ComboFix 08-01-13.1 - Ania 2008-01-13 17:18:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 1:00] Running from: E:\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 15:16 . 2008-01-13 15:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-13 15:16 . 2008-01-13 15:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-11 18:58 . 2008-01-13 14:41 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-01-11 18:57 . 2008-01-11 18:57 d-------- C:\Documents and Settings\Ania\Dane aplikacji\PC Tools 2008-01-11 18:57 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-11 18:57 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-11 18:57 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-11 18:57 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-11 18:57 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-28 14:14 . 2007-12-28 14:14 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2007-12-28 14:13 . 2007-12-28 14:13 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-12-13 11:44 . 2007-12-13 11:44 d-------- C:\Documents and Settings\Ania\Dane aplikacji\Design Science 2007-12-13 11:43 . 2007-12-13 11:43 d-------- C:\Program Files\MathType . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 16:16 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Skype 2008-01-13 16:15 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Hamachi 2008-01-13 13:41 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\AVG7 2008-01-12 15:18 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-28 13:15 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-11 20:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2007-12-10 08:50 --------- d-----w C:\Program Files\Yahoo! 2007-12-07 15:38 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-07 15:38 --------- d-----w C:\Program Files\Hamachi 2007-12-03 01:30 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-03 01:30 --------- d-----w C:\Program Files\Windows Live Favorites 2007-11-26 17:25 --------- d-----w C:\Program Files\SopCast 2007-11-21 18:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk 2007-11-21 18:35 --------- d-----w C:\Program Files\WIBU-SYSTEMS 2007-11-21 18:33 --------- d-----w C:\Program Files\Common Files\ChaosGroup 2007-11-21 18:33 --------- d-----w C:\Program Files\Chaos Group 2007-11-21 18:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-11-21 18:30 --------- d-----w C:\Program Files\Autodesk 2007-11-17 18:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-06 22:54 203,264 ----a-w C:\WINDOWS\system32\Pajacyk.scr 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-04-24 19:15 23,510,720 ----a-w C:\Program Files\dotnetfx.exe 2007-04-24 19:00 645,670 ----a-w C:\Program Files\uTorrent-1.6-install.exe 2007-04-24 18:48 4,188,757 ------w C:\Program Files\MoorHunt.exe 2007-04-20 11:26 349,716,017 ----a-w C:\Program Files\AC10-POL.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 22:41 2113536] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 09:43 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 09:48 7561216] "nwiz"="nwiz.exe" [2006-04-27 09:48 1519616 C:\WINDOWS\system32\nwiz.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 14:13 766041] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 11:50 579072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SDTray"="E:\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 08:33 219136] C:\Documents and Settings\Ania\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-26 18:39:48] hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-07 16:38:15] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-26 18:39:48] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 09:45:32] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\Winampa.exe R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2005-11-15 06:51] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c81f656-1102-11dc-9e4a-001636804abd}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c031632-84c5-11dc-9f78-001636804abd}] \Shell\Auto\command - G:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a826cce-61c5-11dc-9f2e-001636804abd}] \Shell\Auto\command - G:\bittorrent.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb2876c4-83ac-11dc-9f75-001636804abd}] \Shell\Auto\command - G:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa367b8f-8561-11dc-9f79-001636804abd}] \Shell\AutoRun\command - H:\USBNB.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-13 16:14:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 17:21:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 17:22:03 . 2008-01-09 10:47:40 --- E O F ---