ComboFix 08-01-04.1 - Dawid 2008-01-07 15:38:22.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.639 [GMT 1:00]
Running from: C:\Documents and Settings\Dawid\Pulpit\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\server.exe

.
(((((((((((((((((((((((((   Files Created from 2007-12-07 to 2008-01-07  )))))))))))))))))))))))))))))))
.

2008-01-05 17:28 . 2008-01-05 17:34	<DIR>	d----c---	C:\Program Files\ErrorKiller
2008-01-04 19:34 . 2008-01-04 19:34	<DIR>	d----c---	C:\Program Files\MP3 Player Utilities 4.15
2008-01-04 12:04 . 2008-01-04 12:04	<DIR>	d----c---	C:\Program Files\directx
2008-01-02 11:05 . 2008-01-02 11:05	<DIR>	d----c---	C:\Program Files\Lavasoft
2008-01-02 10:22 . 2008-01-02 10:22	<DIR>	d----c---	C:\Program Files\PITy
2007-12-31 12:48 . 2007-12-31 12:49	<DIR>	d----c---	C:\Program Files\Deutsch Translator 2
2007-12-31 12:46 . 2008-01-06 11:21	<DIR>	d----c---	C:\Program Files\English Translator 3
2007-12-31 12:17 . 2007-12-31 12:17	<DIR>	d----c---	C:\Program Files\ATI
2007-12-30 08:41 . 1998-10-07 13:54	327,168	--a--c---	C:\WINDOWS\IsUn0415.exe
2007-12-29 08:11 . 2008-01-04 10:58	<DIR>	d----c---	C:\Documents and Settings\Dawid\Dane aplikacji\XnView
2007-12-25 09:09 . 2004-08-03 23:00	22,016	--a--c---	C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-12-25 09:09 . 2004-08-03 23:00	22,016	--a--c---	C:\WINDOWS\system32\dllcache\msircomm.sys
2007-12-25 09:01 . 2000-07-14 23:00	434,252	--a--c---	C:\WINDOWS\system32\Msvcrtd.dll
2007-12-24 17:14 . 2007-12-24 17:14	<DIR>	d----c---	C:\Documents and Settings\Dawid\Dane aplikacji\Jasc
2007-12-24 17:13 . 2007-12-24 17:13	<DIR>	d----c---	C:\Program Files\Jasc Software Inc
2007-12-22 13:32 . 2007-07-02 11:27	338,304	--a--c---	C:\WINDOWS\system32\_AxShlEx.dll
2007-12-22 13:31 . 2007-12-22 13:31	<DIR>	d----c---	C:\Program Files\Alcohol Soft
2007-12-21 19:15 . 2007-12-21 19:17	<DIR>	d----c---	C:\Program Files\Common Files\EasyInfo
2007-12-16 15:59 . 2007-12-16 15:59	<DIR>	d----c---	C:\WINDOWS\system32\QuickTime
2007-12-16 15:59 . 1999-11-10 12:05	86,016	--a--c---	C:\WINDOWS\unvise32qt.exe
2007-12-16 15:59 . 2007-12-16 20:46	50,452	--a--c---	C:\WINDOWS\system32\QuickTime.qtp
2007-12-15 22:11 . 2007-12-15 22:11	<DIR>	d----c---	C:\Program Files\FLVPlayer
2007-12-15 21:53 . 2007-12-15 04:48	<DIR>	d----c---	C:\Program Files\AviSynth 2.5
2007-12-15 21:53 . 2004-02-22 10:11	719,872	--a--c---	C:\WINDOWS\system32\devil.dll
2007-12-15 21:53 . 2006-10-07 17:43	502,784	--a--c---	C:\WINDOWS\x2.64.exe
2007-12-15 21:53 . 2007-05-14 15:24	394,240	--a--c---	C:\WINDOWS\system32\Smab.dll
2007-12-15 21:53 . 2007-05-17 17:30	318,976	--a--c---	C:\WINDOWS\system32\avisynth.dll
2007-12-15 21:53 . 2005-02-28 13:16	240,128	--a--c---	C:\WINDOWS\system32\x.264.exe
2007-12-15 21:53 . 2006-04-12 09:47	217,073	--a--c---	C:\WINDOWS\meta4.exe
2007-12-15 21:53 . 2004-01-25 00:00	70,656	--a--c---	C:\WINDOWS\system32\yv12vfw.dll
2007-12-15 21:53 . 2004-01-25 00:00	70,656	--a--c---	C:\WINDOWS\system32\i420vfw.dll
2007-12-15 21:53 . 2006-04-05 08:09	66,560	--a--c---	C:\WINDOWS\MOTA113.exe
2007-12-15 21:53 . 2005-07-14 12:31	27,648	--a--c---	C:\WINDOWS\system32\AVSredirect.dll
2007-12-15 21:35 . 2007-12-15 21:36	<DIR>	d----c---	C:\Documents and Settings\Dawid\Dane aplikacji\Ringtone
2007-12-15 12:14 . 2007-12-15 12:14	<DIR>	dr-h-c---	C:\Documents and Settings\Dawid\Dane aplikacji\SecuROM
2007-12-15 12:14 . 2007-12-15 12:14	107,888	--a--c---	C:\WINDOWS\system32\CmdLineExt.dll
2007-12-09 15:13 . 2007-12-10 17:01	<DIR>	d----c---	C:\Program Files\BitTorrent
2007-12-09 15:13 . 2007-12-22 06:37	<DIR>	d----c---	C:\Documents and Settings\Dawid\Dane aplikacji\BitTorrent
2007-12-09 06:41 . 2007-12-09 06:41	<DIR>	d----c---	C:\WINDOWS\NU_DATA
2007-12-07 16:11 . 2007-12-07 16:11	<DIR>	d----c---	C:\Documents and Settings\Dawid\Dane aplikacji\Reallusion
2007-12-07 16:10 . 2007-12-07 16:10	<DIR>	d----c---	C:\Program Files\Common Files\Reallusion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 14:42	45,140,512	-csha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-07 14:24	622,688	-csha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-07 14:24	187,688	-csha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-07 14:24	1,852,192	-csha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-07 06:55	---------	dc----w	C:\Program Files\Yahoo!
