ComboFix 07-10-23.2 - ťukasz 2007-10-24 18:05:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.534 [GMT 2:00] Running from: C:\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 18:04 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 15:56 2007-10-21 15:16 2007-10-21 15:10 2007-10-21 15:10 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-10-21 15:09 2007-10-13 15:53 135,168 --a------ C:\WINDOWS\system32\UAService7.exe 2007-10-13 15:53 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-13 15:50 2007-10-13 15:47 2007-10-13 15:44 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-12 17:57 2007-10-11 16:37 2007-10-11 16:35 2007-10-11 16:35 2007-10-11 15:03 2007-10-10 22:45 2007-10-10 22:45 2007-10-10 22:41 2007-10-10 22:41 2007-10-10 22:26 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-10 22:26 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-10-10 19:21 2007-10-10 18:55 2007-10-10 18:54 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-10-10 18:54 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-10-10 18:54 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-10-10 18:54 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2007-10-10 18:54 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-10-10 18:54 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-10-10 18:53 2007-10-10 18:52 2007-10-10 18:52 19,558 --a------ C:\WINDOWS\hpoins01.dat 2007-10-10 18:52 16,606 --------- C:\WINDOWS\hpomdl01.dat 2007-10-10 18:37 2007-10-10 18:37 2007-10-10 18:37 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-10 18:37 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-10 18:36 2007-10-10 18:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-10 18:28 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-10-10 18:25 2007-10-10 18:25 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-10-10 18:24 2007-10-10 18:23 2007-10-10 18:18 2007-10-10 18:13 2007-10-10 18:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-10-10 18:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-10-10 18:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-10-10 18:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-10-10 18:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-10-10 18:10 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-10-10 18:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-10-10 18:10 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-10-10 18:09 2007-10-10 18:08 2007-10-10 18:08 2007-10-10 18:08 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll 2007-10-10 18:08 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll 2007-10-10 18:08 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll 2007-10-10 18:08 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-10 18:08 38,912 -ra------ C:\WINDOWS\system32\picn20.dll 2007-10-10 03:30 2007-10-10 02:01 2007-10-10 01:59 2007-10-10 01:53 2007-10-10 01:43 2007-10-10 01:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-10 01:39 2007-10-10 01:33 2007-10-10 01:33 2007-10-10 01:33 2007-10-10 01:28 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2007-10-10 01:18 2007-10-10 01:15 2007-10-10 01:09 2007-10-10 01:08 2007-10-10 01:08 2007-10-10 01:08 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 01:02 2007-10-10 00:56 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-10-10 00:24 2007-10-10 00:24 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-10 00:24 139,264 --a------ C:\WINDOWS\system32\eax.dll 2007-10-10 00:18 2007-10-10 00:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-10 00:00 2007-10-10 00:00 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-10-10 00:00 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-09 22:31 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys 2007-10-09 22:30 2007-10-09 22:29 2007-10-09 22:29 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 20:21 3,670,016 —ha-w C:\Documents and Settings\Łukasz\NTUSER.DAT 2007-10-12 15:57 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\WinRAR 2007-10-11 14:37 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Gadu-Gadu 2007-10-10 20:49 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Winamp 2007-10-10 16:55 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Hewlett-Packard 2007-10-10 16:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-10 16:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-10 16:29 --------- d-s—w C:\Documents and Settings\Łukasz\Dane aplikacji\Microsoft 2007-10-10 16:18 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\CyberLink 2007-10-10 16:11 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Ahead 2007-10-09 23:23 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2007-10-09 23:20 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Real 2007-10-09 23:07 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Apple Computer 2007-10-09 21:59 --------- d-----w C:\Program Files\SubEdit-Player 2007-10-09 21:55 --------- d-----w C:\Program Files\Java 2007-10-09 21:54 --------- d-----w C:\Program Files\Common Files\Java 2007-10-09 21:54 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Sun 2007-10-09 21:52 --------- d-----w C:\Program Files\Unrar 2007-10-09 21:52 --------- d-----w C:\Program Files\Unarj 2007-10-09 21:52 --------- d-----w C:\Program Files\UnAce 2007-10-09 21:47 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Macromedia 2007-10-09 21:42 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-09 21:42 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Adobe 2007-10-09 21:36 --------- d-----w C:\Program Files\Western Digital Technologies 2007-10-09 21:36 --------- d-----w C:\Program Files\QPrinter 2007-10-09 21:36 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\QPrinter 2007-10-09 19:36 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Identities 2007-10-09 19:29 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-09 19:28 --------- d-----w C:\Program Files\Usługi online 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 12:54 C:\WINDOWS\RTHDCPL.exe] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe] “AsusStartupHelp”=“C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe” [2006-11-13 16:25] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-28 18:43] “nwiz”=“nwiz.exe” [2007-06-28 18:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-28 18:43] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-09-26 14:42] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-10-10 01:08] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 23:59] “osCheck”=“C:\Program Files\Norton AntiVirus\osCheck.exe” [2007-01-14 01:11] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 11:22] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 07:28] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54] “Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2007-10-08 02:18] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 13:24] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] C:\Documents and Settings\ťukasz\Menu Start\Programy\Autostart\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys S3 sony_ssm.sys;sony_ssm.sys;??\C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\sony_ssm.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-10-09 23:02:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe “2007-10-10 16:55:37 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1192035311.job” - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe “2007-10-10 16:41:04 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Łukasz.job” “2007-10-24 16:05:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF3A3F2D-D0E7-41EA-A031-A128BECC674A}.job” - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 18:06:32 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-24 18:06:52 . — E O F —