ComboFix 07-08-09.3 - "Marcin" 2007-08-09 12:23:37.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.65 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 ))))))))))))))))))))))))))))))) 2007-08-09 12:20 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-08 22:14 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Azureus 2007-08-08 22:13 d---s---- C:\WINDOWS\Downloaded Program Files 2007-08-08 22:13 d-------- C:\DOCUME~1\Marcin\DANEAP~1\Azureus 2007-08-08 20:47 d--hs---- C:\RECYCLER 2007-08-08 19:30 d-------- C:\WINDOWS\Prefetch 2007-08-08 19:29 d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji 2007-08-08 18:21 d-------- C:\Program Files\Lavasoft 2007-08-08 18:21 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft 2007-08-08 18:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-08 16:24 d-------- C:\Program Files\mks_vir_2007 2007-08-05 12:51 d-------- C:\WINDOWS\Pliki Instalatora aktualizacji Windows Update 2007-08-05 12:47 82,501 --a--c--- C:\WINDOWS\system32\dllcache\bckg.dll 2007-08-05 12:47 781,397 --a--c--- C:\WINDOWS\system32\dllcache\chkrres.dll 2007-08-05 12:47 753,236 --a--c--- C:\WINDOWS\system32\dllcache\rvseres.dll 2007-08-05 12:47 66,113 --a--c--- C:\WINDOWS\system32\dllcache\shvl.dll 2007-08-05 12:47 57,409 --a--c--- C:\WINDOWS\system32\dllcache\hrtz.dll 2007-08-05 12:47 5,632 --a--c--- C:\WINDOWS\system32\dllcache\write.exe 2007-08-05 12:47 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-08-05 12:47 48,706 --a--c--- C:\WINDOWS\system32\dllcache\rvse.dll 2007-08-05 12:47 42,577 --a--c--- C:\WINDOWS\system32\dllcache\bckgzm.exe 2007-08-05 12:47 42,575 --a--c--- C:\WINDOWS\system32\dllcache\chkrzm.exe 2007-08-05 12:47 42,574 --a--c--- C:\WINDOWS\system32\dllcache\rvsezm.exe 2007-08-05 12:47 42,573 --a--c--- C:\WINDOWS\system32\dllcache\shvlzm.exe 2007-08-05 12:47 42,573 --a--c--- C:\WINDOWS\system32\dllcache\hrtzzm.exe 2007-08-05 12:47 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll 2007-08-05 12:47 40,515 --a--c--- C:\WINDOWS\system32\dllcache\chkr.dll 2007-08-05 12:47 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll 2007-08-05 12:47 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe 2007-08-05 12:47 32,339 --a--c--- C:\WINDOWS\system32\dllcache\uniansi.dll 2007-08-05 12:47 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll 2007-08-05 12:47 217,160 --a--c--- C:\WINDOWS\system32\dllcache\cmnclim.dll 2007-08-05 12:47 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll 2007-08-05 12:47 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll 2007-08-05 12:47 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll 2007-08-05 12:47 1,817,687 --a--c--- C:\WINDOWS\system32\dllcache\bckgres.dll 2007-08-05 12:47 1,175,635 --a--c--- C:\WINDOWS\system32\dllcache\hrtzres.dll 2007-08-05 12:47 1,041,491 --a--c--- C:\WINDOWS\system32\dllcache\cmnresm.dll 2007-08-05 12:46 80,896 --a--c--- C:\WINDOWS\system32\dllcache\charmap.exe 2007-08-05 12:46 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-08-05 12:46 73,216 --a--c--- C:\WINDOWS\system32\dllcache\avwav.dll 2007-08-05 12:46 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-08-05 12:46 605,696 --a--c--- C:\WINDOWS\system32\dllcache\getuname.dll 2007-08-05 12:46 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-08-05 12:46 57,344 --a--c--- C:\WINDOWS\system32\dllcache\sol.exe 2007-08-05 12:46 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-08-05 12:46 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-08-05 12:46 35,328 --a--c--- C:\WINDOWS\system32\dllcache\winchat.exe 2007-08-05 12:46 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-08-05 12:46 231,424 --a--c--- C:\WINDOWS\system32\dllcache\avtapi.dll 2007-08-05 12:46 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-08-05 12:46 16,384 --a--c--- C:\WINDOWS\system32\dllcache\avmeter.dll 2007-08-05 12:46 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-08-05 12:46 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe 2007-08-05 12:46 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-08-05 12:46 13,312 --a--c--- C:\WINDOWS\system32\dllcache\htrn_jis.dll 2007-08-05 12:46 119,808 --a--c--- C:\WINDOWS\system32\dllcache\winmine.exe 2007-08-05 12:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-08-05 12:46 115,200 --a--c--- C:\WINDOWS\system32\dllcache\calc.exe 2007-08-05 12:46 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-08-05 12:45 55,808 --a--c--- C:\WINDOWS\system32\dllcache\freecell.exe 2007-08-05 12:45 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-08-05 12:45 545,792 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe 2007-08-05 12:45 539,136 --a--c--- C:\WINDOWS\system32\dllcache\spider.exe 2007-08-05 12:45 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-08-05 12:45 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-08-05 12:45 345,088 --a--c--- C:\WINDOWS\system32\dllcache\mspaint.exe 2007-08-05 12:45 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-08-05 12:45 283,136 --a--c--- C:\WINDOWS\system32\dllcache\pinball.exe 2007-08-05 12:45 217,088 --a--c--- C:\WINDOWS\system32\dllcache\wordpad.exe 2007-08-05 12:45 187,904 --a--c--- C:\WINDOWS\system32\dllcache\accwiz.exe 2007-08-05 12:45 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-08-05 