ComboFix 08-02-11.2 - Beata 2008-02-11 15:30:57.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.187 [GMT 1:00]
Running from: C:\Documents and Settings\Beata.KOMPUTERBEATKI\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\#SharedObjects\CZTYW9XG\www.broadcaster.com
C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.
2008-02-11 15:19 . 2004-08-04 00:44 395,776 --a------ C:\kmd.exe
2008-02-09 10:19 . 2008-02-09 10:19
d-------- C:\Program Files\Hijack This
2008-02-09 09:30 . 2008-02-09 09:30 d-------- C:\Program Files\silent runers
2008-02-06 12:32 . 2008-02-06 12:32 d-------- C:\Program Files\SpyRemover
2008-01-25 20:52 . 2008-01-25 20:52 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Gadu-Gadu
2008-01-22 11:50 . 2008-01-22 11:50 0 --a------ C:\WINNT\Irremote.ini
2008-01-21 12:02 . 2008-01-21 12:02 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Nero
2008-01-21 11:59 . 2008-01-21 11:59 d-------- C:\Program Files\Common Files\Nero
2008-01-21 11:59 . 2008-01-21 11:59 d-------- C:\Documents and Settings\All Users.WINNT\Dane aplikacji\Nero
2008-01-20 13:45 . 2008-01-20 13:45 d-------- C:\Program Files\Tlen.pl
2008-01-20 13:45 . 2008-01-20 13:45 d-------- C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\Tlen.pl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 10:39 --------- d-----w C:\Program Files\eMule
2008-01-07 10:04 33 ----a-w C:\WINNT\system32\drivers\adidsl.cfg
2008-01-07 10:03 --------- d-----w C:\Program Files\SAGEM
2008-01-07 10:03 --------- d-----w C:\Documents and Settings\Beata.KOMPUTERBEATKI\Dane aplikacji\InstallShield
2007-12-06 20:56 73,216 ----a-w C:\WINNT\ST6UNST.EXE
2007-12-06 20:56 487,424 ------w C:\WINNT\Setup1.exe
2007-12-04 13:04 837,496 ----a-w C:\WINNT\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINNT\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ------w C:\WINNT\system32\dllcache\jscript.dll
2006-11-15 22:20 39,048 ----a-w C:\Documents and Settings\Beata\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\utorrent2.exe" [2007-02-17 12:09 177152]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 14:52 23458344]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINNT\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINNT\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"igfxtray"="C:\WINNT\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINNT\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINNT\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"Broadcom Wireless Manager UI"="C:\WINNT\system32\WLTRAY.exe" [2005-11-11 20:40 1236992]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 00:44 395776 C:\WINNT\system32\cmd.exe]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 01:33 44544]
C:\Documents and Settings\All Users.WINNT\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-07 11:04:12 1205840]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINNT\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINNT\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 06:26:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 15:32:04
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-11 15:32:21
ComboFix-quarantined-files.txt 2008-02-11 14:32:20
.
2008-01-09 09:53:39 --- E O F ---