ComboFix 07-07-30.2 - "Mariola" 2007-07-31 14:51:51.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda * Created a new restore point (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\yauysoxn.dll C:\WINDOWS\system32\ymoifiqh.dll C:\WINDOWS\system32\urqnolm.dll C:\WINDOWS\system32\vtutqon.dll C:\WINDOWS\system32\vtuttqr.dll C:\WINDOWS\system32\xxyvwuu.dll C:\WINDOWS\system32\yayabax.dll C:\WINDOWS\system32\ttutv.bak1 C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.ini2 C:\WINDOWS\system32\ttutv.tmp C:\WINDOWS\system32\hqifiomy.ini C:\WINDOWS\system32\ttutv.bak1 C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.ini2 C:\WINDOWS\system32\ttutv.tmp C:\WINDOWS\system32\vtutt.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\vtutt.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\0006F976 C:\Program Files\myglobalsearch\bar\Cache\007E0F2D.bin C:\Program Files\myglobalsearch\bar\Cache\007E3CE5.bin C:\Program Files\myglobalsearch\bar\Cache\01090546.bin C:\Program Files\myglobalsearch\bar\Cache\01090CC8.bin C:\Program Files\myglobalsearch\bar\Cache\010918ED.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\servicepackfiles\free.exe C:\WINDOWS\servicepackfiles\i386\mswsock.dll C:\WINDOWS\servicepackfiles\services.exe C:\WINDOWS\servicepackfiles\www.google.com C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif C:\WINDOWS\servicepackfiles\www.google.com\index.html C:\WINDOWS\servicepackfiles\www.google.com\thank.html C:\WINDOWS\system32\alt.exe.exe C:\WINDOWS\system32\arcac.exe C:\WINDOWS\system32\drivers\asc3550u.sys C:\WINDOWS\system32\drivers\etc\hosts.tim C:\WINDOWS\system32\instcat.dll C:\WINDOWS\system32\mm.ini C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\windev-2b0a-2205.sys C:\WINDOWS\system32\windev-peers.ini C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\winvip.exe C:\WINDOWS\wpcjmd.log ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_WINDBG48 -------\asc3550u -------\windbg48 -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 ))))))))))))))))))))))))))))))) 2007-07-31 14:57 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys 2007-07-31 14:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-27 09:39 d-------- C:\WINDOWS\pss 2007-06-29 10:25 0 --ah----- C:\WINDOWS\system32\rkxtnrx.exe 2007-06-25 15:26 d-------- C:\WINDOWS\SxsCaPendDel 2007-06-20 16:16 31,160 --a------ C:\WINDOWS\system32\16257322ld.exe 2007-06-20 16:16 31,160 --a------ C:\WINDOWS\system32\16257172ld.exe 2007-06-19 12:41 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550i.sys 2007-06-19 12:34 31,252 --a------ C:\WINDOWS\system32\34245292ld.exe 2007-06-19 11:47 d-------- C:\Program Files\bakus3 2007-06-16 14:25 7,393 --a------ C:\WINDOWS\system32\vwzf.exe 2007-06-16 13:46 d-------- C:\WINDOWS\ServicePackFiles 2007-06-16 13:45 7,393 --a------ C:\WINDOWS\system32\ztypd.exe 2007-06-16 13:08 7,393 --a------ C:\WINDOWS\system32\tuawx.exe 2007-06-16 08:30 51,650 --a------ C:\WINDOWS\htrefreghreger.exe 2007-06-15 21:44 6,656 --a------ C:\WINDOWS\system32\urgopdy.exe 2007-06-15 21:14 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-15 21:14 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-15 21:14 59,104 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-15 21:14 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-15 21:14 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-15 21:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-06-15 21:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-15 20:35 29,585 --a------ C:\WINDOWS\system32\ipmon.exe 2007-06-13 18:49 47,473 --a------ C:\fwgwq.exe 2007-06-11 14:57 123 --a------ C:\WINDOWS\system32\eshb.bat 2007-06-10 16:36 157,184 --a------ C:\WINDOWS\system32\xatoy.exe 2007-06-10 10:25 127 --a------ C:\WINDOWS\system32\asrmylrt.bat 2007-06-10 10:24 157,184 --a------ C:\WINDOWS\system32\xghlgcq.exe 2007-06-09 10:59 0 --a------ C:\WINDOWS\system32\directxclickers.exe 2007-06-08 15:27 263,220 ---hs---- C:\WINDOWS\system32\vtutt.dll 2007-06-08 15:12 6,656 --a------ C:\WINDOWS\system32\evwedvh.