ComboFix 08-08-29.02 - Ponki 2008-08-30 12:19:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.723 [GMT 2:00] Running from: D:\XPY\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Ponki\Dane aplikacji\ezpinst.log . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-29 23:56 . 2008-08-29 23:56 2008-08-29 16:27 . 2008-08-29 16:27 2008-08-26 21:56 . 2008-08-28 22:11 2008-08-26 21:03 . 2008-08-26 21:03 2008-08-26 21:01 . 2008-08-26 21:01 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-08-26 20:57 . 2008-08-28 20:22 376,158 --a------ C:\WINDOWS\Label3 2008-08-26 20:39 . 2008-08-28 20:22 573,118 --a------ C:\WINDOWS\Label9 2008-08-26 20:39 . 2008-08-28 20:22 108 --a------ C:\WINDOWS\Label7 2008-08-26 20:39 . 2008-08-28 20:22 28 --a------ C:\WINDOWS\Label10 2008-08-26 11:11 . 2008-08-26 11:11 2008-08-26 09:57 . 2008-08-26 11:53 23,150 --ah----- C:\WINDOWS\system32\Atmplkxx.GID 2008-08-24 20:49 . 2008-08-24 20:49 2008-08-24 11:54 . 2008-08-24 11:54 2008-08-24 11:42 . 2008-08-24 11:42 2008-08-24 11:36 . 2008-08-24 11:36 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-23 12:20 . 2008-08-23 12:20 2008-08-23 12:20 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-23 12:20 . 2008-08-28 22:36 4,566 --a------ C:\WINDOWS\imsins.BAK 2008-08-23 11:42 . 2008-08-23 11:42 2008-08-23 11:42 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-08-22 22:00 . 2008-08-22 22:00 2008-08-22 16:50 . 2008-08-22 20:38 2008-08-22 16:50 . 2008-08-22 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-22 16:50 . 2008-08-22 16:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-22 16:49 . 2008-08-22 16:49 2008-08-20 17:27 . 2008-08-20 17:27 38 --a------ C:\WINDOWS\AviSplitter.INI 2008-08-20 16:42 . 2008-08-20 16:42 2008-08-10 12:55 . 2008-08-14 11:36 2,102 --a------ C:\WINDOWS\system32\SHORTCUT.INI 2008-08-10 12:53 . 2008-08-14 11:36 130 --a------ C:\WINDOWS\system32\REMOTEDEVICE.INI 2008-08-10 12:42 . 2008-08-14 11:36 4,961 --a------ C:\WINDOWS\system32\LOCALSERVICE.INI 2008-08-10 12:41 . 2008-08-14 11:31 98 --a------ C:\WINDOWS\system32\LOCALDEVICE.INI 2008-08-10 12:39 . 2008-08-10 12:39 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-08-08 16:45 . 2008-08-08 16:45 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-08-08 16:04 . 2008-08-08 16:04 2008-08-08 16:04 . 2008-08-13 20:15 209 --a------ C:\WINDOWS\BsMobileModel.ini 2008-08-08 15:51 . 2008-08-10 12:37 2008-08-02 14:22 . 2008-08-02 14:22 144 --a------ C:\WINDOWS\Eudcedit.ini 2008-08-01 15:46 . 2008-08-01 15:46 1,717,848 --a------ C:\WINDOWS\system32\skype4com.dll 2008-07-04 19:19 . 2008-07-04 19:19 2008-07-04 18:39 . 2008-07-04 18:39 2008-07-04 18:38 . 2008-07-04 18:40 2008-07-03 23:07 . 2008-07-03 23:07 2008-07-03 23:06 . 2008-08-08 16:45 2008-07-03 23:06 . 2008-07-03 23:06 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 20:11 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-08-28 19:08 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-26 07:53 --------- d-----w C:\Documents and Settings\Ponki\Dane aplikacji\XnView 2008-08-24 10:20 --------- d-----w C:\Program Files\RocketDock 2008-08-15 17:08 --------- d-----w C:\Program Files\IconXP 2008-08-15 16:42 --------- d-----w C:\Program Files\EtherChange DOS 2008-08-15 16:29 --------- d-----w C:\Program Files\Notepad++ 2008-08-08 14:45 --------- d-----w C:\Program Files\Xvid 2008-08-08 14:45 --------- d-----w C:\Program Files\Real Alternative 2008-08-08 14:45 --------- d-----w C:\Program Files\QuickTime Alternative 2008-08-08 14:45 --------- d-----w C:\Program Files\Java Web Start 2008-08-08 13:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth 2008-08-01 03:34 561,152 ------w C:\WINDOWS\system32\ati2cqag.dll 2008-07-04 16:03 --------- d-----w C:\Program Files\DivX 2008-07-03 20:56 --------- d-----w C:\Program Files\Gadu-Gadu 2008-07-03 20:56 --------- d-----w C:\Documents and Settings\Ponki\Dane aplikacji\Wireshark 2008-07-03 20:56 --------- d-----w C:\Documents and Settings\Ponki\Dane aplikacji\Dev-Cpp 2008-07-03 20:46 --------- d-----w C:\Program Files\Wireshark 2008-06-29 08:23 --------- d-----w C:\Program Files\McFunSoft Video Solution 