“J&G” - 2007-06-06 0:12:27 Dodatek Service Pack. 1 NTFS ComboFix 07-06-3B - Running from: “C:\Documents and Settings\J&G\Pulpit” ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll C:\Program Files\video activex object C:\WINDOWS\system32\xpdx.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_GB -------\gb -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 ))))))))))))))))))))))))))))))) 2007-06-06 00:21 2007-06-06 00:16 2007-06-06 00:06 2007-06-05 21:30 40,960 --a------ C:\tvuynuup.exe 2007-06-05 09:39 3,072 --a------ C:\WINDOWS\system32\drivers\kcp.sys 2007-06-05 09:36 53,248 --a------ C:\WINDOWS\system32\oleauth32.dll 2007-06-05 09:27 57,856 --a------ C:\dvlhfvhu.exe 2007-06-05 09:27 51,712 --a------ C:\mkwm.exe 2007-06-05 09:27 15,872 --a------ C:\mjgakrdu.exe 2007-06-05 09:27 11,264 --a------ C:\tgmvmjba.exe 2007-06-05 09:25 2007-06-05 09:24 2007-06-05 09:22 2007-06-05 09:22 2007-06-05 09:22 2007-06-05 09:19 2007-06-04 11:47 2007-06-04 11:40 2007-06-04 11:25 133,120 --a------ C:\WINDOWS\system32\Winagler.exe 2007-06-04 10:18 2007-06-04 10:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-03 18:41 41,776 --a------ C:\WINDOWS\tagm.exe 2007-06-03 18:40 41,776 --a------ C:\WINDOWS\klyd.exe 2007-06-01 18:31 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-06-01 18:31 2007-06-01 18:29 90,240 --a------ C:\WINDOWS\system32\drivers\sptd8317.sys 2007-06-01 18:29 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-31 13:15 2007-05-31 09:50 2007-05-27 21:32 2007-05-27 20:41 2007-05-27 20:24 2007-05-27 20:17 2007-05-22 20:51 2007-05-22 20:50 2007-05-22 20:50 2007-05-22 20:50 2007-05-18 11:33 2007-05-18 09:21 2007-05-17 23:34 2007-05-17 23:33 2007-05-12 11:03 2007-05-10 21:13 284,840 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-05-10 21:12 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll 2007-05-10 21:12 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll 2007-05-10 21:12 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll 2007-05-10 21:12 733,184 --a------ C:\WINDOWS\system32\NCTAudioLibrary2.dll 2007-05-10 21:12 614,400 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll 2007-05-10 21:12 471,040 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll 2007-05-10 21:12 286,720 --a------ C:\WINDOWS\system32\NCTAVIFile.dll 2007-05-10 21:12 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-05-10 21:12 196,608 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll 2007-05-10 21:12 159,744 --a------ C:\WINDOWS\system32\NCTWMVFile.dll 2007-05-10 21:12 106,496 --a------ C:\WINDOWS\system32\NCTVideoFile.dll 2007-05-10 21:12 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-05-10 21:12 1,662,976 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll 2007-05-10 21:12 2007-05-10 12:14 2007-05-10 12:14 2007-05-08 16:50 2007-05-08 10:11 2007-05-08 10:07 847,872 --a------ C:\WINDOWS\system32\msimsg.dll 2007-05-08 10:07 74,240 --a------ C:\WINDOWS\system32\msiexec.exe 2007-05-08 10:07 56 -r-hs---- C:\WINDOWS\system32\792EC98A91.sys 2007-05-08 10:07 39,936 --a------ C:\WINDOWS\system32\msisip.dll 2007-05-08 10:07 305,664 --a------ C:\WINDOWS\system32\msihnd.dll 2007-05-08 10:07 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-05-08 10:07 2,086,400 --a------ C:\WINDOWS\system32\msi.dll 2007-05-08 10:07 2007-05-08 10:06 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-05 22:21:33 519,680 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-06-05 20:36:06 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-100A1102}.dat 2007-06-05 20:36:06 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-100A1102}.dat 2007-06-05 07:22:50 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-31 11:17:23 -------- d-----w C:\Program Files\Winamp 2007-05-10 10:42:06 -------- d-----w C:\Program Files\CDex_150 2007-05-08 08:10:41 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-03 19:48:50 -------- d-----w C:\Program Files\CDex_151 2007-05-03 10:01:16 -------- d-----w C:\Program Files\ColorCast 2007-05-03 09:56:07 -------- d-----w C:\Program Files\ClearSkin 2007-05-03 09:48:47 -------- d-----w C:\Program Files\JPEGCompress 2007-05-03 09:47:33 978 ----a-w C:\WINDOWS\unins000.