ComboFix 07-10-23.2 - Pobor_ 2007-10-27 16:13:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.490 [GMT 2:00] Running from: C:\Documents and Settings\Pobor_\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))) . 2007-10-27 16:13 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-27 14:49 2007-10-27 12:50 2007-10-27 12:31 2007-10-26 23:51 2007-10-26 19:27 2007-10-26 19:27 2007-10-26 17:26 2007-10-26 17:26 2007-10-25 22:25 2007-10-23 16:55 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-21 23:34 2007-10-21 23:34 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-10-21 23:34 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2007-10-21 23:34 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2007-10-21 23:34 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2007-10-21 00:27 2007-10-20 16:19 2007-10-20 16:15 2007-10-20 16:11 2007-10-20 16:10 2007-10-20 16:09 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-10-20 00:08 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-10-17 14:55 2007-10-17 14:36 2007-10-15 18:26 2007-10-15 18:26 2007-10-15 18:26 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-10-15 18:26 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-10-15 18:26 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-10-15 18:26 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-10-15 17:42 2007-10-15 17:27 2007-10-15 17:27 2007-10-15 17:27 2007-10-15 17:27 2007-10-15 17:27 2007-10-15 17:27 2007-10-15 17:27 2007-10-14 23:51 2007-10-14 19:37 2007-10-14 19:37 2007-10-14 19:16 2007-10-14 19:10 2007-10-14 19:09 2007-10-14 19:09 2007-10-14 19:09 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll 2007-10-14 19:09 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll 2007-10-14 19:09 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll 2007-10-13 23:39 2007-10-13 23:39 214,072 --a------ C:\WINDOWS\system32\CSFTPL32.DLL 2007-10-13 23:39 110,592 --a------ C:\WINDOWS\system32\XDirTree.dll 2007-10-13 23:39 106,496 --a------ C:\WINDOWS\system32\XFileLst.dll 2007-10-13 23:37 2007-10-13 21:31 2007-10-13 20:57 2007-10-13 20:57 2007-10-12 22:20 2007-10-12 22:20 270,848 --a------ C:\WINDOWS\system32\EfTidy.dll 2007-10-12 22:20 196,608 --a------ C:\WINDOWS\system32\swfobjs.dll 2007-10-10 21:06 2007-10-09 18:06 2007-10-09 17:01 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-10-08 16:35 87,824 -ra------ C:\WINDOWS\system32\drivers\w300mgmt.sys 2007-10-08 16:35 85,696 -ra------ C:\WINDOWS\system32\drivers\w300obex.sys 2007-10-08 16:16 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys 2007-10-08 16:16 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys 2007-10-08 16:16 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys 2007-10-08 16:16 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys 2007-10-08 16:16 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys 2007-10-08 16:16 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys 2007-10-08 16:16 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys 2007-10-08 16:02 2007-10-08 15:58 2007-10-08 15:58 2007-10-08 15:57 2007-10-08 15:57 2007-10-08 15:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-10-08 15:55 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-10-07 13:14 2007-10-07 13:11 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-10-07 13:10 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2007-10-07 13:10 121,995 -ra------ C:\WINDOWS\system32\atiicdxx.dat 2007-10-07 13:06 2007-10-07 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-10-06 09:57 2007-10-05 19:06 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-05 15:49 2007-10-04 15:34 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2007-10-04 15:30 2007-10-04 15:30 2007-10-02 23:01 2007-10-02 22:19 2007-10-02 16:11 2007-10-01 21:08 2007-09-30 15:33 358,400 --a–c— C:\WINDOWS\system32\dllcache\snmpincl.dll 2007-09-30 15:33 259,072 --a–c— C:\WINDOWS\system32\dllcache\snmpcl.dll 2007-09-30 15:33 236,544 --a–c— C:\WINDOWS\system32\dllcache\smi2smir.exe 2007-09-30 15:33 188,416 --a–c— C:\WINDOWS\system32\dllcache\snmpsmir.dll 2007-09-30 15:33 40,448 --a–c— C:\WINDOWS\system32\dllcache\snmpthrd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-27 14:10 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\SiteAdvisor 2007-10-27 13:26 --------- d-----w C:\Program Files\VisionGS PE 2007-10-27 13:21 --------- d-----w C:\Program Files\GetRight 2007-10-24 20:37 --------- d-----w C:\Program Files\Tlen.pl 2007-10-21 21:30 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-19 15:23 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-10-12 15:34 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\IE7Pro 2007-10-10 19:17 --------- d-----w C:\Program Files\Winamp 2007-10-07 11:24 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\ATI 2007-10-07 11:00 --------- d-----w C:\Program Files\Driver Cleaner PE 2007-10-04 17:40 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-30 11:52 --------- d-----w C:\Program Files\thriXXX 