ComboFix 08-01-04.1 - Pentium 2008-01-06 11:34:14.4 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1282 [GMT 1:00] Running from: C:\Documents and Settings\Pentium\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-05 16:19 . 2008-01-05 18:46 d-------- C:\Program Files\XoftSpy 2008-01-05 09:09 . 2008-01-05 09:18 3,518 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-04 22:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 22:07 . 2008-01-04 22:07 d-------- C:\Program Files\Trend Micro 2008-01-04 21:12 . 2008-01-04 21:12 164 --a------ C:\install.dat 2008-01-04 16:40 . 2008-01-04 16:52 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-01-04 16:40 . 2008-01-04 16:52 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-01-04 16:39 . 2008-01-04 16:39 d-------- C:\Program Files\Kaspersky Lab 2008-01-04 16:39 . 2008-01-06 11:12 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-01-04 16:39 . 2008-01-06 11:28 7,601,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-04 16:39 . 2008-01-05 22:30 102,404 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-04 16:39 . 2008-01-06 11:06 39,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-04 16:39 . 2008-01-05 22:30 4,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-04 16:37 . 2008-01-04 16:37 d-------- C:\KAV 2008-01-02 17:56 . 2008-01-02 17:56 d-------- C:\Program Files\iTunes 2008-01-02 17:56 . 2008-01-02 17:56 d-------- C:\Program Files\iPod 2008-01-02 17:56 . 2008-01-02 17:56 d-------- C:\Documents and Settings\Pentium\Dane aplikacji\Apple Computer 2008-01-02 17:55 . 2008-01-02 17:55 d-------- C:\Program Files\Common Files\Apple 2007-12-27 13:33 . 2008-01-06 10:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-27 13:33 . 2007-12-27 13:33 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-27 13:32 . 2007-12-27 13:33 d-------- C:\Program Files\QuickTime 2007-12-27 13:32 . 2007-12-27 13:32 d-------- C:\Program Files\Apple Software Update 2007-12-27 13:32 . 2008-01-02 17:56 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-12-27 13:32 . 2007-12-27 13:32 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-12-15 17:14 . 2007-12-15 17:18 d-------- C:\Program Files\MTA San Andreas 2007-12-15 16:14 . 2007-12-15 16:14 d-------- C:\Program Files\Rockstar Games 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 09:59 --------- d-----w C:\Program Files\eMule 2008-01-05 21:12 --------- d-----w C:\Program Files\Google 2008-01-05 19:53 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-22 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-18 20:11 --------- d-----w C:\Program Files\Tlen.pl 2007-12-18 16:33 --------- d-----w C:\Program Files\Valve 2007-12-15 09:19 --------- d-----w C:\Program Files\sXe Injected 2007-12-13 18:20 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\Ahead 2007-12-02 08:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe 2007-12-02 08:45 --------- d-----w C:\Program Files\Common Files\LightScribe 2007-12-02 08:43 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-02 08:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-12-02 08:41 --------- d-----w C:\Program Files\Nero 2007-12-02 08:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-12-02 08:39 --------- d-----w C:\Program Files\CyberLink 2007-12-02 08:38 --------- d-----w C:\Program Files\Ahead 2007-11-19 15:54 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\dvdcss 2007-11-18 14:16 --------- d-----w C:\Program Files\Codemasters 2007-11-18 14:12 --------- d-----w C:\Program Files\EA GAMES 2007-11-18 13:36 --------- d-----w C:\Program Files\RACE 07 Offline 2007-11-18 13:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-17 11:56 --------- d-----w C:\Program Files\DivX 2007-11-17 11:47 --------- d-----w C:\Program Files\Yahoo! 2007-11-17 11:46 --------- d-----w C:\Program Files\Bradbury 2007-11-16 21:17 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\Tlen.pl 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TransparentTaskBar"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 13:20 81920] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-11-07 15:33 6234624] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-23 16:19 180269] "NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 20:50 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-03-02 13:00 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bklgvsf"= {7C60EC65-01BA-4FD0-B1A2-DB1BF4A6721F} - C:\WINDOWS\bklgvsf.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=???,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyBoard] 2003-09-19 16:26 49152 --a------ C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2004-09-28 20:26 32881 --a------ C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2007-11-25 00:39] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 04:26] S3 SF-620;SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys [2004-08-12 03:18] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-01-02 16:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 11:39:17 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 11:40:07 ComboFix-quarantined-files.txt 2008-01-06 10:39:58 ComboFix2.txt 2008-01-05 21:20:05 . 2007-12-12 19:34:51 --- E O F ---