2008-06-21 14:08 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe 2008-06-04 16:30 9,728 ----a-w C:\WINDOWS\system32\BsMonUI.dll 2008-06-04 16:30 57,430 ----a-w C:\WINDOWS\system32\btfunc.dll 2008-06-04 16:30 53,248 ----a-w C:\WINDOWS\system32\HtmPrintHelper.dll 2008-06-04 16:30 405,589 ----a-w C:\WINDOWS\system32\BsUI.dll 2008-06-04 16:30 278,647 ----a-w C:\WINDOWS\system32\outlookAddin.dll 2008-06-04 16:30 18,432 ----a-w C:\WINDOWS\system32\BsMonSvr.dll 2008-06-04 16:29 622,693 ----a-w C:\WINDOWS\system32\BSShell.dll 2008-06-04 16:29 540,758 ----a-w C:\WINDOWS\system32\Bscdlg.dll 2008-06-04 16:29 114,788 ----a-w C:\WINDOWS\system32\BsProfileFunc.dll 2008-06-04 16:29 114,774 ----a-w C:\WINDOWS\system32\versit.dll 2008-06-04 16:28 94,314 ----a-w C:\WINDOWS\system32\BsHelpCSps.dll 2008-06-04 16:28 520,307 ----a-w C:\WINDOWS\system32\BlueSoleilCSps.dll 2008-06-04 16:28 143,450 ----a-w C:\WINDOWS\system32\BsCommon.dll 2008-06-04 16:27 98,403 ----a-w C:\WINDOWS\system32\Bs2Res.dll 2008-06-04 16:27 28,766 ----a-w C:\WINDOWS\system32\PlayerCtrl.dll 2008-06-04 16:27 28,672 ----a-w C:\WINDOWS\system32\BsMobileCSps.dll 2008-06-04 16:27 225,364 ----a-w C:\WINDOWS\system32\BsSDK.dll 2008-06-04 16:27 118,880 ----a-w C:\WINDOWS\system32\BsMobileSDK.dll 2008-06-04 16:26 28,760 ----a-w C:\WINDOWS\system32\BsTrace.dll 2008-05-19 04:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll 2008-05-19 04:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll 2008-05-19 04:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll 2008-05-18 23:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe 2007-12-28 13:30 81,920 ----a-w C:\Documents and Settings\Ponki\Dane aplikacji\ezpinst.exe 2007-12-28 13:30 47,360 ----a-w C:\Documents and Settings\Ponki\Dane aplikacji\pcouffin.sys . ------- Sigcheck ------- 2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-04 01:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360] “RocketDock”=“C:\Program Files\RocketDock\RocketDock.exe” [2007-01-28 04:55 462848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-19 11:39 35328] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792] “eabconfg.cpl”=“C:\Program Files\Compaq\EAB\EABSERVR.EXE” [2002-11-12 12:39 229376] “PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2006-01-31 14:20 180224] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-11-13 21:10 335872] “ATIModeChange”=“Ati2mdxx.exe” [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{35B2861B-2B26-4691-9FF0-09083722C736}”= “C:\WINDOWS\system32\RadExe.dll” [2005-04-27 03:49 200704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.ffds”= ffdshow.ax “msacm.divxa32”= msaud32_divx.acm [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”= “C:\Program Files\WinPcap\rpcapd.exe”= “C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “3389:TCP”= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 19:28] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-06-05 17:50] R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 18:26] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:44] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 18:28] R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 19:28] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\ATI Tray Tools\atitray.sys [] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-12-31 20:35] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the ‘Scheduled Tasks’ folder 2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 22:51] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Ponki\Dane aplikacji\Mozilla\Firefox\Profiles\gpdgvhq0.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.google.pl FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava13.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJPI141_01.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPOJI610.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 12:20:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-30 12:23:05 ComboFix-quarantined-files.txt 2008-08-30 10:23:02 Pre-Run: 3,510,902,784 bajtów wolnych Post-Run: 3,496,632,320 bajtów wolnych 195 — E O F — 2008-08-23 10:20:44