ComboFix 07-11-08.1 - Krzysiek 2007-11-09 15:13:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.488 [GMT 1:00] Running from: D:\instalki\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))) . 2007-11-09 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 15:05 2007-11-09 13:16 2007-11-09 13:16 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-09 13:16 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-11-09 13:08 2007-11-09 11:48 2007-11-08 19:28 2007-11-08 18:47 2007-11-08 18:03 2007-11-08 18:03 2007-11-08 18:02 2007-11-08 17:52 2007-11-08 17:52 2007-11-08 17:51 2007-11-08 17:50 2007-11-08 17:49 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-11-08 17:49 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-11-08 17:49 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-11-08 17:48 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-08 17:48 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-08 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-08 17:45 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-08 17:45 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-08 17:45 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-08 17:45 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-08 17:45 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-08 17:45 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-08 17:44 2007-11-08 17:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-08 17:44 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-08 17:44 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-08 17:44 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-08 17:42 2007-11-08 17:42 113,547 --a------ C:\WINDOWS\hpoins07.dat 2007-11-08 17:42 21,124 --------- C:\WINDOWS\hpomdl07.dat 2007-11-08 15:46 2007-11-08 15:46 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-11-08 15:44 2007-11-08 15:44 2007-11-08 15:43 2007-11-08 14:13 2007-11-08 13:05 2007-11-08 13:05 2007-11-08 13:04 2007-11-08 13:02 810 --a------ C:\WINDOWS\unins000.dat 2007-11-08 11:41 2007-11-08 11:41 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll 2007-11-08 11:41 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL 2007-11-08 11:41 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe 2007-11-08 11:39 2007-11-08 11:39 2007-11-08 11:39 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-11-08 11:39 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-11-08 11:39 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-11-08 11:39 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-11-08 11:39 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-11-08 11:39 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-08 11:39 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-11-08 10:57 2007-11-08 10:36 2007-11-08 10:06 2007-11-08 10:06 2007-11-08 10:06 2007-11-08 10:06 2007-11-08 10:06 2007-11-08 10:06 2007-11-08 09:57 2007-11-08 09:53 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-08 09:53 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-08 09:53 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-08 09:53 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-08 09:53 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-08 09:53 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-08 09:53 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-08 09:53 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-08 09:41 2007-11-08 09:41 2007-11-08 09:41 2007-11-08 09:41 2007-11-08 09:14 2007-11-08 08:13 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-11-08 08:13 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-11-08 07:36 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-11-08 07:35 2007-11-08 07:35 156,160 --a------ C:\WINDOWS\system32\unrar3.dll 2007-11-07 20:08 2007-11-07 19:45 2007-11-07 19:45 2007-11-07 18:07 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-07 17:25 2007-11-07 17:25 2007-11-07 17:24 2007-11-07 17:21 315,392 --a------ C:\WINDOWS\HideWin.exe 2007-11-07 17:21 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-11-07 17:19 2007-11-07 17:19 2007-11-07 17:19 53,248 --a------ C:\WINDOWS\system32\CSVer.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-08 11:50 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-08 10:41 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-08 10:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 16:21 --------- d-----w C:\Program Files\Realtek 2007-11-07 15:44 --------- d-----w C:\Program Files\Tlen.pl 2007-11-07 15:44 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\Tlen.pl 2007-11-07 15:01 --------- d-----w C:\Program Files\mks_vir_2007 2007-11-07 14:49 6,144 ----a-w C:\WINDOWS\system32\mksidsa.sys 2007-11-07 14:49 15,360 ----a-w C:\WINDOWS\system32\mksfwallt.sys 2007-11-07 14:49 11,776 ----a-w C:\WINDOWS\system32\mksidsf.sys 2007-11-07 14:48 13,312 ----a-w C:\WINDOWS\system32\mksfwallf.sys 2007-11-07 14:45 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\MksVir2007 2007-11-07 14:35 --------- d-----w C:\Program Files\Intel 2007-11-07 14:29 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 14:28 --------- d-----w C:\Program Files\Usługi online 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-16 17:38 4,615,168 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-10-16 17:30 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-11 10:04 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe 2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-10-04 17:14] “nwiz”=“nwiz.exe” [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-10-04 17:14] “mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-11-07 15:49] “mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [2007-11-07 15:49] “MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [2007-11-07 15:49] “RTHDCPL”=“RTHDCPL.EXE” [2007-10-16 18:30 C:\WINDOWS\RTHDCPL.exe] “SiteAdvisor”=“C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [2007-08-13 19:05] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2006-03-02 13:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @=“service” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 mksfwallf;mksfwallf;??\C:\WINDOWS\system32\mksfwallf.sys R1 mksfwallt;mksfwallt;??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;“C:\Program Files\mks_vir_2007\bin\MksFwall.exe” R2 MksPC;MksPC;“C:\Program Files\mks_vir_2007\bin\MksPC.exe” R2 MksUpdate;MksUpdate;“C:\Program Files\mks_vir_2007\bin\mksupdate.exe” R3 mksidsf;mksidsf;??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-09 15:14:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-09 15:15:02 . — E O F —