ComboFix 07-12-09.3 - lemon i bobek 2007-12-09 12:42:36.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.648 [GMT 1:00] Running from: C:\Documents and Settings\lemon i bobek\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-08 18:48 . 2007-12-08 19:35 2007-12-08 18:48 . 2007-12-08 18:48 2007-12-08 16:35 . 2007-12-08 16:35 2007-12-08 16:35 . 2007-12-08 16:35 2007-12-08 16:27 . 2007-12-08 16:27 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini 2007-12-08 16:27 . 2007-12-08 16:27 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini 2007-12-06 21:08 . 2007-12-06 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-06 21:08 . 2007-12-06 21:08 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-04 20:06 . 2007-12-04 20:14 2007-12-04 20:05 . 2007-12-04 20:05 2007-12-01 11:47 . 2007-12-01 11:47 2007-12-01 11:25 . 2007-12-01 11:25 2007-12-01 11:25 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-01 11:25 . 2007-12-04 20:40 140,158 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-01 11:25 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-01 11:19 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-26 15:35 . 2006-02-17 20:34 85,408 -ra------ C:\WINDOWS\system32\drivers\k510mgmt.sys 2007-11-26 15:35 . 2006-02-17 20:34 83,344 -ra------ C:\WINDOWS\system32\drivers\k510obex.sys 2007-11-26 15:28 . 2006-02-17 20:34 94,064 -ra------ C:\WINDOWS\system32\drivers\k510mdm.sys 2007-11-26 15:28 . 2006-02-17 20:34 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-11-26 15:28 . 2006-02-17 20:34 8,336 -ra------ C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-11-26 15:28 . 2006-02-17 20:34 6,176 -ra------ C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-11-26 15:28 . 2006-02-17 20:34 6,176 -ra------ C:\WINDOWS\system32\drivers\k510cm.sys 2007-11-26 15:28 . 2006-02-17 20:34 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-11-26 15:28 . 2006-02-17 20:34 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-11-25 10:39 . 2007-11-25 10:39 2007-11-24 17:57 . 2007-11-24 17:57 2007-11-24 17:57 . 2007-11-24 17:57 2007-11-24 17:57 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-24 17:57 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-24 17:56 . 2007-11-24 17:56 2007-11-23 17:16 . 2007-12-08 19:31 2007-11-23 17:16 . 2007-11-23 17:16 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-19 21:38 . 2007-11-19 21:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-11-19 21:38 . 2007-11-19 21:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-11-19 21:33 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2007-11-19 21:33 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2007-11-19 21:28 . 2007-11-19 21:28 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-11-19 21:28 . 2007-11-19 21:28 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-11-19 21:28 . 2007-11-19 21:28 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2007-11-17 19:58 . 2007-11-17 19:58 2007-11-17 19:57 . 2007-11-17 19:57 2007-11-17 19:56 . 2007-11-19 21:28 2007-11-17 19:55 . 2007-11-17 19:55 2007-11-17 19:55 . 2007-11-19 21:24 2007-11-17 19:55 . 2007-11-17 19:55 2007-11-17 19:55 . 2007-11-17 19:55 2007-11-17 19:55 . 2007-11-17 19:55 2007-11-17 19:55 . 2007-11-17 19:55 2007-11-17 19:19 . 2006-05-15 14:35 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys 2007-11-17 19:18 . 2006-05-15 14:35 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys 2007-11-17 19:18 . 2006-05-15 14:35 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys 2007-11-17 19:18 . 2006-05-15 14:35 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys 2007-11-17 19:17 . 2006-05-15 14:35 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys 2007-11-17 19:17 . 2006-05-15 14:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2007-11-17 19:17 . 2006-05-15 14:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2007-11-17 19:16 . 2006-05-15 14:35 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2007-11-17 19:16 . 2006-05-15 14:36 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2007-11-17 19:16 . 2006-05-15 14:36 5,872 -ra------ C:\WINDOWS\system32\drivers\se27wh.sys 2007-11-15 22:24 . 2007-11-15 22:24 2007-11-15 22:24 . 2007-11-15 22:24 2007-11-15 22:24 . 2007-12-08 19:32 2007-11-15 21:47 . 2007-01-18 13:38 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-11-12 18:25 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-12 18:25 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-12 18:25 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-12 18:25 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2007-11-09 16:56 . 2007-11-09 17:02 2007-11-09 16:44 . 2007-11-09 16:54 2007-11-09 16:44 . 2007-11-09 16:44 2007-11-09 16:44 . 2007-11-10 09:24 2007-11-09 16:44 . 2007-11-09 16:44 2007-11-09 16:44 . 2007-11-09 16:44 2007-11-09 15:38 . 2007-11-09 15:38 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 08:43 --------- d-----w C:\Program Files\Kalendarz XP 2007-12-08 16:56 --------- d-----w C:\Documents and Settings\lemon i bobek\Dane aplikacji\Image Zone Express 2007-12-08 15:35 --------- d-----w C:\Program Files\HP 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-17 18:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-15 21:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-07 14:19 --------- d-----w C:\Program Files\Neostrada TP 2007-11-07 13:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP 2007-11-07 13:50 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-07 13:49 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-11-07 13:43 --------- d-----w C:\Documents and Settings\lemon i bobek\Dane aplikacji\HP 2007-11-07 13:34 --------- d-----w C:\Program Files\Thomson 2007-11-07 13:34 --------- d-----w C:\Program Files\Java 2007-11-07 13:29 --------- d-----w C:\Program Files\Realtek 2007-11-07 13:28 --------- d-----w C:\Program Files\AMD 2007-11-07 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 13:17 --------- d-----w C:\Program Files\Usługi online 2007-10-27 14:26 --------- d-----w C:\Program Files\Common Files\DirectX 2007-10-27 14:18 --------- d-----w C:\Program Files\EA GAMES 2007-10-27 11:50 --------- d-----w C:\Program Files\Lavalys 2007-10-27 10:19 --------- d-----w C:\Program Files\Real Alternative 2007-10-27 09:03 --------- d-----w C:\Documents and Settings\lemon i bobek\Dane aplikacji\GanymedeNet 2007-10-20 17:12 --------- d–h--r C:\Program Files\MSOCache 2007-10-20 14:27 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-20 12:48 --------- d-----w C:\Program Files\Alwil Software 2007-10-19 13:16 --------- d-----w C:\Program Files\Valve 2007-10-16 15:33 --------- d-----w C:\Program Files\CDex_150 2007-10-16 14:29 --------- d-----w C:\Program Files\MarBit 2007-10-12 17:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-10-09 13:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll 2007-10-09 13:09 --------- d-----w C:\Program Files\Java Web Start 2007-10-09 13:06 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] “RTHDCPL”=“RTHDCPL.EXE” [] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2005-07-27 11:59] “tray”=“C:\Program Files\CodedColor\byngo.exe” [] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06] “NvCplDaemon”=“RUNDLL32.exe” [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26] Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-11-07 14:54:06] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\DOCUME~1\LEMONI~1\USTAWI~1\Temp\boetlrtkE13E374.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 12:44:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “tray”"="“C:\Program Files\CodedColor\byngo.exe /tray”" . Completion time: 2007-12-09 12:44:51 . — E O F —