ComboFix 08-02-14.2 - PC 2008-02-14 17:57:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.596 [GMT 1:00] Running from: C:\Documents and Settings\PC\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))) . 2008-02-13 20:57 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-02-13 20:57 . 2004-08-03 22:31 20,992 --a–c— C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-02-13 20:44 . 2008-02-14 16:36 29,808 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-00000005-00001102-00000002-80641102}.rfx 2008-02-13 20:44 . 2008-02-14 16:36 29,808 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-00000005-00001102-00000002-80641102}.rfx 2008-02-13 20:44 . 2008-02-14 16:36 17,500 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-00000005-00001102-00000002-80641102}.rfx 2008-02-13 20:44 . 2008-02-14 16:36 17,500 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-00000005-00001102-00000002-80641102}.rfx 2008-02-13 20:44 . 2008-02-14 16:36 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-02-13 20:44 . 2008-02-14 16:36 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-02-13 20:44 . 2008-02-14 16:36 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000005-00001102-00000002-80641102}.dat 2008-02-13 20:44 . 2008-02-14 16:36 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000005-00001102-00000002-80641102}.dat 2008-02-13 20:37 . 2008-02-13 20:37 2008-02-13 20:37 . 2008-02-13 20:55 4,755,026 --a------ C:\WINDOWS{00000000-00000000-00000005-00001102-00000002-80641102}.CDF 2008-02-13 20:37 . 2008-02-13 20:55 4,755,026 --a------ C:\WINDOWS{00000000-00000000-00000005-00001102-00000002-80641102}.BAK 2008-02-13 20:30 . 2008-02-13 20:30 2008-02-13 20:29 . 2008-02-13 20:29 2008-02-13 20:29 . 2000-03-03 01:54 217,088 --------- C:\WINDOWS\system32\CTPlay.CRL 2008-02-13 20:29 . 1999-10-07 02:00 55,808 --------- C:\WINDOWS\system32\CTMp3.crl 2008-02-13 20:29 . 2000-07-19 02:00 24,576 --------- C:\WINDOWS\system32\RcMan.cpl 2008-02-13 20:29 . 1998-07-09 01:00 0 --a------ C:\WINDOWS\system32\CTDetect.gid 2008-02-13 20:29 . 1998-07-09 01:00 0 --a------ C:\WINDOWS\system32\CTDetect.fts 2008-02-13 20:29 . 1998-07-09 01:00 0 --a------ C:\WINDOWS\system32\CTDetect.ftg 2008-02-13 20:27 . 2008-02-13 20:29 2008-02-13 20:27 . 1999-10-11 02:01 41,984 --------- C:\WINDOWS\CTRegRun.exe 2008-02-13 20:27 . 1999-12-17 02:00 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS 2008-02-13 20:27 . 2001-08-17 20:19 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys 2008-02-13 20:27 . 2001-08-17 20:19 3,712 --a–c— C:\WINDOWS\system32\dllcache\ctljystk.sys 2008-02-13 19:42 . 2008-02-13 19:42 2008-02-13 02:15 . 2008-02-13 02:15 2008-02-13 01:28 . 2008-02-13 01:28 2008-02-12 23:50 . 2008-02-12 23:50 147 --a------ C:\WINDOWS\RtlRack.ini 2008-02-10 22:33 . 2008-02-13 20:41 2008-02-10 01:21 . 2008-02-10 01:21 2008-02-09 19:04 . 2008-02-09 19:04 2008-02-09 19:04 . 2008-02-09 19:04 2008-02-09 19:04 . 2008-02-09 19:04 2008-02-09 18:56 . 2008-02-09 18:56 2008-02-09 18:54 . 2008-02-09 18:54 2008-02-09 18:54 . 2008-02-09 18:54 2008-02-09 18:52 . 2008-02-09 18:52 2008-02-09 18:52 . 2008-02-09 18:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 18:52 . 2008-02-09 18:52 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-09 18:51 . 2008-02-09 18:51 2008-02-09 18:51 . 2008-02-09 18:51 2008-02-09 00:42 . 2008-02-09 00:50 2008-02-09 00:39 . 2008-02-09 00:39 2008-02-08 13:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-08 13:02 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-08 13:01 . 2008-02-08 13:01 2008-02-08 13:01 . 2003-02-28 07:00 100,352 --a------ C:\WINDOWS\system32\CNMLM53.DLL 2008-02-08 13:01 . 