ComboFix 08-01-07.5 - ^MaTeUsZ^ 2008-01-07 18:31:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.581 [GMT 1:00] Running from: C:\Documents and Settings\^MaTeUsZ^\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\internet explorer\svchost.exe . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-07 18:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-07 18:28 . 2008-01-07 18:28 d-------- C:\Program Files\Trend Micro 2008-01-07 17:37 . 2008-01-07 17:45 d-------- C:\Program Files\Trojan Remover 2008-01-07 17:37 . 2008-01-07 17:37 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software 2008-01-07 17:37 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-01-07 17:37 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-01-07 17:37 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-01-07 17:37 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-01-07 17:37 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-01-07 13:50 . 2008-01-07 13:50 d-------- C:\Program Files\Advanced Spyware Remover 2008-01-06 18:11 . 2008-01-06 18:11 233,472 --a------ C:\WINDOWS\toprates.dll 2008-01-06 18:11 . 2008-01-06 18:11 44 --a------ C:\tmp.bat 2008-01-05 13:34 . 2008-01-05 13:34 d-------- C:\WINDOWS\Downloaded Installations 2008-01-03 02:10 . 2008-01-03 02:10 d-------- C:\WINDOWS\Kopia system32 2008-01-02 09:50 . 2008-01-02 17:46 d-------- C:\Program Files\Warblade 2007-12-31 16:10 . 1998-07-30 12:51 305,152 --a------ C:\WINDOWS\IsUninst.exe 2007-12-31 14:42 . 2007-12-31 14:42 d-------- C:\Program Files\Nowy folder 2007-12-30 12:07 . 2007-12-30 12:07 d-------- C:\Program Files\Dream Day First Home 2007-12-30 10:33 . 2007-12-30 10:33 d-------- C:\Documents and Settings\All Users\Dane aplikacji\HiddenSecretsNightmare 2007-12-30 10:24 . 2007-12-30 10:33 d-------- C:\Program Files\Hidden Secrets - The Nightmare 2007-12-28 21:38 . 2007-12-28 21:38 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-28 21:04 . 2007-12-28 21:38 29,420 --a------ C:\WINDOWS\DIIUnin.dat 2007-12-28 21:03 . 2007-12-28 21:03 106,496 --a------ C:\WINDOWS\DIIUnin.exe 2007-12-28 21:03 . 2007-12-28 21:03 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2007-12-26 08:37 . 2007-12-26 08:37 d-------- C:\Documents and Settings\LocalService\Moje dokumenty 2007-12-24 21:37 . 2007-12-28 19:46 d-------- C:\Program Files\Cyanide 2007-12-17 00:50 . 2007-12-28 19:47 125 --a------ C:\ioSpecial.ini 2007-12-16 22:40 . 2007-12-16 22:40 d-------- C:\My Games 2007-12-16 22:40 . 2007-12-16 22:40 d-------- C:\My Download Files 2007-12-16 22:38 . 2007-12-16 22:38 d-------- C:\Program Files\Real 2007-12-16 22:38 . 2007-12-16 22:38 774,144 --a------ C:\Program Files\RngInterstitial.dll 2007-12-16 22:37 . 2007-12-17 13:48 d-------- C:\Program Files\Google 2007-12-16 22:37 . 2007-12-17 00:50 d-------- C:\Program Files\Common Files\Real 2007-12-13 07:34 . 2007-12-13 07:34 32,768 --a------ C:\WINDOWS\system32\routing.exe 2007-12-12 15:48 . 2005-07-29 16:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe 2007-12-12 15:48 . 2006-05-03 14:46 49,857 --------- C:\WINDOWS\UNNMP.cfg 2007-12-12 15:47 . 2007-12-12 15:47 d-------- C:\Program Files\Common Files\Nero 2007-12-12 15:47 . 2007-12-12 15:47 d-------- C:\Program Files\Common Files\LightScribe 2007-12-12 15:45 . 2007-12-12 15:45 d-------- C:\Program Files\Common Files\Ahead 2007-12-12 15:45 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-12-12 15:45 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-12 15:45 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-12 15:45 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-12-12 15:45 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-12-12 15:45 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-12 15:45 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-12-11 19:25 . 2007-12-11 19:25 d-------- C:\WINDOWS\system32\Color 2007-12-10 16:45 . 2007-12-10 16:45 d-------- C:\Program Files\Bonjour 2007-12-10 14:32 . 2005-11-23 07:25 385,024 --a------ C:\WINDOWS\system32\XPControls.ocx 2007-12-10 14:32 . 1998-06-24 10:56 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-10 14:32 . 1999-08-29 13:15 7,716 --a------ C:\WINDOWS\system32\urlhist.tlb 2007-12-10 13:46 . 2007-12-10 13:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-12-10 10:11 . 2007-12-10 10:11 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grey Alien Games 2007-12-10 09:56 . 2007-12-10 09:58 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Winamp 2007-12-09 17:17 . 2007-12-09 17:31 d-------- C:\Documents and Settings\Tata\Dane aplikacji\Winamp 2007-12-09 13:51 . 2007-12-09 13:51 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-12-09 07:55 . 2007-12-24 10:14 253,440 --a------ C:\WINDOWS\system32\ndt2.sys 2007-12-09 07:55 . 