ComboFix 07-12-19.2 - Michał 2007-12-19 14:15:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.559 [GMT 1:00] Running from: C:\Documents and Settings\Michał\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\MS32DLL.dll.vbs C:\WINDOWS\MS32DLL.dll.vbs C:\WINDOWS\OPTIONS\CABS\_desktop.ini D:\Autorun.inf D:\MS32DLL.dll.vbs E:\Autorun.inf E:\MS32DLL.dll.vbs F:\autorun.inf F:\MS32DLL.dll.vbs I:\autorun.inf I:\MS32DLL.dll.vbs . ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))) . 2007-12-18 22:21 . 2007-12-18 22:21 d-------- C:\Documents and Settings\Michał\Dane aplikacji\ATI 2007-12-18 22:21 . 2007-12-18 22:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI 2007-12-18 22:17 . 2007-12-18 22:19 d-------- C:\Program Files\ATI Technologies 2007-12-18 22:17 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-12-18 22:12 . 2007-12-18 22:12 10 --a------ C:\WINDOWS\WININIT.INI 2007-12-18 18:46 . 2007-12-18 18:46 d-------- C:\Program Files\SystemRequirementsLab 2007-12-18 18:46 . 2007-12-18 18:46 d-------- C:\Documents and Settings\Michał\SystemRequirementsLab 2007-12-18 18:46 . 2007-12-18 18:46 d-------- C:\Documents and Settings\Michał\SystemRequirementsLab 2007-12-18 18:45 . 2007-12-18 18:45 d-------- C:\WINDOWS\Sun 2007-12-18 18:45 . 2007-12-18 18:45 d-------- C:\Program Files\Java 2007-12-18 18:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-18 18:43 . 2007-12-18 18:43 d-------- C:\Program Files\Common Files\Java 2007-12-18 18:18 . 2007-12-19 18:48 d-------- C:\Program Files\mks_vir_2007 2007-12-18 18:18 . 2007-12-18 18:18 270 --a------ C:\WINDOWS\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini 2007-12-18 18:01 . 2007-12-18 18:01 d-------- C:\WINDOWS\Downloaded Installations 2007-12-18 18:01 . 2007-12-18 18:01 d-------- C:\Program Files\Gadu-Gadu 2007-12-18 18:01 . 2007-12-18 18:04 d-------- C:\Program Files\Common Files\Adobe 2007-12-18 17:59 . 2007-12-19 20:24 1,742 --a------ C:\WINDOWS\mozver.dat 2007-12-18 16:25 . 2007-12-18 16:26 d-------- C:\Program Files\DirectX 2007-12-18 11:43 . 2007-12-19 11:48 15 --a------ C:\WINDOWS\popcinfo.dat 2007-12-17 14:34 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-15 23:21 . 2007-12-15 23:21 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Talkback 2007-12-15 23:21 . 2007-12-15 23:21 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-15 21:35 --------- d-----w C:\Program Files\Creative 2007-12-15 21:35 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\Logitech 2007-12-15 21:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-15 21:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-15 21:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\UDL 2007-12-15 21:23 --------- d-----w C:\Program Files\epson 2007-12-15 21:18 --------- d-----w C:\Program Files\SAGEM 2007-12-15 21:17 --------- d-----w C:\Program Files\Logitech 2007-12-15 21:17 --------- d-----w C:\Program Files\Common Files\Logitech 2007-12-15 21:05 15,600 ----a-w C:\WINDOWS\gdrv.sys 2007-12-15 21:05 --------- d-----w C:\Program Files\Realtek 2007-12-15 21:05 --------- d-----w C:\Documents and Settings\Michał\Dane aplikacji\InstallShield 2007-12-15 21:01 --------- d-----w C:\Program Files\Yahoo! 2007-12-15 21:01 --------- d-----w C:\Program Files\Intel 2007-12-15 20:44 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-15 20:43 --------- d-----w C:\Program Files\Usługi online 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-11-02 04:09 268,288 ------w C:\WINDOWS\system32\ati2dvag.dll 2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-11-02 03:50 3,133,728 ------w C:\WINDOWS\system32\ati3duag.dll 2007-11-02 03:39 1,602,176 ------w C:\WINDOWS\system32\ativvaxx.dll 2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-11-02 03:16 499,712 ------w C:\WINDOWS\system32\ati2cqag.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "P17Helper"="Rundll32 P17.dll" [] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "mkstray"="C:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-12-18 19:31] "mks_mail"="C:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06] "MKSRegmon"="C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-15 22:17:49] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="service" R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys [2007-05-24 05:06] R1 mksfwallt;mksfwallt;C:\WINDOWS\system32\mksfwallt.sys [2007-05-24 05:06] R2 MksFwall;MksFwall;"C:\Program Files\mks_vir_2007\bin\MksFwall.exe" [2007-05-24 05:06] R2 MksPC;MksPC;"C:\Program Files\mks_vir_2007\bin\MksPC.exe" [2007-05-24 05:06] R2 MksUpdate;MksUpdate;"C:\Program Files\mks_vir_2007\bin\mksupdate.exe" [2007-05-24 05:06] R3 mksfwallf;mksfwallf;C:\WINDOWS\system32\mksfwallf.sys [2007-05-24 05:06] R3 mksidsf;mksidsf;C:\WINDOWS\system32\mksidsf.sys [2007-05-24 05:06] R3 MksMonEn;MksMonEn;C:\Program Files\mks_vir_2007\bin\MksMonEn.sys [2007-12-18 19:31] R3 MksMonEv;MksMonEv;C:\Program Files\mks_vir_2007\bin\MksMonEv.sys [2007-05-24 05:06] R3 MksMonFd;MksMonFd;C:\Program Files\mks_vir_2007\bin\MksMonFd.sys [2007-05-24 05:06] R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 09:14] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-15 22:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df734bb0-ab54-11dc-b1fa-806d6172696f}] \Shell\AutoRun\command - G:\Autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 14:16:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\mks_vir_2007\bin\mkslsp.dll . Completion time: 2007-12-19 14:17:01 . 2007-12-18 16:28:36 --- E O F ---