2008-01-06 16:15	---------	dc----w	C:\Program Files\SubEdit-Player
2008-01-06 16:15	---------	dc----w	C:\Program Files\IrfanView
2008-01-06 16:03	---------	dc----w	C:\Program Files\jv16 PowerTools 2007
2008-01-04 10:52	---------	dc-h--w	C:\Program Files\InstallShield Installation Information
2008-01-02 10:06	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\Lavasoft
2007-12-31 11:29	---------	dc----w	C:\Program Files\microsoft frontpage
2007-12-31 10:09	---------	dc----w	C:\Program Files\Java
2007-12-29 18:07	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\Image Zone Express
2007-12-28 16:49	---------	dc----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 16:48	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\gtk-2.0
2007-12-23 18:34	---------	dc--a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-06 05:51	---------	dc----w	C:\Program Files\Common Files\ACD Systems
2007-11-30 17:04	---------	dc----w	C:\Program Files\Maniac
2007-11-29 05:06	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\ACD Systems
2007-11-29 05:05	---------	dc----w	C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2007-11-28 05:01	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\OtakuSoftware
2007-11-22 14:17	---------	dc----w	C:\Program Files\DITel
2007-11-22 06:17	66,872	-c--a-w	C:\WINDOWS\system32\PnkBstrA.exe
2007-11-22 06:17	22,328	-c--a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 06:17	22,328	-c--a-w	C:\Documents and Settings\Dawid\Dane aplikacji\PnkBstrK.sys
2007-11-22 06:17	103,736	-c--a-w	C:\WINDOWS\system32\PnkBstrB.exe
2007-11-16 05:13	536	-c-ha-w	C:\os582744.bin
2007-11-16 05:08	---------	dc----w	C:\Program Files\TI Education
2007-11-13 10:25	20,480	-c--a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 11:59	---------	dc----w	C:\Program Files\Dzielenie i laczenie plikow
2007-11-11 11:50	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\Thinstall
2007-11-11 07:44	---------	dc----w	C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-11-11 07:14	---------	dc----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-11-07 21:38	---------	dc----w	C:\Documents and Settings\Dawid\Dane aplikacji\Gadu-Gadu
2007-10-29 22:44	1,291,264	-c--a-w	C:\WINDOWS\system32\quartz.dll
2007-10-29 05:31	139,264	-c--a-w	C:\WINDOWS\system32\hpzjrd01.dll
2007-10-25 08:28	222,720	-c--a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-15 15:17	5,632	-c--a-w	C:\WINDOWS\system32\BReWErS.dll
2007-06-18 16:57	314	-c--a-w	C:\Program Files\INSTALL.LOG
2007-03-19 18:13	6,422,611	-c--a-w	C:\Program Files\frostwire-4.13.1.6.windows.exe
2004-10-01 13:00	40,960	-c--a-w	C:\Program Files\Uninstall_CDS.exe
2006-05-03 09:06	163,328	-csh--r	C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47	31,232	-csh--r	C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"Odkurzacz-MCD"="D:\Odkurzacz 10.0 Pro\odk_mcd.exe" [2005-12-07 17:28 245248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WL-8314 Configuration Utility.lnk - C:\Program Files\PLANET WL-8314\WLANMON.exe [2007-03-11 10:30:45]
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51	202024	--a--c---	C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
			G:\DAEMON Tools\daemon.exe -lang 1033
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
			F:\kopia z poprzedniego dysku\Gadu-Gadu\gg.exe /tray
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
			HDAShCut.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
2006-03-24 18:09	139367	--a--c---	C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25	1828136	--a--c---	C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	--a--c---	C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
			C:\Program Files\Winamp Remote\bin\OrbTray.exe /background
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11	132496	--a--c---	C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28	36352	--a--c---	C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 13:50]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 15:42:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-07 15:43:33
ComboFix-quarantined-files.txt  2008-01-07 14:43:31
.
2007-12-12 05:24:13	--- E O F ---