"user" - 2007-07-29 13:23:56 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\runtime2.sys ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 ))))))))))))))))))))))))))))))) 2007-07-29 12:48 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-29 12:02 d-------- C:\!KillBox 2007-07-23 10:35 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-23 10:35 dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji 2007-07-23 10:35 dr------- C:\DOCUME~1\ADMINI~1\Menu Start 2007-07-23 10:35 d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne 2007-07-23 10:35 d--h----- C:\DOCUME~1\ADMINI~1\Szablony 2007-07-23 10:35 d-------- C:\DOCUME~1\ADMINI~1\Ulubione 2007-07-23 10:35 d-------- C:\DOCUME~1\ADMINI~1\Pulpit 2007-07-23 10:35 d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty 2007-07-22 22:49 d-------- C:\WINDOWS\system32\pl-pl 2007-07-22 22:45 d-------- C:\WINDOWS\network diagnostic 2007-07-22 21:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-22 21:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-22 21:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-22 21:23 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-22 21:23 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-07-22 21:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-22 21:23 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-07-22 21:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-22 21:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-22 21:23 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-07-22 21:23 d-------- C:\Program Files\Alwil Software 2007-07-15 17:02 47,760 --a------ C:\WINDOWS\system32\ielog.dll 2007-07-03 23:44 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-29 11:21:44 -------- d-----w C:\Program Files\neostrada tp 2007-07-23 14:07:28 74,648 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-23 14:07:28 448,586 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-22 19:13:39 47,849 ----a-w C:\WINDOWS\system32\cjpeg.exe 2007-07-22 19:07:22 -------- d-----w C:\Program Files\Google 2007-07-22 19:03:51 61 ----a-w C:\WINDOWS\system32\iecc.dll 2007-07-22 19:03:51 4 ----a-w C:\WINDOWS\system32\iebudata.dll 2007-07-22 19:03:51 302 ----a-w C:\WINDOWS\system32\iehrdata.dll 2007-07-22 19:03:51 117 ----a-w C:\WINDOWS\system32\iesc.dll 2007-07-22 19:03:51 105 ----a-w C:\WINDOWS\system32\qshl.dll 2007-07-22 18:52:16 -------- d-----w C:\Program Files\Network Associates 2007-07-22 18:52:16 -------- d-----w C:\Program Files\Common Files\Network Associates 2007-07-22 10:09:31 -------- d-----w C:\Program Files\QuickTime 2007-07-15 15:16:11 434 ----a-w C:\WINDOWS\system32\iebdfex.dll 2007-06-13 17:29:34 -------- d-----w C:\DOCUME~1\user\DANEAP~1\P2ware 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 C:\WINDOWS\SOUNDMAN.EXE] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [] "MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] WUpdate C:\WINDOWS\system32\actxprxyx.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\start.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-29 13:25:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,62,00,00,00,01,00,00,00,01,00,00,00,56,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-29 13:26:13 C:\ComboFix-quarantined-files.txt ... 2007-07-29 13:25 --- E O F ---