"Klaudia" - 2007-07-26 19:27:34 [GMT 2:00] - ComboFix 07-07-24 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 ))))))))))))))))))))))))))))))) 2007-07-26 19:21 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-25 21:54 d-------- C:\Program Files\Lavasoft 2007-07-25 21:54 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-25 21:54 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft 2007-07-25 18:05 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-25 17:26 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-25 17:26 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-25 17:26 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-25 17:26 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-25 17:26 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-25 17:26 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-25 17:26 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-25 17:21 d-------- C:\Program Files\CCleaner 2007-07-25 16:08 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-07-25 16:08 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-07-25 16:08 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-07-25 15:53 d-------- C:\Program Files\AutoConnect 2007-07-25 15:17 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-07-25 15:08 d-------- C:\DOCUME~1\Klaudia\DANEAP~1\Kerio 2007-07-25 14:55 d-------- C:\WINDOWS\system32\appmgmt 2007-07-25 14:46 d-------- C:\DOCUME~1\Klaudia\DANEAP~1\atitray 2007-07-21 17:46 d--hs---- C:\WINDOWS\CSC 2007-07-20 20:20 d-------- C:\Program Files\MultiRes 2007-07-20 20:19 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2007-07-20 20:19 d-------- C:\Program Files\Radeon Omega Drivers 2007-07-19 23:49 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-07-19 23:49 d-------- C:\Program Files\Hamachi 2007-07-19 23:49 d-------- C:\DOCUME~1\Klaudia\DANEAP~1\Hamachi 2007-07-19 22:10 d-------- C:\ATI 2007-07-19 21:06 d-------- C:\Program Files\Counter-Strike 1.6 2007-07-17 23:18 d-------- C:\DOCUME~1\Klaudia\DANEAP~1\teamspeak2 2007-07-17 23:17 d-------- C:\Program Files\Teamspeak2_RC2 2007-07-17 19:27 d-------- C:\Program Files\GameSpy Arcade 2007-06-26 19:33 d-------- C:\DOCUME~1\Klaudia\DANEAP~1\ZoomBrowser EX 2007-06-26 19:31 d-------- C:\Program Files\Canon 2007-06-26 19:31 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ZoomBrowser 2007-06-26 19:30 d-------- C:\Program Files\Common Files\Canon (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-26 16:16:30 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\Skype 2007-07-25 15:20:02 -------- d-----w C:\Program Files\Wanadoo 2007-07-25 15:01:48 51,486 ----a-w C:\WINDOWS\system32\drivers\kwflower.log 2007-07-25 14:11:48 3,675 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log 2007-07-25 13:00:00 -------- d-----w C:\Program Files\Google 2007-07-25 12:54:51 -------- d-----w C:\Program Files\Corel 2007-07-25 12:49:10 -------- d-----w C:\Program Files\eMule 2007-07-25 12:48:46 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-20 14:54:31 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-07-18 13:35:28 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-18 13:35:24 88 --sh--r C:\WINDOWS\system32\31B9B02631.sys 2007-07-18 13:35:16 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\uTorrent 2007-06-22 20:50:39 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\Nokia Multimedia Player 2007-06-22 20:49:33 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\Nokia 2007-06-22 20:47:16 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\Datalayer 2007-06-22 20:42:41 -------- d-----w C:\Program Files\DIFX 2007-06-22 20:41:31 -------- d-----w C:\Program Files\Common Files\PCSuite 2007-06-22 20:41:31 -------- d-----w C:\Program Files\Common Files\Nokia 2007-06-22 20:41:21 -------- d-----w C:\Program Files\Nokia 2007-06-22 20:40:42 -------- d-----w C:\DOCUME~1\Klaudia\DANEAP~1\PC Suite 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-24 11:50:37 41,357 --sha-w C:\WINDOWS\system32\eswinmg.dll 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 14:59:49 41,357 --sha-w C:\WINDOWS\system32\eswinkpr.dll 2006-02-10 14:38:17 772,745 ----a-w C:\Program Files\zuzel v.3.1b.exe 2001-02-23 17:22:28 299,008 ----a-w C:\Program Files\bestplayer10.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="atiptaxx.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-25 16:07] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "Zegarynka"="D:\Moje dokumenty\Zegarynka\Zegarynka.exe" [2006-01-19 23:10] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-28 16:52] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-10-10 17:51] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21] "AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27] C:\Documents and Settings\Klaudia\Menu Start\Programy\Autostart\ UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2006-03-06 16:55:32] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-10-08 21:49:20] R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys S1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys S3 ATICDSDr;ATICDSDr;\??\C:\DOCUME~1\Klaudia\USTAWI~1\Temp\ATICDSDr.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 BthEnum;Sterownik Bluetooth Request Block;C:\WINDOWS\system32\DRIVERS\BthEnum.sys S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys S3 BTHPORT;Sterownik portu Bluetooth;C:\WINDOWS\system32\Drivers\BTHport.sys S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth;C:\WINDOWS\system32\Drivers\BTHUSB.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 RFCOMM;Urz¥dzenie Bluetooth (Protok¢ˆ TDI RFCOMM);C:\WINDOWS\system32\DRIVERS\rfcomm.sys S3 StillCam;Sterownik szeregowego cyfrowego aparatu fotograficznego;C:\WINDOWS\system32\DRIVERS\serscan.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\SETUP.EXE *Newly Created Service* - CATCHME ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-26 19:29:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [1672] 0xFEF17A58 scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-26 19:29:58 C:\ComboFix-quarantined-files.txt ... 2007-07-26 19:29 C:\ComboFix2.txt ... 2007-07-26 19:25 --- E O F ---