ComboFix 07-07-30.2 - "Mariola" 2007-08-02 15:30:31.3 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\asc3550u.sys C:\WINDOWS\wpcjmd.log ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\asc3550u ((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 ))))))))))))))))))))))))))))))) 2007-08-02 13:16 d-------- C:\VundoFix Backups 2007-07-31 14:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-27 09:39 d-------- C:\WINDOWS\pss (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-02 15:33 59104 --a------ C:\WINDOWS\system32\drivers\asc3550i.sys 2007-08-02 13:36 --------- d-------- C:\Program Files\Neostrada TP 2007-07-27 10:01 433152 --a------ C:\WINDOWS\system32\winlogon.exe 2007-06-20 16:19 59104 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-19 12:40 59104 --a------ C:\WINDOWS\system32\drivers\beep.sys 2007-06-19 11:47 --------- d-------- C:\Program Files\bakus3 2007-06-15 21:13 --------- d-------- C:\Program Files\Alwil Software 2007-06-05 16:09 --------- d-------- C:\DOCUME~1\Mariola\DANEAP~1\BearShare 2007-05-08 21:55 19552 --a------ C:\DOCUME~1\Mariola\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-19 17:43] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38] HP Image Zone - szybkie uruchamianie.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 04:47:22] Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-02-03 20:10:13] R0 viamraid;viamraid;C:\WINDOWS\System32\DRIVERS\viamraid.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\System32\DRIVERS\alcan5wn.sys R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\System32\DRIVERS\alcaudsl.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5b.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\System32\Drivers\vaxscsi.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 asc3550i;asc3550i;C:\WINDOWS\System32\drivers\asc3550i.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\System32\DRIVERS\fetnd5.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\PCAMPR5.SYS Contents of the 'Scheduled Tasks' folder 2007-06-15 18:49:07 C:\WINDOWS\Tasks\WebReg 20070615204907.job - D:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-02 15:33:58 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000000d5 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-02 15:36:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-02 15:36 C:\ComboFix2.txt ... 2007-08-02 13:03 C:\ComboFix3.txt ... 2007-07-31 15:00 --- E O F ---