ComboFix 07-08-14.4 - “Marcin” 2007-08-17 7:18:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.313 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 ))))))))))))))))))))))))))))))) 2007-08-17 07:16 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-17 06:58 2007-08-17 06:45 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:45 2007-08-17 06:04 2007-08-17 06:04 2007-08-15 23:35 121,856 --a------ C:\WINDOWS\system32\MadCHook.dll 2007-08-07 18:34 2007-08-07 18:29 2007-08-07 18:29 2007-08-07 18:28 2007-08-07 18:28 2007-07-21 15:37 2007-07-20 06:21 2007-07-18 22:07 2007-07-18 22:06 974,848 --a–c— C:\WINDOWS\system32\dllcache\dxdiag.exe 2007-07-18 22:06 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-07-18 22:06 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-07-18 22:06 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-07-18 22:06 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-07-18 22:06 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-07-18 22:06 31,744 --a–c— C:\WINDOWS\system32\dllcache\pid.dll 2007-07-18 22:06 292,864 --a–c— C:\WINDOWS\system32\dllcache\ddraw.dll 2007-07-18 22:06 24,064 --a–c— C:\WINDOWS\system32\dllcache\ddrawex.dll 2007-07-18 22:06 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-07-18 22:06 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-07-18 22:06 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-07-18 22:06 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-07-18 22:06 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-07-18 22:06 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-07-18 22:06 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-07-18 22:06 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-07-18 22:06 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-07-18 22:06 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll 2007-07-18 22:01 77,312 --a------ C:\WINDOWS\system32\gcdef.dll 2007-07-18 22:01 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-07-18 22:01 72,704 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-07-18 22:01 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-07-18 22:01 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-07-18 22:01 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-07-18 22:01 563,200 --a------ C:\WINDOWS\system32\qedit.dll 2007-07-18 22:01 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-07-18 22:01 42,768 --a------ C:\WINDOWS\system32\dpwsock.dll 2007-07-18 22:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-07-18 22:01 386,048 --a------ C:\WINDOWS\system32\qdvd.dll 2007-07-18 22:01 367,616 --a------ C:\WINDOWS\system32\dsound.dll 2007-07-18 22:01 35,328 --a------ C:\WINDOWS\system32\pid.dll 2007-07-18 22:01 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-07-18 22:01 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-07-18 22:01 279,040 --a------ C:\WINDOWS\system32\qdv.dll 2007-07-18 22:01 237,568 --a------ C:\WINDOWS\system32\qasf.dll 2007-07-18 22:01 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-07-18 22:01 192,512 --a------ C:\WINDOWS\system32\qcap.dll 2007-07-18 22:01 19,456 --a------ C:\WINDOWS\system32\dswave.dll 2007-07-18 22:01 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-07-18 22:01 17,408 --a------ C:\WINDOWS\system32\msyuv.dll 2007-07-18 22:01 14,336 --a------ C:\WINDOWS\system32\msdmo.dll 2007-07-18 22:01 1,431,552 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-07-18 22:01 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-07-18 22:01 1,290,752 --a------ C:\WINDOWS\system32\quartz.dll 2007-07-18 22:01 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-07-18 22:01 2007-07-18 22:00 83,456 --a–c— C:\WINDOWS\system32\dllcache\dpvsetup.exe 2007-07-18 22:00 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-07-18 22:00 825,344 --a–c— C:\WINDOWS\system32\dllcache\d3dim700.dll 2007-07-18 22:00 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-07-18 22:00 82,432 --a–c— C:\WINDOWS\system32\dllcache\dmscript.dll 2007-07-18 22:00 82,432 --a------ C:\WINDOWS\system32\dmscript.dll 2007-07-18 22:00 8,192 --a–c— C:\WINDOWS\system32\dllcache\d3d8thk.dll 2007-07-18 22:00 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-07-18 22:00 77,312 --a–c— C:\WINDOWS\system32\dllcache\gcdef.dll 2007-07-18 22:00 733,696 --a–c— C:\WINDOWS\system32\dllcache\qedwipes.dll 2007-07-18 22:00 72,704 --a–c— C:\WINDOWS\system32\dllcache\dsdmoprp.dll 2007-07-18 22:00 70,656 --a–c— C:\WINDOWS\system32\dllcache\amstream.dll 2007-07-18 22:00 70,656 --a------ C:\WINDOWS\system32\amstream.dll 2007-07-18 22:00 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-07-18 22:00 62,464 --a–c— C:\WINDOWS\system32\dllcache\dpnmodem.dll 2007-07-18 22:00 62,464 --a------ C:\WINDOWS\system32\dpnmodem.dll 2007-07-18 22:00 619,008 --a–c— C:\WINDOWS\system32\dllcache\dx7vb.dll 2007-07-18 22:00 61,952 --a–c— C:\WINDOWS\system32\dllcache\dpnwsock.dll 2007-07-18 22:00 61,952 --a------ C:\WINDOWS\system32\dpnwsock.dll 2007-07-18 22:00 61,440 --a–c— C:\WINDOWS\system32\dllcache\dmcompos.dll 2007-07-18 22:00 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-07-18 22:00 60,928 --a–c— C:\WINDOWS\system32\dllcache\dpnhupnp.dll 2007-07-18 22:00 590,336 --a–c— C:\WINDOWS\system32\dllcache\d3dramp.dll 2007-07-18 22:00 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll 2007-07-18 22:00 59,904 --a–c— C:\WINDOWS\system32\dllcache\devenum.dll 2007-07-18 22:00 59,904 --a------ C:\WINDOWS\system32\devenum.dll 2007-07-18 22:00 57,856 --a–c— C:\WINDOWS\system32\dllcache\dpwsockx.dll 2007-07-18 22:00 563,200 --a–c— C:\WINDOWS\system32\dllcache\qedit.dll 2007-07-18 22:00 54,032 --a–c— C:\WINDOWS\system32\dllcache\dpserial.dll 2007-07-18 22:00 54,032 --a------ C:\WINDOWS\system32\dpserial.dll 2007-07-18 22:00 51,200 --a–c— C:\WINDOWS\system32\dllcache\wstdecod.dll 2007-07-18 22:00 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2009-01-08 12:52 --------- d-------- C:\Program Files\FLVPlayer 2007-08-17 07:23 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\foobar2000 2007-08-17 06:51 --------- d-------- C:\Program Files\Neostrada TP 2007-08-16 13:57 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-12 15:36 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\teamspeak2 2007-08-05 11:24 --------- d-------- C:\Program Files\StarCraft Brood War by Monikon 2007-08-04 10:54 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\Skype 2007-07-16 19:12 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.221 Uninstall.exe 2007-07-16 19:12 --------- d-------- C:\Program Files\Radeon Omega Drivers 2007-07-16 19:12 --------- d-------- C:\Program Files\MultiRes 2007-07-16 18:19 --------- d-------- C:\Program Files\Razer 2007-07-16 18:19 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\InstallShield 2007-07-16 18:12 --------- d-------- C:\Program Files\VirtualDJ 2007-07-16 18:12 --------- d-------- C:\Program Files\Passware 2007-07-16 17:44 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe 2007-07-15 20:12 --------- d-------- C:\Program Files\MadOnion.com 2007-07-08 22:34 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-02 13:48 --------- d-------- C:\Program Files\ScannerU 2007-07-01 10:37 --------- d-------- C:\Program Files\Asprate 2007-06-29 18:49 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\Real ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “autoclk”=“autoclk.exe” [] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-23 23:38] “AtiPTA”=“atiptaxx.exe” [2005-11-23 02:05 C:\WINDOWS\system32\atiptaxx.exe] “Dimondback”=“C:\Program Files\Razer\Diamondback\razerhid.exe” [2007-01-18 09:48] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] “Gadu-Gadu”=“E:\Gadu-Gadu\gg.exe” [2007-04-19 17:43] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [] “Steam”=“e:\gry\steam\steam.exe” [2007-07-16 18:24] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2007-04-21 09:33:52] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-08 22:37:39] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-04-20 13:34:45] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] adiras.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE R3 AVMWAN;Sterownik karty AVM NDIS WAN CAPI;C:\WINDOWS\system32\DRIVERS\avmwan.sys R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys R3 fpcibase;Kontroler AVM ISDN-Controller FRITZ!Card PCI;C:\WINDOWS\system32\DRIVERS\fpcibase.sys R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys S1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys S3 NTProcDrv;Process creation detector for NT.;??\D:\Filmy\Silkroad\NtProcDrv.sys Contents of the ‘Scheduled Tasks’ folder 2007-08-13 07:30:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-17 07:26:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … C:\WINDOWS\system32\cmd.exe [3004] 0x814D4590 scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???&7???6~??6~???U?6~??6~???c???C@???s???s???&7?A??s?&7??C@?x???`|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-17 7:28:08 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-17 07:27 — E O F —
