ComboFix 07-09-21.2 - "ťukasz" 2007-09-27 21:32:20.2 - [color=red][b]FAT32[/b][/color]x86 
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.591 [GMT 2:00]
.

(((((((((((((((((((((((((   Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.

2007-09-27 20:28	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-09-21 22:01	<DIR>	d--------	C:\Program Files\Alwil Software
2007-09-21 21:38	<DIR>	d--------	C:\Program Files\eMule
2007-09-21 10:08	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\SonicStage
2007-09-21 10:05	27,255	---------	C:\WINDOWS\system32\drivers\NWWMUSB.sys
2007-09-21 10:05	11,510	---------	C:\WINDOWS\system32\drivers\VMCUSB.sys
2007-09-21 10:05	<DIR>	d--------	C:\Program Files\Sony Corporation
2007-09-21 10:04	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sony Corporation
2007-09-21 10:03	<DIR>	d--------	C:\Program Files\Sony
2007-09-21 10:03	<DIR>	d--------	C:\Program Files\Common Files\Sony Shared
2007-09-20 21:35	26,496	--a------	C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-20 21:19	1,156	--a------	C:\WINDOWS\mozver.dat
2007-09-20 14:38	0	--a------	C:\WINDOWS\nsreg.dat
2007-09-19 23:13	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2007-09-19 21:19	<DIR>	d--------	C:\Program Files\Kerio
2007-09-19 21:17	<DIR>	d--------	C:\Program Files\Gadu-Gadu
2007-09-19 21:14	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2007-09-19 21:12	<DIR>	d--------	C:\Program Files\Winamp
2007-09-19 21:12	<DIR>	d--------	C:\Program Files\MarBit
2007-09-19 21:12	<DIR>	d--------	C:\Program Files\ACE Mega CoDecS Pack
2007-09-19 21:03	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2007-09-19 21:03	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2007-09-19 21:03	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-19 21:03	15,104	--a------	C:\WINDOWS\system32\dllcache\usbscan.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 22:01	512096	--a------	C:\WINDOWS\system32\drivers\amon.sys
2007-09-21 22:01	298104	--a------	C:\WINDOWS\system32\imon.dll
2007-09-21 22:01	15424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-19 14:56	---------	d--------	C:\Program Files\PowerQuest
2007-09-19 14:50	---------	d--------	C:\Program Files\ATI Technologies
2007-09-19 14:41	---------	d--------	C:\Program Files\Alcatel
2007-09-19 14:40	---------	d--------	C:\Program Files\Wanadoo
2007-09-19 14:40	---------	d--------	C:\Program Files\JavaSoft
2007-09-19 14:38	---------	d--h-----	C:\Program Files\InstallShield Installation Information
2007-09-19 14:38	---------	d--------	C:\Program Files\Realtek
2007-09-19 14:38	---------	d--------	C:\Program Files\Common Files\InstallShield
2007-09-19 14:38	---------	d--------	C:\Program Files\BroadCom GB LAN
2007-09-19 14:36	---------	d--------	C:\Program Files\Intel
2007-09-19 14:27	---------	d--------	C:\Program Files\microsoft frontpage
2007-09-06 12:09	801144	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05	94416	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05	92848	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03	23152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02	42912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00	95608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-09-06 12:00	26624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-30 19:19	92504	--a------	C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19	92504	--a------	C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19	549720	--a------	C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19	549720	--a------	C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19	53080	--a------	C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19	53080	--a------	C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19	43352	--a------	C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19	325976	--a------	C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19	325976	--a------	C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19	203096	--a------	C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19	203096	--a------	C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19	1712984	--a------	C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19	1712984	--a------	C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18	33624	--a------	C:\WINDOWS\system32\wups.dll
2007-07-30 19:18	33624	--a------	C:\WINDOWS\system32\dllcache\wups.dll
	---------		C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((   snapshot_2007-09-27_203108,67   )))))))))))))))))))))))))))))))))))))))))
.
----a-w            52,900 2007-09-27 19:25:50  C:\WINDOWS\system32\perfc009.dat
----a-w           380,486 2007-09-27 19:25:50  C:\WINDOWS\system32\perfh009.dat
----a-w            67,298 2007-09-27 19:25:50  C:\WINDOWS\system32\perfc015.dat
----a-w           436,322 2007-09-27 19:25:50  C:\WINDOWS\system32\perfh015.dat
----a-w            16,384 2007-09-27 19:21:22  C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat
----a-w           163,328 2007-03-13 08:57:12  C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
----a-w            52,900 2007-09-27 13:38:32  C:\WINDOWS\system32\perfc009.dat
----a-w           380,486 2007-09-27 13:38:32  C:\WINDOWS\system32\perfh009.dat
----a-w            67,298 2007-09-27 13:38:32  C:\WINDOWS\system32\perfc015.dat
----a-w           436,322 2007-09-27 13:38:32  C:\WINDOWS\system32\perfh015.dat
----a-w            16,384 2007-09-27 13:34:12  C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 14:00 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2002-12-09 18:24]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2002-12-09 18:24]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 14:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 22:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 05:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 14:25:56]

S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 21:32:58
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-27 21:33:27
C:\ComboFix2.txt ... 2007-09-27 20:31
.
	--- E O F ---