ComboFix 07-12-31.4 - piotrek 2008-01-02 17:54:29.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.96 [GMT 1:00]
Running from: C:\Documents and Settings\piotrek\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-02 17:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 17:09 . 2008-01-02 17:09 1,080 --a------ C:\ujkddoyl .bat
2008-01-01 15:46 . 2008-01-01 15:46 336,384 --a------ C:\WINDOWS\system32\RCX1E.tmp
2008-01-01 08:59 . 2008-01-01 08:59 336,384 --a------ C:\WINDOWS\system32\RCX16.tmp
2007-12-31 21:59 . 2007-12-31 21:59 <DIR> d---s---- C:\Documents and Settings\piotrek\UserData
2007-12-31 19:43 . 2007-12-31 19:43 336,384 --a------ C:\WINDOWS\system32\RCXE.tmp
2007-12-31 13:05 . 2007-12-31 13:05 336,384 --a------ C:\WINDOWS\system32\RCXD.tmp
2007-12-31 08:29 . 2007-12-31 08:29 336,384 --a------ C:\WINDOWS\system32\RCXC.tmp
2007-12-30 09:57 . 2007-12-30 09:57 336,384 --a------ C:\WINDOWS\system32\RCXB.tmp
2007-12-28 14:53 . 2007-12-28 14:53 336,384 --a------ C:\WINDOWS\system32\RCXA.tmp
2007-12-28 11:53 . 2007-12-28 11:53 336,384 --a------ C:\WINDOWS\system32\RCX9.tmp
2007-12-28 09:13 . 2007-12-31 19:44 1,032,099 ---hs---- C:\WINDOWS\system32\qxgmcxcp.ini
2007-12-27 17:11 . 2007-12-27 18:11 <DIR> d-------- C:\Documents and Settings\piotrek\Dane aplikacji\Skype
2007-12-26 21:14 . 2007-12-26 21:19 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-26 20:07 . 2007-12-26 20:07 336,384 --a------ C:\WINDOWS\system32\RCX2C.tmp
2007-12-26 19:23 . 2007-12-26 19:23 <DIR> d-------- C:\Documents and Settings\piotrek\Dane aplikacji\ACD Systems
2007-12-26 19:11 . 2007-12-26 19:11 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-12-26 19:11 . 2007-12-26 19:11 <DIR> d-------- C:\Program Files\ACD Systems
2007-12-26 19:11 . 2007-12-26 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2007-12-26 19:11 . 2007-12-26 19:11 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-12-26 19:09 . 2007-12-26 19:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-26 18:32 . 2001-10-26 17:29 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-26 18:32 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-26 18:32 . 2001-08-17 21:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-26 18:32 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-26 18:19 . 2007-12-26 18:19 336,384 --a------ C:\WINDOWS\system32\RCX26.tmp
2007-12-26 11:20 . 2007-12-26 11:20 336,384 --a------ C:\WINDOWS\system32\RCX25.tmp
2007-12-25 19:27 . 2007-12-25 19:27 <DIR> d-------- C:\Program Files\MarBit
2007-12-25 16:33 . 2007-12-25 16:33 336,384 --a------ C:\WINDOWS\system32\RCX24.tmp
2007-12-25 13:55 . 2007-12-25 13:55 336,384 --a------ C:\WINDOWS\system32\RCX1F.tmp
2007-12-25 13:17 . 2007-12-25 13:17 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-25 13:17 . 2007-12-25 13:17 <DIR> d-------- C:\Program Files\Media Player Classic
2007-12-25 13:17 . 2007-12-25 13:17 <DIR> d-------- C:\Documents and Settings\piotrek\Dane aplikacji\Media Player Classic
2007-12-25 12:28 . 2007-12-25 12:28 336,384 --a------ C:\WINDOWS\system32\RCX23.tmp
2007-12-25 10:57 . 2007-12-25 10:57 <DIR> d-------- C:\Program Files\Deluxe Ski Jump 3
2007-12-25 10:46 . 2007-12-25 10:46 <DIR> d-------- C:\Team17
2007-12-25 09:42 . 2007-12-25 09:42 336,384 --a------ C:\WINDOWS\system32\RCX22.tmp
2007-12-25 00:38 . 2007-12-25 00:38 336,384 --a------ C:\WINDOWS\system32\RCX1B.tmp
2007-12-24 22:32 . 2007-12-24 22:32 336,384 --a------ C:\WINDOWS\system32\RCX1A.tmp
2007-12-24 20:21 . 2007-12-24 20:21 336,384 --a------ C:\WINDOWS\system32\RCX19.tmp
2007-12-24 18:04 . 2007-12-24 18:04 <DIR> d-------- C:\Program Files\GTA2
2007-12-24 18:02 . 2007-12-24 18:02 336,384 --a------ C:\WINDOWS\system32\RCX15.tmp
2007-12-24 17:14 . 2007-12-24 17:14 336,384 --a------ C:\WINDOWS\system32\RCX18.tmp
2007-12-24 12:06 . 2008-01-02 17:48 623 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-23 17:35 . 2007-12-24 12:07 250 --a------ C:\WINDOWS\gmer.ini
2007-12-23 16:28 . 2007-12-23 16:28 <DIR> d-------- C:\Documents and Settings\piotrek\Dane aplikacji\skypePM
2007-12-23 16:28 . 2007-12-23 16:28 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-23 16:26 . 2007-12-23 16:26 <DIR> d-------- C:\Program Files\Google
