ComboFix 07-11-19.4 - km 2007-11-26 8:44:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.48.1045.18.841 [GMT 1:00] Running from: C:\Documents and Settings\km\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\a.exe . ((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))) . 2007-11-25 21:44 68,648 -r-hs---- C:\WINDOWS\system32\mmdmm.exe 2007-11-25 20:26 401,920 -r-hsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe 2007-11-25 20:25 0 -ra------ C:\WINDOWS\system32\TFTP3996 2007-11-25 20:23 388,608 -r-hs---- C:\WINDOWS\system\msnrav.exe 2007-11-25 20:23 54,784 ---hs---- C:\WINDOWS\system32\mdm.exe 2007-11-25 20:18 69 --a------ C:\WINDOWS\system32\i 2007-11-25 18:58 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-11-25 18:58 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-11-25 18:58 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-11-25 18:58 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-11-25 18:58 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-11-25 18:58 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-11-25 18:58 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-11-25 18:06 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-25 18:06 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-25 18:06 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-25 18:06 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-25 18:05 d-------- C:\Program Files\Spyware Doctor 2007-11-25 18:05 d-------- C:\Documents and Settings\km\Dane aplikacji\PC Tools 2007-11-25 18:05 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-25 17:30 d-------- C:\Program Files\Trend Micro 2007-11-24 08:14 163 --a------ C:\Documents and Settings\km\msn32.exe 2007-11-21 16:53 d---s---- C:\Documents and Settings\km\UserData 2007-11-20 21:43 d-------- C:\Program Files\Dachshund Software 2007-11-20 21:39 d-------- C:\Program Files\Advanced System Optimizer 2007-11-20 21:39 d-------- C:\Documents and Settings\km\Dane aplikacji\Systweak 2007-11-20 20:04 d-------- C:\Program Files\RegSort v1.1.5 2007-11-20 19:32 68,648 --a------ C:\WINDOWS\system32\msv.exe 2007-11-20 17:43 d-------- C:\Documents and Settings\km\Dane aplikacji\Microsoft Web Folders 2007-11-20 10:57 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2007-11-20 10:57 426,038 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll 2007-11-20 10:57 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-20 10:57 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-20 10:57 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-20 10:57 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll 2007-11-20 10:57 75,776 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-20 10:57 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-20 10:57 62,464 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-20 10:57 32,836 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-20 10:57 25,088 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll 2007-11-20 10:57 24,576 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime 2007-11-20 10:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe 2007-11-20 10:57 13,192 --a--c--- C:\WINDOWS\system32\dllcache\tdasync.sys 2007-11-20 10:57 4,096 --a--c--- C:\WINDOWS\system32\dllcache\rpcref.dll 2007-11-20 10:56 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll 2007-11-20 10:55 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2007-11-20 10:54 240,640 --a--c--- C:\WINDOWS\system32\dllcache\httpext.dll 2007-11-20 10:54 76,288 --a--c--- C:\WINDOWS\system32\dllcache\dayi.ime 2007-11-20 10:54 54,784 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll 2007-11-20 10:54 39,424 --a--c--- C:\WINDOWS\system32\dllcache\davcdata.exe 2007-11-20 10:54 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-20 10:54 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-20 10:54 14,848 --a--c--- C:\WINDOWS\system32\dllcache\flattemp.exe 2007-11-20 10:54 13,312 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll 2007-11-20 10:54 7,680 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll 2007-11-20 10:54 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll 2007-11-20 10:53 94,208 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-20 10:53 59,392 --a--c--- C:\WINDOWS\system32\dllcache\iisext51.dll 2007-11-20 10:53 32,827 --a--c--- C:\WINDOWS\system32\dllcache\tcptest.exe 2007-11-20 10:53 27,136 --a--c--- C:\WINDOWS\system32\dllcache\admexs.dll 2007-11-20 10:53 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll 2007-11-20 10:50 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-20 10:50 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2007-11-20 10:50 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2007-11-20 10:50 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2007-11-20 10:50 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-20 10:16 31,161 