ComboFix 08-03-23.2 - Admin 2008-03-24 14:16:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1445 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.
2008-03-24 10:30 . 2008-03-24 10:30
2008-03-23 18:47 . 2008-03-23 18:47
2008-03-23 17:34 . 2008-03-24 11:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-23 17:34 . 2008-03-24 11:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 14:29 . 2008-03-23 14:29 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-23 14:29 . 2008-03-23 14:29 64,046 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-23 14:27 . 2008-03-23 14:27
2008-03-23 14:27 . 2008-03-23 14:29 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-23 13:57 . 2000-04-30 12:14 643,072 --a------ C:\WINDOWS\system32\DolbyHph.dll
2008-03-23 13:57 . 2003-05-07 13:11 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-03-23 13:57 . 2003-01-29 17:39 53,248 --a------ C:\WINDOWS\system32\dcfft2.dll
2008-03-23 13:57 . 2000-03-09 03:30 40,960 --a------ C:\WINDOWS\system32\DolbyHphMM.dll
2008-03-22 20:26 . 2008-03-22 20:26 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-22 19:40 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-03-22 19:40 . 2001-08-17 21:56 7,552 --a–c— C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-22 19:38 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-03-22 19:38 . 2004-08-03 23:10 51,328 --a–c— C:\WINDOWS\system32\dllcache\msdv.sys
2008-03-22 19:38 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-22 19:38 . 2004-08-03 23:10 48,128 --a–c— C:\WINDOWS\system32\dllcache\61883.sys
2008-03-22 19:38 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-03-22 19:38 . 2004-08-03 23:10 38,912 --a–c— C:\WINDOWS\system32\dllcache\avc.sys
2008-03-22 18:28 . 2008-03-22 18:28
2008-03-22 18:15 . 2008-03-22 18:16 141 --a------ C:\WINDOWS\WebUpdateSvc4.INI
2008-03-22 18:14 . 2008-03-22 18:18
2008-03-22 18:14 . 2008-03-22 18:14 47,624 --a------ C:\WINDOWS\system32\wuwuninst.exe
2008-03-22 18:13 . 2008-03-22 18:13
2008-03-22 18:05 . 2008-03-22 18:05
2008-03-22 18:04 . 2008-03-23 17:11
2008-03-22 18:04 . 2004-12-06 21:31 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-22 18:03 . 2008-03-22 18:04
2008-03-22 18:02 . 2008-03-22 18:02
2008-03-22 17:53 . 2008-03-22 17:53
2008-03-22 17:53 . 2008-03-22 17:53
2008-03-22 17:53 . 2004-11-25 12:05 548,864 --a------ C:\WINDOWS\system32\dfxg15.dll
2008-03-22 17:51 . 2008-03-22 17:51
2008-03-22 17:51 . 2008-03-22 17:51
2008-03-22 17:51 . 2008-03-22 17:51
2008-03-22 17:51 . 2008-03-22 17:51
2008-03-22 17:44 . 2008-03-22 17:44
2008-03-22 17:44 . 2008-03-22 17:44
2008-03-22 17:41 . 2008-02-21 03:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-22 17:41 . 2008-02-21 03:05 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-22 17:41 . 2008-02-21 03:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-22 17:41 . 2008-02-21 03:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-22 17:37 . 2008-03-22 17:37
2008-03-22 17:29 . 2008-03-22 17:29
2008-03-22 17:28 . 2008-03-24 11:12
2008-03-22 17:07 . 2008-03-22 17:21
2008-03-22 17:07 . 2008-03-22 17:21
2008-03-22 16:58 . 2008-03-22 16:59
2008-03-22 16:51 . 2008-03-22 17:41
2008-03-22 16:51 . 2008-03-23 17:30
