ComboFix 07-06-17 - C:\Documents and Settings\Kris\Pulpit\ComboFix.exe "Kris" - 2007-06-18 15:08:28 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\Icon.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 14:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 14:30 d-------- C:\DOCUME~1\Kris\DANEAP~1\Google 2007-06-18 14:07 d-------- C:\Program Files\Google 2007-06-18 14:07 d-------- C:\DOCUME~1\Kris\DANEAP~1\Skype 2007-06-18 14:07 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google 2007-06-18 14:06 d-------- C:\Program Files\Skype 2007-06-18 14:06 d-------- C:\Program Files\Common Files\Skype 2007-06-18 14:06 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype 2007-06-17 22:14 d-------- C:\Program Files\WinPcap 2007-06-17 22:13 52,864 --a------ C:\WINDOWS\system32\drivers\GTEDGNet.sys 2007-06-17 22:13 21,888 --a------ C:\WINDOWS\system32\drivers\GTEDGSC.sys 2007-06-17 22:13 107,904 --a------ C:\WINDOWS\system32\drivers\GTEDG.sys 2007-06-17 22:13 d-------- C:\Program Files\iPlus 2007-06-17 22:13 d-------- C:\DOCUME~1\Kris\DANEAP~1\iPlus 2007-05-25 13:02 d-------- C:\Program Files\ProgMan 2007-05-25 10:35 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-05-25 10:35 274,432 --a------ C:\WINDOWS\system32\imon.dll 2007-05-22 23:21 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL 2007-05-22 23:21 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL 2007-05-22 23:21 d--h----- C:\BJPrinter (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 12:10:42 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-12 20:23:57 -------- d-----w C:\DOCUME~1\Kris\DANEAP~1\AdobeUM 2007-05-11 21:53:18 -------- d-----w C:\Program Files\Messenger 2007-04-25 19:38:37 -------- d-----w C:\DOCUME~1\Kris\DANEAP~1\Gadu-Gadu 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-25 06:37:23 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-25 06:37:23 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-24 23:52:46 -------- d-----w C:\Program Files\HighMAT CD Writing Wizard 2007-04-24 23:51:16 -------- d-----w C:\Program Files\AutoPatcher 2007-04-24 23:26:18 17,464 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-04-24 23:21:27 -------- d-----w C:\Program Files\Common Files\ODBC 2007-04-24 23:21:22 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-04-24 23:19:21 -------- d-----w C:\DOCUME~1\Kris\DANEAP~1\Ahead 2007-04-24 23:15:59 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-24 23:15:12 -------- d-----w C:\Program Files\ANI 2007-04-24 23:14:44 -------- d-----w C:\Program Files\D-Link 2007-04-24 23:13:54 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-24 23:12:05 -------- d-----w C:\Program Files\VVSN 2007-04-24 23:11:20 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2007-04-24 23:09:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3117.sys 2007-04-24 23:09:52 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-24 23:09:42 -------- d-----w C:\Program Files\Winamp 2007-04-24 23:04:15 -------- d-----w C:\Program Files\CyberLink 2007-04-24 23:02:42 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-24 23:01:12 -------- d-----w C:\Program Files\Nero 2007-04-24 23:00:55 -------- d-----w C:\Program Files\Alwil Software 2007-04-24 22:57:29 -------- d-----w C:\Program Files\MarBit 2007-04-24 22:56:34 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-04-24 22:54:16 -------- d-----w C:\DOCUME~1\Kris\DANEAP~1\Lavasoft 2007-04-24 22:54:13 -------- d-----w C:\Program Files\Lavasoft 2007-04-24 21:34:45 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-24 21:34:14 0 --sha-r C:\MSDOS.SYS 2007-04-24 21:34:14 0 --sha-r C:\IO.SYS 2007-04-24 21:34:14 0 ----a-w C:\CONFIG.SYS 2007-04-24 21:34:14 0 ----a-w C:\AUTOEXEC.BAT 2007-04-24 21:32:16 -------- d--h--w C:\Program Files\WindowsUpdate 2007-04-24 21:32:10 -------- d-----w C:\Program Files\Usługi online 2007-04-24 21:31:14 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-04-24 21:31:04 -------- d-----w C:\Program Files\Movie Maker 2007-04-24 21:29:58 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-24 21:29:11 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-04-24 21:29:02 -------- d-----w C:\Program Files\Windows NT 2007-04-18 16:16:59 733,824 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 16:12:31 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 16:12:12 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 16:10:01 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 16:09:10 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 16:07:49 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 16:06:59 90,112 ----a-w C:\WINDOWS\system32\AVASTSS.scr ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-06-08 15:18] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-18 14:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-18 18:13] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-25 10:34] "iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2006-02-24 14:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-18 14:07] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38546e80-08b0-11dc-a153-0040d06aef07}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-18 15:11:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... cmd.exe [3680] scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-18 15:13:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-18 15:13 --- E O F ---