-10-21 20:58 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-10-21 20:46 17,056 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-10-20 09:16 --------- d-----w C:\Program Files\Spyware Doctor 2007-10-20 09:14 15,435,920 ----a-w C:\Program Files\sdstart.exe 2007-10-16 11:15 --------- d-----w C:\Program Files\Realtek AC97 2007-10-16 11:05 --------- d-----w C:\Program Files\WDM_A399 2007-10-15 19:28 --------- d-----w C:\Program Files\AMDAGP 2007-10-15 19:27 624,544 ----a-w C:\Program Files\AMD-533-W2KXP.EXE 2007-10-14 07:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-14 07:24 2,273,552 ----a-w C:\Program Files\au.exe 2007-10-13 20:05 --------- d-----w C:\Program Files\ASUSTeK 2007-10-13 19:50 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-10-13 19:50 --------- d-----w C:\Program Files\AvRack 2007-10-08 22:11 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-07 19:57 --------- d-----w C:\Program Files\MIKSOFT 2007-10-04 16:11 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys 2007-10-04 16:10 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-04 16:10 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-04 16:10 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-09-06 20:50 18,895,728 ----a-w C:\Program Files\Install_Messenger.exe 2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-23 11:58 522,682 ----a-w C:\Program Files\aspi_471a2.exe 2007-04-27 19:32 14,993,976 ----a-w C:\Program Files\Google_Earth_AZXD.exe 2007-01-29 16:11 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe 2006-12-16 13:32 1,410,680 ----a-w C:\Program Files\install_flash_player.exe 2006-05-31 18:24 3,833,344 ----a-w C:\Program Files\ow32enen854.exe 2006-04-14 20:45 6,200,832 ----a-w C:\Program Files\sp830_win2000_5.4b.exe 2006-04-14 14:09 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe 2005-12-26 11:01 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe 2005-10-12 09:33 3,751,820 ----a-w C:\Program Files\gg70.exe 2004-12-02 21:26 557,735 ----a-w C:\Program Files\AMRcon13-setup.exe 2007-03-25 20:35 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-25 20:35 88 --sh--r C:\WINDOWS\system32\941CA679E3.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] "swg"="C:\WINDOWS\system32\regsvr32.exe" [2004-08-04 13:00] "SpyBrowser"="C:\Program Files\SpyBro\SpyBro.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:47] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="C:\Documents and Settings\www\Dane aplikacji\Mozilla\Firefox\Profiles\m4rp4ay1.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 13:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-11-03 08:48] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-15 17:02] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-15 17:02] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-16 05:55] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-16 05:55] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-06 16:48] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-06 16:52] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54] "SoundMan"="SOUNDMAN.EXE" [2004-12-16 15:19 C:\WINDOWS\soundman.exe] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24] "NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2004-12-08 10:09] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-29 23:33] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and Settings\www\Menu Start\Programy\Autostart\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-13 22:02:25] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2006-11-17 09:34:01] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2007-11-04 23:42:16] ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-08-15 05:48:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys R3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211u.sys S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\www\USTAWI~1\Temp\AMDPCI.sys S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys S3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for IEEE 802.11b Wireless LAN USB Card (R);C:\WINDOWS\system32\DRIVERS\vnetusbk.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys S3 ids0005c;ids0005c;\??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys S3 klstm;klstm;\??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-21 20:25:44 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-21 20:26:10 . --- E O F ---