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-30 11:43 --------- d-------- C:\Program Files\Neostrada TP 2007-07-27 10:01 433152 --a------ C:\WINDOWS\system32\winlogon.exe 2007-06-19 12:40 59104 --a------ C:\WINDOWS\system32\drivers\beep.sys 2007-06-15 21:13 --------- d-------- C:\Program Files\Alwil Software 2007-06-05 16:09 --------- d-------- C:\DOCUME~1\Mariola\DANEAP~1\BearShare 2007-06-04 14:59 0 --a------ C:\WINDOWS\system32\dload.exe 2007-05-31 16:19 --------- d-------- C:\DOCUME~1\Mariola\DANEAP~1\Google 2007-05-31 16:18 --------- d-------- C:\Program Files\Google 2007-05-08 21:55 19552 --a------ C:\DOCUME~1\Mariola\DANEAP~1\GDIPFONTCACHEV1.DAT 2007-05-06 16:04 0 --a------ C:\WINDOWS\system32\directxnew.exe 2001-10-26 17:29:52 87,057 --sh--r C:\WINDOWS\system32\autcofjv.exe 2001-10-26 17:29:52 75,017 --sh--r C:\WINDOWS\system32\edconss.exe 2001-10-26 17:29:52 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe 2001-10-26 17:29:52 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe 2001-10-26 17:29:52 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3644117A-821A-4cc4-ADD5-226A6694F722}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F238E7FA-C97C-441D-A039-853E7793E0BC}] 2007-06-08 15:28 263220 ---hs---- C:\WINDOWS\System32\vtutt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "udimems"="autcofjv.exe" [2001-10-26 19:29 C:\WINDOWS\system32\autcofjv.exe] "msrlink"="C:\WINDOWS\System32\rdsruns.exe" [2001-10-26 19:29] "syskern32"="C:\WINDOWS\System32\ikern32.exe" [2001-10-26 19:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "udimems"="autcofjv.exe" [2001-10-26 19:29 C:\WINDOWS\system32\autcofjv.exe] "msrlink"="C:\WINDOWS\System32\rdsruns.exe" [2001-10-26 19:29] "syskern32"="C:\WINDOWS\System32\ikern32.exe" [2001-10-26 19:29] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-19 17:43] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38] HP Image Zone - szybkie uruchamianie.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 04:47:22] Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-02-03 20:10:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt] C:\WINDOWS\System32\vtutt.dll 2007-06-08 15:28 263220 C:\WINDOWS\system32\vtutt.dll R0 viamraid;viamraid;C:\WINDOWS\System32\DRIVERS\viamraid.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\System32\DRIVERS\alcan5wn.sys R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\System32\DRIVERS\alcaudsl.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5b.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\System32\Drivers\vaxscsi.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 asc3550i;asc3550i;C:\WINDOWS\System32\drivers\asc3550i.sys S2 windev-2b0a-2205;windev-2b0a-2205;\??\C:\WINDOWS\System32\windev-2b0a-2205.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\System32\DRIVERS\fetnd5.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\PCAMPR5.SYS Contents of the 'Scheduled Tasks' folder 2007-06-15 18:49:07 C:\WINDOWS\Tasks\WebReg 20070615204907.job - D:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-31 14:57:31 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000137 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\U\1\t] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DLLName"="\x155\t\xa0\t\x98\t\17\2" "Logon"="WLEventLogon\0\0\0\0\0003" "Logoff"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-31 15:00:08 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-31 14:59 --- E O F ---