2007-12-23 16:25 . 2007-12-23 18:26 <DIR> d-------- C:\Program Files\Skype
2007-12-23 16:24 . 2007-12-23 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-23 15:04 . 2007-12-23 15:04 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-22 17:27 . 2007-12-22 17:27 <DIR> d-------- C:\Program Files\Thomson
2007-12-22 17:27 . 2007-12-25 10:46 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 17:27 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2007-12-22 10:58 . 2007-12-22 10:58 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-12-22 10:58 . 2007-12-22 10:58 <DIR> d-------- C:\Program Files\Winamp Remote
2007-12-22 10:58 . 2007-12-22 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-12-22 10:58 . 2007-12-22 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-22 10:57 . 2007-12-22 10:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-22 10:48 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-22 10:48 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-22 10:48 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-22 08:27 . 2007-12-22 08:27 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-21 23:02 . 2007-12-28 16:21 <DIR> d-------- C:\Documents and Settings\piotrek\Dane aplikacji\Tibia
2007-12-21 22:38 . 2007-12-21 22:38 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-21 18:45 . 2007-12-21 18:45 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-21 18:44 . 2007-12-21 18:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 17:10 . 2007-12-21 23:02 <DIR> d-------- C:\Program Files\Tibia
2007-12-21 17:06 . 2007-12-21 17:06 <DIR> d-------- C:\Program Files\XviD
2007-12-21 17:06 . 2007-12-21 17:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 16:29 --------- d-----w C:\Program Files\Winamp
2008-01-02 16:29 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-21 15:51 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-12-21 15:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-12-21 15:27 --------- d-----w C:\Program Files\mozilla.org
2007-12-21 15:25 --------- d-----w C:\Documents and Settings\piotrek\Dane aplikacji\Talkback
2007-12-21 15:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 14:52 --------- d-----w C:\Program Files\Alwil Software
2007-12-21 14:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 14:47 --------- d-----w C:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
- Kod: Zaznacz wszystko
----a-w 79,224 2008-01-02 16:17:59 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 217,088 2007-12-26 20:11:44 C:\Program Files\Common Files\ACD Systems\EN\DevDetect .exe
----a-w 2,396,160 2007-12-23 16:58:53 C:\Program Files\Gadu-Gadu\gg .exe
----a-w 2,396,160 2007-12-31 18:43:55 C:\Program Files\Gadu-Gadu\gg .exe
----a-w 171,448 2008-01-02 16:18:02 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w 1,077,277 2007-12-26 20:11:49 C:\Program Files\Messenger\msmsgs .exe
----a-w 21,686,568 2007-12-23 16:59:46 C:\Program Files\Skype\Phone\Skype .exe
----a-w 888,832 2007-12-26 20:11:48 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag .exe
----a-w 37,376 2007-12-26 20:11:43 C:\Program Files\Winamp\winampa .exe
----a-w 471,040 2007-12-26 20:11:49 C:\Program Files\Winamp Remote\bin\OrbTray .exe
((((((((((((((((((((((((((((( snapshot@2008-01-02_17.32.30.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-02 16:13:27 3,047,424 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
+ 2008-01-02 16:49:18 3,047,424 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
- 2008-01-02 16:13:28 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-01-02 16:49:18 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-01-02 16:51:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_454.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg .exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-12-15 18:01]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-21 18:45]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\System32\drivers\GVCplDrv.sys [2003-09-30 06:25]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:57:46
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-02 17:59:09
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 16:59:02
C:\qoobox\ComboFix2.txt 2008-01-02 16:33:27
