ComboFix 07-06-17 - C:\Documents and Settings\doxa\Pulpit\ComboFix.exe "doxa" - 2007-06-18 15:19:36 - Service Pack 4 NTFS [SAFE MODE] ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 15:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1f0.dat 2007-06-18 14:55 49,152 --a------ C:\WINNT\nircmd.exe 2007-06-16 13:25 102,912 --------- C:\WINNT\system32\drivers\FWDRV.SYS 2007-06-16 13:25 d-------- C:\Program Files\Kerio 2007-06-10 14:28 d-------- C:\DOCUME~1\doxa\DANEAP~1\Corel 2007-06-10 14:21 607,744 --------- C:\WINNT\system32\Decslib.dll 2007-06-10 14:21 368,912 -ra------ C:\WINNT\system32\VBAR332.DLL 2007-06-10 14:21 1,039,360 -ra------ C:\WINNT\system32\MSJET35.DLL 2007-06-10 14:20 909,824 --------- C:\WINNT\system32\qd3d.dll 2007-06-10 14:20 70,656 --------- C:\WINNT\system32\3dviewer.dll 2007-06-10 14:20 553,984 --------- C:\WINNT\system32\rave.dll 2007-06-10 14:20 39,095 --------- C:\WINNT\iccsigs.dat 2007-06-10 14:20 112,688 --------- C:\WINNT\system32\shw32.dll 2007-06-10 14:19 245,760 --------- C:\WINNT\system32\Sccomp91.dll 2007-06-10 14:19 225,280 --------- C:\WINNT\system32\Scint91.dll 2007-06-10 14:19 168,448 --------- C:\WINNT\system32\Awrtl30.dll 2007-06-10 14:19 110,592 --------- C:\WINNT\system32\Sccres91.dll 2007-06-10 14:19 100,864 --------- C:\WINNT\system32\awpe.dll 2007-06-10 14:19 d-------- C:\WINNT\Profiles 2007-06-10 14:19 d-------- C:\Program Files\Corel 2007-06-10 14:16 d-------- C:\WINNT\Corel 2007-05-28 21:29 376 --a------ C:\WINNT\mozregistry.dat 2007-05-28 21:23 53,248 --a------ C:\WINNT\system32\hpfinsta.exe 2007-05-28 21:23 270,336 --a------ C:\WINNT\system32\hpfinst.dll 2007-05-28 21:23 262,144 --a------ C:\WINNT\system32\hpzcon04.dll 2007-05-28 21:23 200,704 --a------ C:\WINNT\system32\hpzcoi04.dll 2007-05-28 21:23 114,744 --a------ C:\WINNT\system32\hpzlnt04.dll 2007-05-26 22:11 d-------- C:\DOCUME~1\doxa\DANEAP~1\Ahead 2007-05-25 22:26 95,872 --a------ C:\WINNT\system32\AVASTSS.scr 2007-05-25 22:26 94,552 --a------ C:\WINNT\system32\drivers\aswmon2.sys 2007-05-25 22:26 85,952 --a------ C:\WINNT\system32\drivers\aswmon.sys 2007-05-25 22:26 745,600 --a------ C:\WINNT\system32\aswBoot.exe 2007-05-25 22:26 499,712 --a------ C:\WINNT\system32\MSVCP71.dll 2007-05-25 22:26 43,176 --a------ C:\WINNT\system32\drivers\aswTdi.sys 2007-05-25 22:26 348,160 --a------ C:\WINNT\system32\MSVCR71.dll 2007-05-25 22:26 26,888 --a------ C:\WINNT\system32\drivers\aavmker4.sys 2007-05-25 22:26 23,416 --a------ C:\WINNT\system32\drivers\aswRdr.sys 2007-05-25 22:26 1,060,864 --a------ C:\WINNT\system32\MFC71.dll 2007-05-25 22:26 d-------- C:\Program Files\Alwil Software 2007-05-25 22:15 d-------- C:\Program Files\SkanerOnline 2007-05-25 22:13 d-------- C:\Program Files\Lavasoft 2007-05-25 22:13 d-------- C:\DOCUME~1\doxa\DANEAP~1\Lavasoft 2007-05-23 21:56 d-------- C:\DOCUME~1\doxa\DANEAP~1\Help (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-18 13:09:52 24 ----a-w C:\WINNT\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80641102}.dat 2007-06-18 13:09:52 24 ----a-w C:\WINNT\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80641102}.dat 2007-06-18 13:07:16 -------- d-----w C:\Program Files\Gadu-Gadu 2007-06-18 11:53:57 -------- d-----w C:\Program Files\DC++ 2007-06-18 11:19:47 -------- d-----w C:\Program Files\Teleport Pro 2007-06-18 11:18:55 -------- d-----w C:\Program Files\BoontyGames 2007-06-18 00:06:39 -------- d-----w C:\DOCUME~1\doxa\DANEAP~1\Skype 2007-06-16 11:25:39 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-28 19:30:55 -------- d-----w C:\Program Files\hp deskjet 845c series 2007-05-23 19:56:47 -------- d-----w C:\Program Files\ACDSee32 2007-05-17 15:21:17 -------- d-----w C:\DOCUME~1\doxa\DANEAP~1\Google 2007-05-04 10:24:22 -------- d-----w C:\Program Files\ScannerU 2007-04-19 09:05:10 -------- d-----w C:\Program Files\Cartall ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [03-05-15 01:47 ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [05-07-20 22:07 C:\WINNT\system32\nwiz.exe] "Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe] "WINDVDPatch"="CTHELPER.EXE" [02-07-02 18:56 C:\WINNT\system32\CTHELPER.EXE] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [01-11-29 02:00 ] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [05-03-04 14:20 ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-04-30 17:42 ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [00-08-30 02:00 C:\WINNT\system32\internat.exe] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [07-04-09 19:55 ] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 18:05 ] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "internat.exe"=internat.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-18 15:20:48 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-18 15:21:32 C:\ComboFix-quarantined-files.txt ... 07-06-18 15:21 C:\ComboFix2.txt ... 07-06-18 15:02 --- E O F ---