“A&A&R” - 2007-07-16 8:29:47 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 ))))))))))))))))))))))))))))))) 2007-07-16 08:28 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-14 22:23 2007-07-14 12:52 98,304 --a------ C:\WINDOWS\W2BNEUnin.exe 2007-07-14 12:52 19,984 --a------ C:\WINDOWS\W2BNEUnin.dat 2007-07-14 12:51 2007-07-12 13:25 2007-07-12 13:25 2007-07-11 22:21 445 --a------ C:\WINDOWS\EntPack.dat 2007-07-09 16:50 2007-07-05 22:28 2007-07-05 22:28 2007-07-03 18:43 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 18:43 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-01 10:47 2007-07-01 10:34 2007-07-01 10:11 2007-07-01 10:11 2007-07-01 10:11 2007-07-01 10:10 2007-06-30 20:45 2007-06-30 20:44 9,856 --------- C:\WINDOWS\system32\drivers\pfc.sys 2007-06-30 20:44 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2007-06-30 20:44 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2007-06-30 20:44 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2007-06-30 20:44 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2007-06-30 20:44 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2007-06-30 20:44 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2007-06-30 20:44 2007-06-30 20:44 2007-06-30 20:39 73,728 --a------ C:\WINDOWS\system32\VbiCallback.dll 2007-06-30 20:39 2007-06-30 20:35 2007-06-30 20:27 2007-06-30 20:13 2007-06-30 19:58 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-06-30 19:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-06-30 19:08 414,272 -ra------ C:\WINDOWS\system32\DivXc32f.dll 2007-06-30 19:07 412,160 -ra------ C:\WINDOWS\system32\DivXc32.dll 2007-06-30 19:07 19,456 -ra------ C:\WINDOWS\system32\Mp3cnfg.exe 2007-06-30 19:01 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-06-30 19:01 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-06-30 19:01 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-06-30 19:01 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-06-30 19:01 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-06-30 19:01 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-06-30 19:01 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-06-30 19:01 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-06-30 19:01 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-06-30 19:01 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-06-30 19:01 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-06-30 19:01 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-06-30 19:01 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-06-30 19:00 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-06-30 19:00 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-06-30 19:00 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-06-30 19:00 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-06-30 19:00 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-06-30 19:00 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-06-30 18:58 2007-06-30 18:21 2007-06-30 18:10 2007-06-30 18:09 2007-06-30 18:08 2007-06-30 18:07 2007-06-30 18:07 2007-06-30 18:07 2007-06-30 18:00 2007-06-30 17:59 2007-06-30 17:58 2007-06-30 17:58 2007-06-30 17:21 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-06-30 17:20 2007-06-30 17:19 2007-06-30 17:10 1,156 --a------ C:\WINDOWS\mozver.dat 2007-06-30 17:09 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-30 16:59 2007-06-30 16:52 2007-06-30 16:46 2007-06-30 16:25 2007-06-30 16:24 2007-06-30 16:17 2007-06-30 16:14 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE 2007-06-30 16:05 2007-06-30 16:03 2007-06-30 15:58 2007-06-30 15:58 2007-06-30 15:56 2007-06-30 15:24 2007-06-30 15:22 2007-06-30 15:17 2007-06-30 15:16 2007-06-30 15:11 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-06-30 15:11 2007-06-30 15:00 909,824 --------- C:\WINDOWS\system32\qd3d.dll 2007-06-30 15:00 70,656 --------- C:\WINDOWS\system32\3dviewer.dll 2007-06-30 15:00 607,744 --------- C:\WINDOWS\system32\Decslib.dll 2007-06-30 15:00 553,984 --------- C:\WINDOWS\system32\rave.dll 2007-06-30 15:00 39,095 --------- C:\WINDOWS\iccsigs.dat 2007-06-30 15:00 245,760 --------- C:\WINDOWS\system32\Sccomp91.dll 2007-06-30 15:00 225,280 --------- C:\WINDOWS\system32\Scint91.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-11 06:32:24 86,968 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 06:32:24 494,308 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-30 10:03:53 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-06-30 10:03:53 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-06-29 17:26:36 -------- d-----w C:\Program Files\Usługi online 2007-05-16 07:18:44 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-23 14:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] 2007-01-12 01:04 96936 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-02-28 21:00] “CTHelper”=“CTHELPER.EXE” [2003-08-28 10:45 C:\WINDOWS\system32\CTHELPER.EXE] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “Lexmark 5200 series”=“C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe” [2004-03-25 15:35] “FaxCenterServer”=“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” [2004-03-23 15:07] “zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2004-03-18 09:33] “RegDoctor”=“C:\Program Files\RegDoctor\RegDoctor.exe” [2007-05-24 08:51] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-03-14 20:10] “osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-01-14 01:11] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 11:22] “VirtualCloneDrive”=“C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2006-04-29 15:21] “Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-06-14 18:32] “WinDVR SchSvr”=“C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe” [2003-06-06 17:52] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-07-10 09:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-05-15 17:12] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “ChelloInfo”=“C:\Program Files\chelloPL\chelloinfo\chelloinfo.exe” [2007-02-19 22:51] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-07-02 17:10] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 16:57] *Newly Created Service* - COMHOST HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F} “C:\Program Files\Common Files\LightScribe\LSRunOnce.exe” Contents of the ‘Scheduled Tasks’ folder 2007-06-30 15:58:59 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-16 06:16:49 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-07-13 18:44:11 C:\WINDOWS\tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - A&A&R.job 2007-07-09 13:08:23 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job 2007-07-12 22:00:00 C:\WINDOWS\tasks\Symantec Drmc.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-16 08:31:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ha10kx2k] “ImagePath”=“system32\drivers\ha10kx2k.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hap16v2k] “ImagePath”=“System32\drivers\hap16v2k.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e] “ImagePath”="“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc] “ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ] “ServiceDll”="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidusb] “ImagePath”=“system32\DRIVERS\hidusb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] “ImagePath”=“System32\Drivers\HTTP.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter] “ServiceDll”="%SystemRoot%\System32\w3ssl.dll" Completion time: 2007-07-16 8:32:11 — E O F —
daj log z combofix