ComboFix 08-01-04.1 - barmar 2008-01-07 17:07:09.2 - NTFSx86 Running from: C:\Documents and Settings\barmar\Pulpit\combo\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-06 20:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 14:33 . 2008-01-06 14:33 d-------- C:\Documents and Settings\barmar\Dane aplikacji\MfcEmbed 2008-01-06 14:29 . 2008-01-06 14:29 d-------- C:\Program Files\ActiveVir 2008-01-06 14:29 . 2008-01-06 14:33 d-------- C:\Documents and Settings\barmar\Dane aplikacji\.clamwin 2008-01-06 14:29 . 2008-01-06 14:29 d-------- C:\Documents and Settings\All Users\.clamwin 2008-01-06 12:54 . 2008-01-06 12:54 d-------- C:\Program Files\Trend Micro 2008-01-06 12:53 . 2008-01-06 12:53 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-06 12:53 . 2008-01-06 12:53 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-01-05 18:24 . 2008-01-05 18:24 d-------- C:\WINDOWS\Sun 2008-01-05 18:21 . 2008-01-05 18:21 d-------- C:\Program Files\Java 2008-01-05 18:21 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-05 18:15 . 2008-01-05 18:15 d-------- C:\Program Files\Common Files\Java 2008-01-05 18:14 . 2008-01-05 18:18 671 --a------ C:\WINDOWS\mozver.dat 2008-01-05 18:13 . 2008-01-05 18:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-05 18:05 . 2008-01-05 18:05 d-------- C:\WINDOWS\system32\LogFiles 2008-01-05 18:05 . 2008-01-05 18:36 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-01-05 18:05 . 2008-01-05 18:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-01-05 18:05 . 2008-01-05 18:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-05 15:41 . 2008-01-05 15:41 d-------- C:\WINDOWS\system32\quicktime 2008-01-05 15:41 . 2008-01-05 15:41 d-------- C:\Program Files\NimoCodec Pack 2008-01-05 15:41 . 2008-01-05 15:41 d-------- C:\Program Files\DivX 2008-01-05 13:19 . 2008-01-05 13:19 d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 2008-01-05 13:19 . 2008-01-06 12:21 d-------- C:\Documents and Settings\barmar\Dane aplikacji\AVG7 2008-01-05 13:19 . 2008-01-05 13:19 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-01-05 13:15 . 2008-01-05 13:38 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avg7 2008-01-04 22:00 . 2008-01-04 22:00 d-------- C:\Program Files\SereneScreen 2008-01-04 21:57 . 2008-01-04 21:57 d-------- C:\Program Files\Google 2008-01-04 21:56 . 2008-01-04 21:56 d-------- C:\Program Files\IrfanView 2008-01-04 20:39 . 2008-01-05 19:00 d-------- C:\Program Files\Call of Duty 2008-01-04 20:38 . 2008-01-04 20:52 745 --a------ C:\WINDOWS\CoD.INI 2008-01-03 20:35 . 2008-01-03 20:35 d-------- C:\Program Files\Ashampoo 2008-01-03 20:35 . 2008-01-03 20:35 d-------- C:\Documents and Settings\barmar\Dane aplikacji\Ashampoo 2008-01-03 20:35 . 2008-01-03 20:35 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2008-01-03 20:32 . 2008-01-03 20:32 d-------- C:\WINDOWS\aod 2008-01-03 20:32 . 2008-01-03 20:34 d-------- C:\Program Files\Winamp3 2008-01-03 20:32 . 2008-01-03 20:32 50 --a------ C:\WINDOWS\Winamp.ini 2008-01-03 20:32 . 2008-01-03 20:32 41 --a------ C:\WINDOWS\winampa.ini 2008-01-03 20:31 . 2008-01-03 20:31 d-------- C:\Program Files\MarBit 2008-01-03 20:27 . 2008-01-03 20:27 d-------- C:\Program Files\Gadu-Gadu 2008-01-03 20:27 . 2008-01-03 20:30 d-------- C:\Documents and Settings\barmar\Gadu-Gadu 2008-01-03 20:14 . 2008-01-03 20:14 d---s---- C:\Documents and Settings\barmar\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 13:33 --------- d-----w C:\Documents and Settings\barmar\Dane aplikacji\.clamwin 2008-01-06 13:31 --------- d-----w C:\Documents and Settings\barmar\Dane aplikacji\Skype 2008-01-06 12:09 --------- d-----w C:\Documents and Settings\barmar\Dane aplikacji\skypePM 2008-01-03 19:32 810 ----a-w C:\Program Files\INSTALL.LOG 2008-01-03 18:09 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-01-03 18:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-01-03 18:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-03 18:07 --------- d-----w C:\Documents and Settings\barmar\Dane aplikacji\InterTrust 2008-01-03 18:06 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-03 17:54 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-03 17:53 --------- d-----w C:\Program Files\Skype 2008-01-03 17:53 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-03 17:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-01-03 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-03 17:51 --------- d-----w C:\Program Files\Intel 2008-01-03 17:50 --------- d-----w C:\Program Files\Broadcom 2008-01-03 17:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf 2008-01-03 17:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2008-01-03 17:45 --------- d-----w C:\Program Files\Synaptics 2008-01-03 17:41 --------- d-----w C:\Program Files\CONEXANT 2008-01-03 17:39 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-03 17:39 --------- d-----w C:\Program Files\Realtek 2008-01-03 17:39 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-03 17:39 --------- d-----w C:\Documents and Settings\barmar\Dane aplikacji\InstallShield 2008-01-03 17:34 --------- d-----w C:\Program Files\Launch Manager 2008-01-03 17:29 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-03 17:28 558,142 ----a-w C:\WINDOWS\java\Packages\5J13RZBD.ZIP 2008-01-03 17:28 155,995 ----a-w C:\WINDOWS\java\Packages\IJ5ZBJ5B.ZIP 2008-01-03 17:25 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((( snapshot@2008-01-06_20.46.18,53 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-06 19:07:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-07 16:03:49 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-06 19:07:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-01-07 16:03:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-01-06 19:07:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-01-07 16:03:49 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2008-01-03 17:41:25 40,190 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-07 05:18:04 40,190 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-03 17:41:25 49,690 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-01-07 05:18:04 49,690 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-01-03 17:41:25 311,802 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-07 05:18:04 311,802 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-03 17:41:25 355,724 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-01-07 05:18:04 355,724 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-04-23 13:55 749568] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-02 14:49 813840] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2007-08-24 11:01 135168] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2007-08-24 11:01 159744] "Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2007-08-24 11:00 131072] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104] "WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58 12288] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-05 13:19 579072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ClamWin"="C:\Program Files\ActiveVir\bin\ClamTray.exe" [2007-12-01 15:08 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 17:05 13312] "MicroSoft ssadsadas3s1"="eXtream.exe" [] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-05 13:19 219136] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 17:07:43 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-07 17:07:56 ComboFix2.txt 2008-01-06 19:46:39