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-29 19:10:05 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-04-29 19:09:39 -------- d-----w C:\Program Files\Common Files\AVSMedia 2007-04-29 19:09:17 -------- d-----w C:\Program Files\AVSMedia 2007-04-29 18:31:28 -------- d-----w C:\DOCUME~1\J&G\DANEAP~1\INTERIAPL 2007-04-29 18:30:57 -------- d-----w C:\Program Files\INTERIAPL 2007-04-28 09:43:40 -------- d-----w C:\DOCUME~1\J&G\DANEAP~1\Media Player Classic 2007-04-28 09:41:55 -------- d-----w C:\Program Files\VIDEOzilla 2007-04-28 09:41:13 -------- d-----w C:\Program Files\QuickTime Alternative 2007-04-28 09:41:08 -------- d-----w C:\Program Files\Media Player Classic 2007-04-25 05:42:30 -------- d-----w C:\Program Files\Przegladarka migawek 2007-04-25 05:37:21 -------- d-----w C:\DOCUME~1\J&G\DANEAP~1\Microsoft Web Folders 2007-04-22 09:07:41 -------- d-----w C:\Program Files\Allok Video to FLV Converter 2007-04-19 18:37:09 -------- d-----w C:\Program Files\eTeacher 5 SE 2007-04-19 12:59:59 -------- d-----w C:\Program Files\MIKSOFT 2007-04-19 12:23:27 -------- d-----w C:\Program Files\Ringtone Media Studio 2007-04-19 12:20:03 -------- d-----w C:\Program Files\Avanquest update 2007-04-19 12:20:01 -------- d-----w C:\DOCUME~1\J&G\DANEAP~1\InstallShield 2007-04-19 12:15:41 -------- d-----w C:\Program Files\IrfanView 2007-04-19 12:15:41 -------- d-----w C:\DOCUME~1\J&G\DANEAP~1\Help 2007-04-19 12:15:02 -------- d-----w C:\Program Files\Audacity 1.3 Beta 2007-04-08 15:00:26 -------- d-----w C:\Program Files\MarBit 2007-04-08 14:48:53 -------- d-----w C:\Program Files\DivX 2007-04-07 16:50:49 -------- d–h--w C:\Program Files\WindowsUpdate 2007-03-25 06:36:51 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:36:51 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-23 09:30:31 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-23 08:45:27 0 --sha-r C:\MSDOS.SYS 2007-03-23 08:45:27 0 --sha-r C:\IO.SYS 2007-03-23 08:45:27 0 ----a-w C:\CONFIG.SYS 2007-03-23 08:45:27 0 ----a-w C:\AUTOEXEC.BAT 2007-03-23 08:42:40 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-22 19:05:00 532,480 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat 2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat 2002-09-28 22:00:00 133,120 --sh–r C:\WINDOWS\system32\ncfsmvmk.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2007-05-14 17:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 13:52] “@”="" [] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 15:25] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “CTHelper”=“CTHELPER.EXE” [2003-08-28 10:45 C:\WINDOWS\system32\CTHELPER.EXE] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 10:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-29 00:00] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “”= “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) “Creative Service for CDROM Access”=2 (0x2) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-06 00:30:23 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-06 0:32:14 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-06 00:32 — E O F —