ComboFix 08-02-11.2 - Beata 2008-02-11 15:30:57.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.187 [GMT 1:00] Running from: C:\Documents and Settings\Beata.KOMPUTERBEATKI\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\#SharedObjects\CZTYW9XG\www.broadcaster.com C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-11 15:19 . 2004-08-04 00:44 395,776 --a------ C:\kmd.exe 2008-02-09 10:19 . 2008-02-09 10:19 d-------- C:\Program Files\Hijack This 2008-02-09 09:30 . 2008-02-09 09:30 d-------- C:\Program Files\silent runers 2008-02-06 12:32 . 2008-02-06 12:32 d-------- C:\Program Files\SpyRemover 2008-01-25 20:52 . 2008-01-25 20:52 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Gadu-Gadu 2008-01-22 11:50 . 2008-01-22 11:50 0 --a------ C:\WINNT\Irremote.ini 2008-01-21 12:02 . 2008-01-21 12:02 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Nero 2008-01-21 11:59 . 2008-01-21 11:59 d-------- C:\Program Files\Common Files\Nero 2008-01-21 11:59 . 2008-01-21 11:59 d-------- C:\Documents and Settings\All Users.WINNT\Dane aplikacji\Nero 2008-01-20 13:45 . 2008-01-20 13:45 d-------- C:\Program Files\Tlen.pl 2008-01-20 13:45 . 2008-01-20 13:45 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Tlen.pl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 10:39 --------- d-----w C:\Program Files\eMule 2008-01-07 10:04 33 ----a-w C:\WINNT\system32\drivers\adidsl.cfg 2008-01-07 10:03 --------- d-----w C:\Program Files\SAGEM 2008-01-07 10:03 --------- d-----w C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\InstallShield 2007-12-06 20:56 73,216 ----a-w C:\WINNT\ST6UNST.EXE 2007-12-06 20:56 487,424 ------w C:\WINNT\Setup1.exe 2007-12-04 13:04 837,496 ----a-w C:\WINNT\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINNT\system32\AVASTSS.scr 2007-11-14 07:28 450,560 ------w C:\WINNT\system32\dllcache\jscript.dll 2006-11-15 22:20 39,048 ----a-w C:\Documents and Settings\Beata\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "µTorrent"="C:\Program Files\uTorrent\utorrent2.exe" [2007-02-17 12:09 177152] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 14:52 23458344] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINNT\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINNT\SkyTel.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "igfxtray"="C:\WINNT\system32\igfxtray.exe" [2006-03-23 12:17 94208] "igfxhkcmd"="C:\WINNT\system32\hkcmd.exe" [2006-03-23 12:13 77824] "igfxpers"="C:\WINNT\system32\igfxpers.exe" [2006-03-23 12:17 118784] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "Broadcom Wireless Manager UI"="C:\WINNT\system32\WLTRAY.exe" [2005-11-11 20:40 1236992] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-02-16 10:54 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 00:44 395776 C:\WINNT\system32\cmd.exe] "tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 01:33 44544] C:\Documents and Settings\All Users.WINNT\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-07 11:04:12 1205840] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINNT\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINNT\system32\Drivers\e4ldr.sys [2007-01-04 13:47] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] *Newly Created Service* - INT15.SYS . Contents of the 'Scheduled Tasks' folder "2008-01-11 06:26:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 15:32:04 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-11 15:32:21 ComboFix-quarantined-files.txt 2008-02-11 14:32:20 . 2008-01-09 09:53:39 --- E O F ---