ComboFix 08-01-07.5 - Karol M 2008-01-07 20:21:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.656 [GMT 1:00] Running from: C:\Documents and Settings\Karol M\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-07 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 22:57 . 2008-01-06 22:57 d-------- C:\Program Files\Trend Micro 2008-01-06 21:02 . 2008-01-06 21:02 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-31 22:17 . 2007-12-31 22:17 d-------- C:\Program Files\Lavasoft 2007-12-31 22:17 . 2007-12-31 22:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-31 22:17 . 2007-12-31 22:17 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2007-12-31 15:00 . 2008-01-03 15:25 d-------- C:\Program Files\Deutsch Translator 2 2007-12-31 14:45 . 2007-12-31 14:45 dr-h----- C:\Documents and Settings\Karol M\Dane aplikacji\SecuROM 2007-12-31 14:45 . 2007-12-31 14:45 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-29 16:57 . 2007-12-29 16:59 d-------- C:\Program Files\Smarty Uninstaller Pro 2007-12-29 16:57 . 2004-06-14 16:01 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2007-12-29 16:57 . 2006-09-08 13:34 417,792 --a------ C:\WINDOWS\system32\vbalCmdBar6.ocx 2007-12-29 16:57 . 2006-09-08 13:33 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx 2007-12-29 16:57 . 2006-09-08 13:33 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX 2007-12-29 16:57 . 2006-09-08 13:34 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll 2007-12-29 16:57 . 2006-09-08 13:33 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx 2007-12-29 16:57 . 2006-09-08 13:34 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll 2007-12-29 14:44 . 2004-09-30 14:26 36,864 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-12-29 14:42 . 2007-12-29 14:44 d-------- C:\Program Files\VIAudioi 2007-12-29 14:37 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-29 14:37 . 2004-09-06 16:01 161,536 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys 2007-12-28 21:26 . 2007-12-28 21:26 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys 2007-12-28 21:26 . 2007-12-28 21:26 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys 2007-12-28 17:11 . 2007-12-28 17:12 d-------- C:\Program Files\Image Grabber II 2007-12-28 16:41 . 2007-12-29 17:03 d-------- C:\Downloads 2007-12-28 16:38 . 2007-12-28 16:38 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-28 16:38 . 2007-12-28 16:38 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-12-28 11:05 . 2007-12-28 11:05 d-------- C:\Program Files\MarBit 2007-12-27 17:44 . 2008-01-04 18:27 d-------- C:\Program Files\FlashGet 2007-12-27 12:55 . 2007-12-27 13:19 219,648 --a------ C:\WINDOWS\system32\DllCache\uxtheme.dll 2007-12-26 09:41 . 2007-12-27 17:36 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-26 09:28 . 2007-12-26 09:28 d-------- C:\WINDOWS\Sun 2007-12-25 15:18 . 2007-12-25 15:18 d-------- C:\Program Files\SlySoft 2007-12-25 15:05 . 2007-12-25 15:05 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\CyberLink 2007-12-25 14:59 . 2007-12-25 14:59 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\Media Player Classic 2007-12-25 14:59 . 2007-12-28 11:19 49 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-25 12:32 . 2007-12-25 12:32 d-------- C:\Program Files\Alcohol Soft 2007-12-24 13:47 . 2007-12-24 13:48 d-------- C:\Program Files\HyperSnap 6 2007-12-23 20:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-23 20:38 . 2007-12-23 20:39 d-------- C:\Program Files\Java 2007-12-23 20:38 . 2007-12-23 20:38 d-------- C:\Program Files\Common Files\Java 2007-12-23 19:28 . 2008-01-07 14:42 d-------- C:\Program Files\SpeedFan 2007-12-23 19:28 . 2007-12-23 19:28 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2007-12-23 17:56 . 2007-12-23 17:56 d-------- C:\Program Files\MyPortal 2007-12-23 17:56 . 2007-12-23 17:56 0 --ah----- C:\WINDOWS\system32\sx.inf 2007-12-23 17:25 . 2007-12-23 17:25 d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-12-23 17:23 . 2007-12-23 17:24 d-------- C:\Program Files\CyberLink 2007-12-23 09:29 . 2008-01-06 22:54 211 --ah----- C:\boot.ini 2007-12-22 18:43 . 2008-01-02 17:13 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\skypePM 2007-12-22 18:43 . 2007-12-22 18:43 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-12-22 18:42 . 2007-12-28 15:44 d-------- C:\Program Files\Skype 2007-12-22 18:42 . 2007-12-22 18:42 d-------- C:\Program Files\Common Files\Skype 2007-12-22 18:42 . 2008-01-06 21:50 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\Skype 2007-12-22 18:42 . 2007-12-22 18:42 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-12-22 18:28 . 2007-12-22 18:28 d-------- C:\Program Files\Common Files\Adobe 2007-12-22 18:03 . 2007-12-23 15:17 d-------- C:\Program Files\Winamp 2007-12-22 18:03 . 2007-12-22 18:13 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\Winamp 2007-12-22 17:33 . 2007-12-22 17:34 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2007-12-22 17:15 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-12-22 17:13 . 2007-12-22 17:13 d-------- C:\Program Files\MSBuild 2007-12-22 17:13 . 2007-12-22 17:13 d-------- C:\Program Files\Microsoft Works 2007-12-22 17:11 . 2007-12-22 17:11 d-------- C:\Program Files\Microsoft.NET 2007-12-22 17:09 . 