ComboFix 07-07-30.2 - "Mariola" 2007-07-31 14:51:51.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda
* Created a new restore point
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\yauysoxn.dll
C:\WINDOWS\system32\ymoifiqh.dll
C:\WINDOWS\system32\urqnolm.dll
C:\WINDOWS\system32\vtutqon.dll
C:\WINDOWS\system32\vtuttqr.dll
C:\WINDOWS\system32\xxyvwuu.dll
C:\WINDOWS\system32\yayabax.dll
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.tmp
C:\WINDOWS\system32\hqifiomy.ini
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.tmp
C:\WINDOWS\system32\vtutt.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\WINDOWS\system32\vtutt.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0006F976
C:\Program Files\myglobalsearch\bar\Cache\007E0F2D.bin
C:\Program Files\myglobalsearch\bar\Cache\007E3CE5.bin
C:\Program Files\myglobalsearch\bar\Cache\01090546.bin
C:\Program Files\myglobalsearch\bar\Cache\01090CC8.bin
C:\Program Files\myglobalsearch\bar\Cache\010918ED.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\servicepackfiles\free.exe
C:\WINDOWS\servicepackfiles\i386\mswsock.dll
C:\WINDOWS\servicepackfiles\services.exe
C:\WINDOWS\servicepackfiles\www.google.com
C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif
C:\WINDOWS\servicepackfiles\www.google.com\index.html
C:\WINDOWS\servicepackfiles\www.google.com\thank.html
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\arcac.exe
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\drivers\etc\hosts.tim
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\mm.ini
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\windev-2b0a-2205.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\winvip.exe
C:\WINDOWS\wpcjmd.log
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_WINDBG48
-------\asc3550u
-------\windbg48
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-31 14:57 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys
2007-07-31 14:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 09:39
d-------- C:\WINDOWS\pss
2007-06-29 10:25 0 --ah----- C:\WINDOWS\system32\rkxtnrx.exe
2007-06-25 15:26 d-------- C:\WINDOWS\SxsCaPendDel
2007-06-20 16:16 31,160 --a------ C:\WINDOWS\system32\16257322ld.exe
2007-06-20 16:16 31,160 --a------ C:\WINDOWS\system32\16257172ld.exe
2007-06-19 12:41 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550i.sys
2007-06-19 12:34 31,252 --a------ C:\WINDOWS\system32\34245292ld.exe
2007-06-19 11:47 d-------- C:\Program Files\bakus3
2007-06-16 14:25 7,393 --a------ C:\WINDOWS\system32\vwzf.exe
2007-06-16 13:46 d-------- C:\WINDOWS\ServicePackFiles
2007-06-16 13:45 7,393 --a------ C:\WINDOWS\system32\ztypd.exe
2007-06-16 13:08 7,393 --a------ C:\WINDOWS\system32\tuawx.exe
2007-06-16 08:30 51,650 --a------ C:\WINDOWS\htrefreghreger.exe
2007-06-15 21:44 6,656 --a------ C:\WINDOWS\system32\urgopdy.exe
2007-06-15 21:14 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-15 21:14 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-15 21:14 59,104 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-15 21:14 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-15 21:14 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-15 21:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-15 21:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-15 20:35 29,585 --a------ C:\WINDOWS\system32\ipmon.exe
2007-06-13 18:49 47,473 --a------ C:\fwgwq.exe
2007-06-11 14:57 123 --a------ C:\WINDOWS\system32\eshb.bat
2007-06-10 16:36 157,184 --a------ C:\WINDOWS\system32\xatoy.exe
2007-06-10 10:25 127 --a------ C:\WINDOWS\system32\asrmylrt.bat
2007-06-10 10:24 157,184 --a------ C:\WINDOWS\system32\xghlgcq.exe
2007-06-09 10:59 0 --a------ C:\WINDOWS\system32\directxclickers.exe
2007-06-08 15:27 263,220 ---hs---- C:\WINDOWS\system32\vtutt.dll
2007-06-08 15:12 6,656 --a------ C:\WINDOWS\system32\evwedvh.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 11:43 --------- d-------- C:\Program Files\Neostrada TP
2007-07-27 10:01 433152 --a------ C:\WINDOWS\system32\winlogon.exe
2007-06-19 12:40 59104 --a------ C:\WINDOWS\system32\drivers\beep.sys
2007-06-15 21:13 --------- d-------- C:\Program Files\Alwil Software
2007-06-05 16:09 --------- d-------- C:\DOCUME~1\Mariola\DANEAP~1\BearShare
2007-06-04 14:59 0 --a------ C:\WINDOWS\system32\dload.exe
2007-05-31 16:19 --------- d-------- C:\DOCUME~1\Mariola\DANEAP~1\Google
2007-05-31 16:18 --------- d-------- C:\Program Files\Google
2007-05-08 21:55 19552 --a------ C:\DOCUME~1\Mariola\DANEAP~1\GDIPFONTCACHEV1.DAT
2007-05-06 16:04 0 --a------ C:\WINDOWS\system32\directxnew.exe
2001-10-26 17:29:52 87,057 --sh--r C:\WINDOWS\system32\autcofjv.exe
2001-10-26 17:29:52 75,017 --sh--r C:\WINDOWS\system32\edconss.exe
2001-10-26 17:29:52 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe
2001-10-26 17:29:52 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe
2001-10-26 17:29:52 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3644117A-821A-4cc4-ADD5-226A6694F722}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F238E7FA-C97C-441D-A039-853E7793E0BC}]
2007-06-08 15:28 263220 ---hs---- C:\WINDOWS\System32\vtutt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"udimems"="autcofjv.exe" [2001-10-26 19:29 C:\WINDOWS\system32\autcofjv.exe]
"msrlink"="C:\WINDOWS\System32\rdsruns.exe" [2001-10-26 19:29]
"syskern32"="C:\WINDOWS\System32\ikern32.exe" [2001-10-26 19:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"udimems"="autcofjv.exe" [2001-10-26 19:29 C:\WINDOWS\system32\autcofjv.exe]
"msrlink"="C:\WINDOWS\System32\rdsruns.exe" [2001-10-26 19:29]
"syskern32"="C:\WINDOWS\System32\ikern32.exe" [2001-10-26 19:29]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-19 17:43]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38]
HP Image Zone - szybkie uruchamianie.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 04:47:22]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-02-03 20:10:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt]
C:\WINDOWS\System32\vtutt.dll 2007-06-08 15:28 263220 C:\WINDOWS\system32\vtutt.dll
R0 viamraid;viamraid;C:\WINDOWS\System32\DRIVERS\viamraid.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\System32\DRIVERS\alcan5wn.sys
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\System32\DRIVERS\alcaudsl.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5b.sys
R3 vaxscsi;vaxscsi;C:\WINDOWS\System32\Drivers\vaxscsi.sys
S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
S2 asc3550i;asc3550i;C:\WINDOWS\System32\drivers\asc3550i.sys
S2 windev-2b0a-2205;windev-2b0a-2205;\??\C:\WINDOWS\System32\windev-2b0a-2205.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\System32\DRIVERS\fetnd5.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\PCAMPR5.SYS
Contents of the 'Scheduled Tasks' folder
2007-06-15 18:49:07 C:\WINDOWS\Tasks\WebReg 20070615204907.job - D:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 14:57:31
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000137
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\U\1\t]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DLLName"="\x155\t\xa0\t\x98\t\17\2"
"Logon"="WLEventLogon\0\0\0\0\0003"
"Logoff"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-31 15:00:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-31 14:59
--- E O F ---