2007-09-30 11:51 --------- d-----w C:\Program Files\Minefield 2007-09-30 11:50 --------- d-----w C:\Program Files\digiXMAS Article Submitter 2007-09-22 22:33 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\CyberLink 2007-09-22 22:30 --------- d-----w C:\Program Files\CyberLink 2007-09-22 22:19 --------- d-----w C:\Program Files\Common Files\AVSMedia 2007-09-22 22:18 --------- d-----w C:\Program Files\AVSMedia 2007-09-21 09:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-09-19 12:07 94,208 ----a-w C:\WINDOWS\ScUnin.exe 2007-09-19 08:35 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-16 13:36 --------- d-----w C:\Program Files\Cheat Engine 2007-09-15 12:19 --------- d-----w C:\Program Files\IE7Pro 2007-09-13 16:14 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\Tlen.pl 2007-09-12 19:19 --------- d-----w C:\Program Files\hp deskjet 840c series 2007-09-12 19:19 --------- d-----w C:\Program Files\Hewlett-Packard 2007-09-12 18:23 --------- d-----w C:\Program Files\AllSubmitter 2007-09-12 14:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-11 14:43 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\InstallShield 2007-09-10 21:34 --------- d-----w C:\Program Files\MSXML 4.0 2007-09-10 13:47 --------- d-----w C:\Program Files\My-Proxy 2007-09-09 15:49 --------- d-----w C:\Program Files\Common Files\SourceTec 2007-09-09 15:48 --------- d-----w C:\Program Files\SourceTec 2007-09-09 08:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-09-06 13:20 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\Kingston 2007-09-05 19:30 --------- d-----w C:\Program Files\VS Online 2007-09-04 17:15 --------- d-----w C:\Program Files\SpyBlocker Software 2007-09-04 17:06 --------- d-----w C:\Documents and Settings\Test\Dane aplikacji\IE7Pro 2007-09-04 17:00 796,672 ----a-w C:\WINDOWS\GPInstall.exe 2007-09-04 16:51 --------- d-----w C:\Program Files\Ashampoo 2007-09-04 16:46 --------- d-----w C:\Documents and Settings\Test\Dane aplikacji\GetRight 2007-09-04 16:44 --------- d-----w C:\Documents and Settings\Test\Dane aplikacji\ATI 2007-09-04 13:02 --------- d-----w C:\Program Files\Proxy Switcher Standard 2007-09-04 13:02 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\WNR 2007-09-03 21:35 --------- d-----w C:\Program Files\TGTSoft 2007-09-02 20:36 3,532 ----a-w C:\drmHeader.bin 2007-08-28 11:50 --------- d-----w C:\Program Files\Comodo 2007-08-27 16:43 --------- d-----w C:\Documents and Settings\Pobor_\Dane aplikacji\Comodo 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 16:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 16:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 16:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 16:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 16:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll 2007-08-13 16:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 16:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 16:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 16:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 16:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2007-08-10 21:49 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-08-10 21:49 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2007-08-10 21:48 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-08-10 21:48 45,056 ----a-w C:\WINDOWS\system32\ogg.dll 2007-08-10 21:48 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2007-08-10 21:48 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-28 13:51 298,104 ----a-w C:\WINDOWS\system32\imon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-04-26 05:22] “SoundMan”=“SOUNDMAN.EXE” [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-07-28 15:51] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 17:41] “SpySweeper”=“C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” [2007-03-01 19:55] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^D-Link AirPlus.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus.lnk backup=C:\WINDOWS\pss\D-Link AirPlus.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] “C:\Program Files\VS Online\VSOnline.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “C:\Program Files\Winamp\winampa.exe” R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 DCamUSBIntel;USB Video Camera;C:\WINDOWS\system32\Drivers\TP6800.sys R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys S2 AKEProtect;AKEProtect;??\C:\Program Files\Anti Keylogger Elite\AKEProtect.sys S3 AIRPLUS;D-Link AirPlus Wireless Adapter;C:\WINDOWS\system32\DRIVERS\airplus.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command - F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{97c23002-7e8f-11dc-b389-00142abdb0be}] AutoRun\command - I:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{97c23003-7e8f-11dc-b389-00142abdb0be}] AutoRun\command - J:\RunGame.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 16:15:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 16:15:39 . — E O F —