2008-03-22 16:51 . 2008-02-21 03:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-22 16:51 . 2008-02-21 03:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-22 16:46 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-22 16:06 . 2008-03-22 16:06
2008-03-22 16:00 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2008-03-22 16:00 . 2008-03-22 16:00 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
2008-03-22 15:36 . 2008-03-22 15:36 995 --a------ C:\WINDOWS\EnglishTranslator.INI
2008-03-22 15:35 . 2008-03-22 15:35
2008-03-22 15:35 . 2008-03-22 15:35
2008-03-22 14:21 . 2008-03-22 14:21
2008-03-22 14:20 . 2008-03-22 14:20
2008-03-22 14:20 . 2008-03-22 14:20
2008-03-22 14:19 . 2008-03-22 14:19
2008-03-22 14:19 . 2008-03-22 14:19
2008-03-22 14:19 . 2008-03-22 16:58
2008-03-22 14:18 . 2008-03-22 14:18
2008-03-22 14:18 . 2008-03-22 16:48
2008-03-22 14:18 . 2008-03-22 16:43
2008-03-22 14:18 . 2008-03-22 16:48
2008-03-22 14:18 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-22 14:18 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-22 14:18 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-22 14:18 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-22 14:18 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-22 14:18 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-22 14:01 . 2008-03-22 14:13
2008-03-22 14:01 . 2008-03-24 14:08
2008-03-22 13:28 . 2008-03-22 19:20
2008-03-22 13:28 . 2004-03-05 12:52 8,876,032 --a------ C:\WINDOWS\system32\FocusMag.dll
2008-03-22 13:13 . 2008-03-22 13:13
2008-03-22 12:55 . 2008-03-22 13:10
2008-03-22 12:54 . 2008-03-22 13:14
2008-03-22 12:54 . 2008-03-22 13:09
2008-03-22 12:54 . 2008-03-22 13:08
2008-03-22 12:29 . 2008-03-22 12:30
2008-03-22 11:29 . 2008-03-22 11:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-22 11:26 . 2008-03-22 11:28
2008-03-22 10:45 . 2008-03-22 10:45
2008-03-22 10:05 . 2008-03-22 10:05
2008-03-22 09:53 . 2008-03-22 09:53 0 --a------ C:\WINDOWS\CorelRave.INI
2008-03-22 09:49 . 2008-03-22 09:49 394 --a------ C:\WINDOWS\capture.ini
2008-03-22 09:41 . 2008-03-23 18:47
2008-03-22 09:40 . 2008-03-22 09:40
2008-03-22 09:32 . 2008-03-22 09:32
2008-03-21 21:11 . 2008-03-21 21:11
2008-03-21 21:11 . 2008-03-21 21:11
2008-03-21 20:59 . 2008-03-21 21:02
2008-03-21 20:56 . 2008-03-21 20:56
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:47 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-23 13:29 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-22 08:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 19:37 --------- d-----w C:\Program Files\Creative
2008-03-20 19:29 --------- d-----w C:\Program Files\Intel
2008-03-20 19:28 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\InstallShield
2008-03-20 18:56 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-20 18:56 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-03-20 18:48 --------- d-----w C:\Program Files\Marvell
2008-03-20 18:47 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\TMP
2008-03-20 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 18:41 --------- d-----w C:\Program Files\Usługi online
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
.