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-20 10:16 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-20 10:16 13,923 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-20 10:16 13,497 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-20 10:16 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-20 10:16 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-19 20:15 0 --a------ C:\WINDOWS\system32\upds.Vexe 2007-11-19 18:58 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-11-19 18:57 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-11-19 18:56 763,990 --a------ C:\WINDOWS\system32\PerfStringBackup.INI 2007-11-19 18:56 605,050 --a--c--- C:\WINDOWS\system32\dllcache\r1033tts.lxa 2007-11-19 18:56 176,157 --a--c--- C:\WINDOWS\system32\dllcache\dgrpsetu.dll 2007-11-19 18:56 103,424 --a--c--- C:\WINDOWS\system32\dllcache\eqnclass.dll 2007-11-19 18:56 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-11-19 18:56 70,096 --a--c--- C:\WINDOWS\system32\dllcache\avicap.dll 2007-11-19 18:56 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-11-19 18:56 19,968 --a--c--- C:\WINDOWS\system32\dllcache\agt040e.dll 2007-11-19 18:56 13,600 --a--c--- C:\WINDOWS\system32\dllcache\wfwnet.drv 2007-11-19 18:56 13,600 --a------ C:\WINDOWS\system\WFWNET.DRV 2007-11-19 18:56 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys 2007-11-19 18:56 4,096 --a------ C:\WINDOWS\system\TIMER.DRV 2007-11-19 18:56 3,360 --a------ C:\WINDOWS\system\SYSTEM.DRV 2007-11-19 18:56 2,176 --a--c--- C:\WINDOWS\system32\dllcache\vga.drv 2007-11-19 18:56 2,176 --a------ C:\WINDOWS\system\VGA.DRV 2007-11-19 18:56 2,032 --a--c--- C:\WINDOWS\system32\dllcache\mouse.drv 2007-11-19 18:56 2,032 --a------ C:\WINDOWS\system\MOUSE.DRV 2007-11-19 18:56 2,000 --a--c--- C:\WINDOWS\system32\dllcache\keyboard.drv 2007-11-19 18:56 2,000 --a------ C:\WINDOWS\system\KEYBOARD.DRV 2007-11-19 18:56 1,744 --a--c--- C:\WINDOWS\system32\dllcache\sound.drv 2007-11-19 18:56 1,744 --a------ C:\WINDOWS\system\SOUND.DRV 2007-11-19 18:55 d-------- C:\WINDOWS\system32\CatRoot2 2007-11-19 18:55 d-------- C:\WINDOWS\system32\CatRoot 2007-11-19 18:55 dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2007-11-19 18:55 d-------- C:\Documents and Settings\Default User\Ulubione . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-20 16:43 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-19 18:52 --------- d-----w C:\Documents and Settings\km\Dane aplikacji\Gadu-Gadu 2007-11-19 18:51 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-19 18:48 --------- d-----w C:\Program Files\ffdshow 2007-11-19 18:21 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-11-19 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-19 18:21 --------- d-----w C:\Program Files\SAGEM 2007-11-19 18:18 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-19 18:18 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-19 18:18 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-19 18:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-19 18:13 --------- d-----w C:\Program Files\C-Media 3D Audio 2007-11-19 18:11 --------- d-----w C:\Program Files\Intel 2007-11-19 18:01 --------- d-----w C:\Program Files\Usługi online 2007-10-17 23:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys 2007-10-04 19:39 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14] "NvMediaCenter"="RUNDLL32.exe" [2001-10-26 18:30 C:\WINDOWS\system32\rundll32.exe] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "wind32dll"="win32dll.exe" [] "Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [2007-11-25 20:23] "Microsoft Windows Driver"="c:\ntlds" [2007-11-20 11:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "NvCplDaemon"="RUNDLL32.exe" [2001-10-26 18:30 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-19 19:18] "wind32dll"="win32dll.exe" [] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [2007-11-25 20:23] "mmsass"="msv.exe" [2007-11-22 08:30 C:\WINDOWS\system32\msv.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "wind32dll"="win32dll.exe" [] "mmsass"="msv.exe" [2007-11-22 08:30 C:\WINDOWS\system32\msv.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29] "NvMediaCenter"="RUNDLL32.exe" [2001-10-26 18:30 C:\WINDOWS\system32\rundll32.exe] "Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [2007-11-25 20:23] "wind32dll"="win32dll.exe" [] "WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [] "Office Monitor Word Exel R"="C:\WINDOWS\System32\u.exe" [] "Microsoft Windows Driver"="c:\ntlds" [2007-11-20 11:01] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices] "WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-19 19:21:44] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" R2 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 08:46:14 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-26 8:47:09 . --- E O F ---