ComboFix 07-12-07.3 - Mirosław 2007-12-07 12:09:10.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.205 [GMT 1:00] Running from: C:\Documents and Settings\Mirosław\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Mirosław\Dane aplikacji\inst.exe . ((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))) . 2007-12-06 21:33 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-12-06 21:33 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-12-06 21:32 . 2007-12-06 21:32 d-------- C:\Program Files\Microsoft ActiveSync 2007-12-06 21:25 . 2007-12-06 21:25 d-------- C:\NoyesDrivers 2007-12-01 15:38 . 2007-12-01 15:40 d-------- C:\Program Files\vanBasco's Karaoke Player 2007-11-28 13:37 . 2007-11-28 13:37 d-------- C:\Documents and Settings\Mirosław\Dane aplikacji\CyberLink 2007-11-28 13:33 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-11-28 13:32 . 2007-11-29 13:58 d-------- C:\Program Files\CyberLink 2007-11-28 10:15 . 2007-11-28 10:16 67 --a------ C:\WINDOWS\DVDRegionFree.INI 2007-11-25 19:05 . 2007-12-01 16:55 d-------- C:\Program Files\NAPI-PROJEKT 2007-11-16 21:41 . 2007-11-16 21:41 d-------- C:\Documents and Settings\Mirosław\Dane aplikacji\Apple Computer 2007-11-16 21:40 . 2007-11-29 13:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-16 21:40 . 2007-11-28 16:18 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-16 21:28 . 2007-11-16 21:29 d-------- C:\Program Files\QuickTime 2007-11-16 21:28 . 2007-11-16 21:28 d-------- C:\Program Files\Apple Software Update 2007-11-16 21:28 . 2007-11-16 21:28 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-11-16 21:28 . 2007-11-16 21:28 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-07 11:28 312,352 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-07 09:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-12-06 21:07 664,040 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-06 21:07 52,104,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-06 21:07 33,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-06 19:17 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\uTorrent 2007-12-05 16:02 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\Skype 2007-12-02 18:32 --------- d-----w C:\Program Files\Winamp Toolbar 2007-12-01 14:16 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\Vso 2007-11-29 12:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-28 12:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-11-19 09:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-11-18 19:06 --------- d-----w C:\Program Files\Pinnacle 2007-11-13 15:31 --------- d-----w C:\Program Files\SubEdit-Player 2007-11-06 11:02 --------- d-----w C:\Program Files\Dziobas Rar Player 2007-11-06 10:56 --------- d-----w C:\Program Files\Common Files\Real 2007-11-06 10:49 --------- d-----w C:\Program Files\Real 2007-11-06 10:48 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-11-06 10:35 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\Media Player Classic 2007-11-06 10:34 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\DivX 2007-11-05 18:35 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-05 11:21 --------- d-----w C:\Program Files\Lavasoft 2007-11-05 11:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-05 11:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2007-11-05 11:10 --------- d-----w C:\Program Files\Trend Micro 2007-11-05 11:09 --------- d-----w C:\Program Files\xp-AntiSpy 2007-11-05 11:05 --------- d-----w C:\Program Files\Codec 2007-10-31 10:45 --------- d-----w C:\Program Files\Winamp 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-23 12:26 --------- d-----w C:\Documents and Settings\Mirosław\Dane aplikacji\Winamp 2007-10-23 10:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-10-17 16:10 --------- d-----w C:\Program Files\Java 2007-10-08 14:34 --------- d-----w C:\Program Files\Skype 2007-10-08 14:34 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-08 14:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-08 12:29 --------- d-----w C:\Program Files\Google 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-08-24 07:56 47,360 ----a-w C:\Documents and Settings\Mirosław\Dane aplikacji\pcouffin.sys 2007-04-15 14:55 81,920 ----a-w C:\Documents and Settings\Mirosław\Dane aplikacji\ezpinst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 10:46] "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [] "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-06-26 16:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 06:51] "PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 23:54] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 18:13] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 05:13] "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-10-16 14:36] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 05:17] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-04-21 14:32] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 05:17] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe] "TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 16:38] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe] "AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 08:40 C:\WINDOWS\AGRSMMSG.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-10-16 14:30 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07cb78c5-70e1-11dc-9bef-000fb0ce57db}] \Shell\AutoRun\command - F:\autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-11-21 22:20:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-07 12:30:08 . --- E O F ---