2007-12-22 17:09 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-12-22 17:07 . 2007-12-22 17:12 d-------- C:\WINDOWS\SHELLNEW 2007-12-22 17:07 . 2007-12-26 12:13 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-12-22 17:06 . 2007-12-22 17:06 dr-h----- C:\MSOCache 2007-12-22 16:45 . 2007-12-22 16:45 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\DAEMON Tools Pro 2007-12-22 16:45 . 2007-12-22 16:47 d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro 2007-12-22 16:43 . 2007-12-22 19:27 d-------- C:\Program Files\DAEMON Tools Pro 2007-12-22 16:41 . 2007-12-31 13:13 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-22 16:40 . 2007-12-22 16:40 d-------- C:\Documents and Settings\Karol M\Dane aplikacji\Ahead 2007-12-22 16:38 . 2007-12-22 16:38 d-------- C:\Program Files\Nero 2007-12-22 16:38 . 2007-12-22 16:38 d-------- C:\Program Files\Common Files\Ahead 2007-12-22 16:38 . 2007-04-20 02:27 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll 2007-12-22 16:38 . 2007-04-20 02:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-22 16:38 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-12-22 16:38 . 2007-12-23 17:23 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-22 16:38 . 2007-04-20 02:27 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-12-22 16:38 . 2007-04-20 02:27 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-12-22 16:38 . 2007-04-20 02:27 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-12-22 16:38 . 2007-04-20 02:27 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-12-22 16:10 . 2007-12-22 16:10 d-------- C:\Program Files\K-Lite Codec Pack 2007-12-22 09:55 . 2007-12-29 15:24 1,292 --a------ C:\WINDOWS\mozver.dat 2007-12-22 09:06 . 2007-12-22 09:06 d-------- C:\Program Files\Fic_Products 2007-12-22 09:03 . 2007-12-22 09:03 d-------- C:\Program Files\Lock My PC 4 2007-12-22 09:03 . 2007-11-29 11:42 44,400 --a------ C:\WINDOWS\system32\fsp_lmwl.dll 2007-12-22 09:03 . 2007-10-08 22:59 10,096 --a------ C:\WINDOWS\system32\drivers\lmpc4.sys 2007-12-21 20:34 . 2006-06-14 09:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-12-21 20:34 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-12-21 20:34 . 2006-06-14 10:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-12-21 20:34 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-12-21 20:34 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-12-21 20:34 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-12-21 20:34 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-12-21 20:34 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-12-21 20:34 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-12-21 19:58 . 2005-04-14 07:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll 2007-12-21 19:45 . 2007-12-21 20:06 d-------- C:\Program Files\Setup Files 2007-12-21 19:42 . 2007-12-21 19:42 d-------- C:\Program Files\MSI 2007-12-21 19:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\DllCache\custsat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 19:31 11,366,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-07 19:30 591,904 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-07 18:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-01-07 15:50 57,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-07 15:50 153,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-28 16:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-21 19:52 --------- d-----w C:\Program Files\VIA 2007-12-21 16:48 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-21 16:48 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-12-21 15:20 --------- d-----w C:\Program Files\Kaspersky Lab 2007-12-21 15:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-12-21 15:16 --------- d-----w C:\Documents and Settings\Karol M\Dane aplikacji\ATI 2007-12-21 15:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI 2007-12-21 15:14 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-21 15:14 --------- d-----w C:\Program Files\ATI Technologies 2007-12-21 14:15 --------- d-----w C:\Program Files\Usługi online 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] "SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 13:11 46718] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl] fsp_lmwl.dll 2007-11-29 11:42 44400 C:\WINDOWS\system32\fsp_lmwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2004-09-30 14:44 7957504 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 14:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2007-12-21 21:06 1266936 D:\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "IDriverT"=3 (0x3) "RichVideo"=2 (0x2) "StarWindServiceAE"=2 (0x2) "aawservice"=3 (0x3) R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-12-28 21:26] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-12-28 21:26] R3 GETND5BV;VIA Networking Velocity-Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5bv.sys [2007-09-21 21:27] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 LMPC4;LMPC4;C:\WINDOWS\system32\drivers\LMPC4.sys [2007-10-08 22:59] S3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 18:22] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 20:31:09 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-07 20:32:47