2007-12-09 07:55 45,056 --a------ C:\WINDOWS\system32\Indt2.sys 2007-12-09 07:55 . 2007-12-09 07:55 40 --a------ C:\WINDOWS\system32\drmgs.sys 2007-12-09 07:25 . 2007-12-09 07:25 d-------- C:\Documents and Settings\Damian\Dane aplikacji\uTorrent 2007-12-08 22:29 . 2007-12-17 17:01 d-------- C:\Program Files\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 16:41 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-01-07 16:37 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Simply Super Software 2008-01-07 13:58 4,980,736 ---ha-w C:\Documents and Settings\^MaTeUsZ^\NTUSER.DAT 2008-01-06 20:14 --------- d-----w C:\Program Files\SkanerOnline 2008-01-04 14:00 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\uTorrent 2007-12-31 19:02 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\GetRightToGo 2007-12-28 18:48 --------- d-----w C:\Program Files\CachemanXP 2007-12-23 13:00 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Chocolate Castle 2007-12-19 10:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 06:24 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Google 2007-12-14 16:34 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Adobe 2007-12-10 15:45 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-08 20:56 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Corel 2007-12-06 13:19 --------- d-----w C:\Documents and Settings\Damian\Dane aplikacji\Corel 2007-12-05 12:24 --------- d-----w C:\Documents and Settings\Damian\Dane aplikacji\Winamp 2007-12-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\The Game Equation 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-03 18:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Awem 2007-12-01 09:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Christmasville 2007-11-28 14:31 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Winamp 2007-11-28 14:17 --------- d-----w C:\Program Files\Winamp 2007-11-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2007-11-27 14:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-11-27 10:08 --------- d-----w C:\Program Files\MSXML 4.0 2007-11-27 08:29 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Flood Light Games 2007-11-27 08:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Flood Light Games 2007-11-27 08:11 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Corel 2007-11-26 14:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Corel 2007-11-25 19:34 --------- d-----w C:\Documents and Settings\^MaTeUsZ^\Dane aplikacji\Hewlett-Packard 2007-11-25 19:29 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-11-25 19:29 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-25 19:27 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-11-17 00:50 --------- d-----w C:\Program Files\Alcohol Soft 2007-11-17 00:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:28 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\U3 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 08:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-21 07:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-21 07:51 249,856 ------w C:\WINDOWS\Setup1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E45C414-5019-4966-9013-6950C35E6C06}] 2008-01-06 18:11 233472 --a------ C:\WINDOWS\toprates.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:44 15360] "Gadu-Gadu"="E:\Programy\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-05 06:59 57344 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="E:\Programy\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 20:05 344064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-01-03 17:11 737872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk backup=C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-07-02 11:22 219008 C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 15:46 1460560 E:\Programy\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe R0 pe3agqwc;Loki Environment Driver (pe3agqwc);C:\WINDOWS\system32\drivers\pe3agqwc.sys [2007-08-02 18:48] R0 ps6agqwc;Loki Synchronization Driver (ps6agqwc);C:\WINDOWS\system32\drivers\ps6agqwc.sys [2007-08-02 18:48] R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2003-04-16 13:00] R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2007-12-13 07:34] S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc);C:\WINDOWS\system32\pr2agqwc.exe svc [] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-07 07:14:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1196618418.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 18:35:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-07 18:36:15 ComboFix-quarantined-files.txt 2008-01-07 17:36:00 . 2007-12-26 02:04:00 --- E O F ---