2003-02-14 17:01 73,728 -ra------ C:\WINDOWS\system32\CNMCP53.exe 2008-02-08 13:01 . 2003-02-28 07:00 5,632 --a------ C:\WINDOWS\system32\CNMVS53.DLL 2008-02-06 15:15 . 2008-02-07 01:31 2008-02-03 21:56 . 2008-02-03 21:56 2008-02-03 21:56 . 2008-02-06 00:17 2008-02-03 21:56 . 2008-02-03 21:56 2008-02-03 21:55 . 2008-02-03 21:56 2008-02-03 21:55 . 2008-02-03 21:55 2008-02-03 21:55 . 2008-02-13 02:14 2008-02-03 21:55 . 2008-02-03 21:55 2008-02-03 21:55 . 2008-02-13 02:14 2008-02-03 21:55 . 2008-02-03 22:12 2008-02-03 21:55 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-02-03 21:55 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-02-03 21:55 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-02-03 21:55 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-02-03 21:55 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-02-03 21:55 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-02-03 21:54 . 2008-02-13 02:13 2008-02-03 00:19 . 2008-02-03 00:21 2008-02-03 00:19 . 2008-02-03 00:20 2008-02-01 01:45 . 2008-02-01 01:45 8,192 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-01 01:45 . 2008-02-01 01:45 5,632 --ahs---- C:\Thumbs.db 2008-02-01 01:42 . 2008-02-01 01:42 29,677 --a------ C:\1170255867fuq1fa2.jpg 2008-01-31 03:35 . 2008-01-31 03:35 6,620 --a------ C:\2008-isniff.rar 2008-01-31 03:16 . 2008-01-31 03:16 747,283 --a------ C:\pis.rar 2008-01-31 03:15 . 2008-01-31 03:16 2008-01-30 23:58 . 2008-01-30 23:58 2008-01-29 02:04 . 2008-01-29 02:04 2008-01-29 02:03 . 2008-01-29 02:03 2008-01-29 02:01 . 2008-01-29 02:01 2008-01-27 15:42 . 2008-01-27 15:42 978 --a------ C:\WINDOWS\EnglishTranslator.INI 2008-01-27 10:12 . 2008-01-27 10:13 2008-01-27 07:44 . 2008-01-27 07:44 2008-01-27 07:41 . 2008-01-27 07:41 2008-01-27 07:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-27 07:39 . 2008-01-27 07:39 2008-01-27 01:28 . 2008-01-27 01:28 2008-01-27 00:53 . 2008-01-31 00:02 2008-01-27 00:52 . 2008-01-31 19:20 2008-01-27 00:41 . 2008-01-27 00:41 2008-01-24 18:59 . 2008-01-24 18:59 2008-01-24 18:59 . 2008-01-24 19:20 2008-01-24 16:59 . 2008-01-31 16:38 2008-01-23 23:13 . 2008-01-23 23:13 2008-01-23 23:13 . 2008-01-23 23:13 2008-01-23 23:13 . 1999-05-19 09:52 149,504 --a------ C:\WINDOWS\system32\CSEDV.DLL 2008-01-23 23:13 . 1999-05-05 19:36 93,696 --a------ C:\WINDOWS\system32\CSCCDVC.DLL 2008-01-23 23:13 . 1998-10-22 21:41 32,256 --a------ C:\WINDOWS\system32\CDVCCODC.DLL 2008-01-23 23:13 . 1999-04-27 23:09 30,208 --a------ C:\WINDOWS\system32\DECCDVC.DLL 2008-01-23 20:20 . 2008-01-23 20:24 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 15:00 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\HLSW 2008-02-14 14:20 --------- d-----w C:\Program Files\Winamp 2008-02-13 19:30 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-02-11 17:51 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\mIRC 2008-02-11 17:49 --------- d-----w C:\Program Files\mIRC 2008-02-09 18:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-07 21:12 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-05 15:09 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-01-31 19:51 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-01-31 15:30 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Skype 2008-01-31 15:27 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\skypePM 2008-01-27 01:57 --------- d-----w C:\Program Files\BitComet 2008-01-08 16:13 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-08 16:11 --------- d-----w C:\Program Files\Skype 2008-01-08 16:11 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-08 16:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-01-08 15:43 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\ATI 2008-01-08 15:41 --------- d-----w C:\Program Files\ATI Technologies 2008-01-08 15:11 --------- d-----w C:\Program Files\Valve 2008-01-08 13:49 --------- d-----w C:\Program Files\totalcmd 2008-01-08 10:27 --------- d-----w C:\Program Files\Techland 2008-01-07 18:44 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Winamp 2008-01-07 18:15 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-01-07 18:14 --------- d-----w C:\Program Files\Macromedia 2008-01-07 18:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-07 03:26 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Thunderbird 2008-01-07 01:24 --------- d-----w C:\Program Files\Thomson 2008-01-07 01:10 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Gadu-Gadu 2008-01-07 01:09 --------- d-s—w C:\Program Files\HLSW 2008-01-07 01:05 --------- d-----w C:\Program Files\BearShare Pro 2008-01-07 01:04 --------- d-----w C:\Program Files\Perl 2008-01-07 01:04 --------- d-----w C:\Program Files\MarBit 2008-01-07 01:00 --------- d-----w C:\Program Files\Razer 2008-01-07 01:00 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\InstallShield 2008-01-07 00:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-07 00:58 --------- d-----w C:\Program Files\Microsoft Works 2008-01-07 00:56 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-07 00:53 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\DAEMON Tools 2008-01-07 00:48 --------- d-----w C:\Program Files\AvRack 2008-01-07 00:48 --------- d-----w C:\Program Files\Avance Sound Manager 2008-01-07 00:47 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-07 00:45 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-06 23:39 558,142 ----a-w C:\WINDOWS\java\Packages\C2N3JDZ9.ZIP 2008-01-06 23:39 155,995 ----a-w C:\WINDOWS\java\Packages\P331FTVN.ZIP 2008-01-06 23:39 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-06 23:35 --------- d-----w C:\Program Files\Usługi online 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Copperhead”=“C:\Program Files\Razer\Copperhead\razerhid.exe” [2005-11-25 10:53 155648] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336] [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^PC^Menu Start^Programy^Autostart^ctfmon.exe] path=C:\Documents and Settings\PC\Menu Start\Programy\Autostart\ctfmon.exe backup=C:\WINDOWS\pss\ctfmon.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2007-12-29 13:05 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter] --a------ 2002-01-31 01:40 122880 C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2002-08-15 05:46 46592 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-01-08 16:13 1266936 c:\program files\valve\steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-09 19:04 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] --a------ 2002-02-07 19:01 40960 C:\WINDOWS\system32\CTHELPER.EXE R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34] R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54] S3 ddsxeiservice;ddsxeiservice2;D:\Gry\sXe Injected\ddsxei.sys [2007-11-25 00:39] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 21:22] S4 CSNetManagerXp;CSNetManagerXp;“C:\WINDOWS\system32\isass.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{688d276a-be04-11dc-9c29-000e50d4ecfc}] \Shell\AutoRun\command - J:\USBNB.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 17:59:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-14 17:59:57 ComboFix-quarantined-files.txt 2008-02-14 16:59:49 . 2008-02-13 18:42:11 — E O F —