------- Sigcheck -------
2004-08-04 12:00 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-04 12:00 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe
2004-08-04 12:00 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 12:00 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2007-10-11 00:41 825344 8789f8f08dea02d93e1fdc9d93e73b54 C:\WINDOWS$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:58 825344 fc62b038aba1fdb8ba3d7c44cb487beb C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-04 12:00 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:52 824832 21af9692c43e6e5f02422026e20886aa C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:14 824832 01412a2abd1154b25d4f5b5450585bb3 C:\WINDOWS\SoftwareDistribution\Download\55300b7e8d61ce9bbb13a52b8aed49ff\SP2GDR\wininet.dll
2007-12-07 02:58 825344 fc62b038aba1fdb8ba3d7c44cb487beb C:\WINDOWS\SoftwareDistribution\Download\55300b7e8d61ce9bbb13a52b8aed49ff\SP2QFE\wininet.dll
2007-10-11 00:52 824832 21af9692c43e6e5f02422026e20886aa C:\WINDOWS\SoftwareDistribution\Download\7c59664e8f072792fae12507a79e3ff9\SP2GDR\wininet.dll
2007-10-11 00:41 825344 8789f8f08dea02d93e1fdc9d93e73b54 C:\WINDOWS\SoftwareDistribution\Download\7c59664e8f072792fae12507a79e3ff9\SP2QFE\wininet.dll
2007-12-07 02:08 662016 d337ab52ead29afff58bc70bda22e9a4 C:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll
2007-12-07 01:48 668672 5c0b1281e1245d2f4af571b21b0ab21f C:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll
2007-12-07 03:14 815616 21863bd3751c26dba4f0874e37a3974f C:\WINDOWS\system32\wininet.dll
2007-12-07 03:14 815616 21863bd3751c26dba4f0874e37a3974f C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-04 12:00 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-04 12:00 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 12:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 12:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 12:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 12:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-13 14:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 14:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 12:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe
2007-06-13 14:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2gdr\explorer.exe
2007-06-13 14:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2qfe\explorer.exe
2007-06-13 14:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-21 08:09 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}”= “C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll” [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}”= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]
“RocketDock”=“C:\Program Files\RocketDock\RocketDock.exe” [2007-09-02 13:58 495616]
“UberIcon”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe” [2006-05-21 08:43 180224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112]
“Jet Detection”=“C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” [2001-10-04 01:00 28672]
“CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00 28672]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 11:01 51048]
“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-08-25 05:53 714608]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-06-16 06:03 221184]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]
C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-03-21 19:24:01 16485023]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [2008-03-22 14:01:26 4609096]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoViewOnDrive”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msimn.exe]
Debugger=C:\Program Files\Common Files\Techland\Translator\ExpressLauncher.exe
[HKLM~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^RocketDock.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^TransBar.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^UberIcon.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Y’z Shadow.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Y’z Shadow.lnk
backup=C:\WINDOWS\pss\Y’z Shadow.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^QuickTV.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\QuickTV.lnk
backup=C:\WINDOWS\pss\QuickTV.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
–a------ 2008-03-19 14:09 1739712 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
–a------ 2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChoiceMail]
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
–a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Expressivo]
–a------ 2007-12-06 11:42 2031616 C:\Program Files\ivo\Expressivo\expressivo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
–a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
–a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
–a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
–a------ 2005-10-27 04:43 53248 C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
–a------ 2007-09-18 08:22 25472 C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
–a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
–a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2004-12-06 21:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
–a------ 2007-08-02 21:08 95504 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 13:55 341232 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
–a------ 2002-02-07 19:01 40960 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-07-16 09:41]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-07-16 09:41]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 17:28]
R2 LiveUpdate Notice;LiveUpdate Notice;“C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon []
R2 WebUpdate4;Web Update Wizard Service V4;C:\WINDOWS\system32\WebUpdateSvc4.exe [2007-10-10 09:33]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 PsSdk31;PsSdk31;C:\WINDOWS\system32\Drivers\pssdk31.drv [2008-03-21 19:08]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
*Newly Created Service* - COMHOST
.
Contents of the ‘Scheduled Tasks’ folder
“2008-03-23 16:50:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Admin.job”
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
“2008-03-24 11:06:57 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job”
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 14:17:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???D???7???6~??6~D???U?6~??6~???_???C@???sD???s???7?A??s?7??C@?x???`|?w???@
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PsSdk31]
“ImagePath”="??\C:\WINDOWS\system32\Drivers\pssdk31.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-
C:\Program Files\RocketDock\RocketDock.dll
-
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Completion time: 2008-03-24 14:17:21
ComboFix-quarantined-files.txt 2008-03-24 13:17:19
ComboFix2.txt 2008-03-24 13:13:00
.
2008-03-23 08:43:42 — E O F —