12:45 132,608 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe 2007-08-05 12:45 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-08-05 12:45 128,000 --a--c--- C:\WINDOWS\system32\dllcache\mshearts.exe 2007-08-05 12:45 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-08-05 12:45 124,928 --a--c--- C:\WINDOWS\system32\dllcache\mplay32.exe 2007-08-05 12:45 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-08-05 12:45 103,424 --a--c--- C:\WINDOWS\system32\dllcache\clipbrd.exe 2007-08-05 12:45 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-08-05 12:21 d-------- C:\Program Files\SkanerOnline 2007-08-01 15:04 28,944 --a------ C:\WINDOWS\system32\FM20ITA.DLL 2007-08-01 15:04 2,752 --a------ C:\WINDOWS\system32\drivers\PCIINFO.SYS 2007-08-01 15:04 1,109,264 --a------ C:\WINDOWS\system32\FM20.DLL 2007-08-01 12:23 d-------- C:\DOCUME~1\Marcin\DANEAP~1\FastStone 2007-07-25 22:12 3,266 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys 2007-07-24 15:19 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll 2007-07-24 15:19 7,168 --a------ C:\WINDOWS\system32\hccoin.dll 2007-07-24 15:19 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys 2007-07-24 15:19 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-07-23 14:32 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Drivers Headquarters 2007-07-23 14:28 d-------- C:\Program Files\PC Drivers HeadQuarters 2007-07-20 22:34 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-20 22:34 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-20 19:05 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-07-20 18:55 d-------- C:\Program Files\VID_0E8F&PID_0003 2007-07-19 14:31 d-------- C:\DOCUME~1\Marcin\DANEAP~1\BearShare 2007-07-19 10:56 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Lavasoft 2007-07-19 10:55 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-19 10:55 dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-08 18:21 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\Lavasoft 2007-08-08 18:13 --------- d-------- C:\Program Files\QuickTime Alternative 2007-08-05 12:47 75366 --a------ C:\WINDOWS\system32\perfc015.dat 2007-08-05 12:47 450570 --a------ C:\WINDOWS\system32\perfh015.dat 2007-08-05 12:46 --------- d-------- C:\Program Files\Windows NT 2007-08-03 14:34 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\OpenOffice.org2 2007-07-24 22:53 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-23 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-04 17:48 --------- d-------- C:\DOCUME~1\Marcin\DANEAP~1\Media Player Classic 2007-07-04 17:44 --------- d-------- C:\Program Files\Media Player Classic 2007-06-17 22:37 --------- d-------- C:\Program Files\Common Files\G DATA 2007-06-17 16:15 47312 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2007-06-17 16:13 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-06-01 16:41 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-06-01 16:40 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-06-01 16:40 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-06-01 16:40 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-06-01 16:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-05-24 05:06 6144 --a------ C:\WINDOWS\system32\MksIdsa.sys 2007-05-24 05:06 15360 --a------ C:\WINDOWS\system32\MksFwallt.sys 2007-05-24 05:06 13312 --a------ C:\WINDOWS\system32\MksFwallf.sys 2007-05-24 05:06 11776 --a------ C:\WINDOWS\system32\MksIdsf.sys 2007-05-16 17:19 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:19 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:19 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-16 17:18 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:18 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-05-02 16:19] "nwiz"="nwiz.exe" [2003-05-02 16:19 C:\WINDOWS\system32\nwiz.exe] "mkstray"="C:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-08 16:40] "mks_mail"="C:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06] "MKSRegmon"="C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [] "Gadu-Gadu"="F:\Gadu-Gadu\gg.exe" [2007-04-19 17:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-04-25 11:40:05] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^OpenOffice.org 2.0.2.lnk] backup=C:\WINDOWS\pss\OpenOffice.org 2.0.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "F:\BSh\BearShare.exe" /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps] F:\FRAPS\FRAPS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BoostSpeed"="F:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;"C:\Program Files\mks_vir_2007\bin\MksFwall.exe" R2 MksPC;MksPC;"C:\Program Files\mks_vir_2007\bin\MksPC.exe" R2 MksUpdate;MksUpdate;"C:\Program Files\mks_vir_2007\bin\mksupdate.exe" R2 pciinfo;pciinfo;C:\WINDOWS\system32\drivers\PCIINFO.SYS R3 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;\??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;\??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;\??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 USB_RNDIS;ADI Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\Marcin\USTAWI~1\Temp\ASFWHide S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys S3 RivaTuner32;RivaTuner32;\??\F:\RivaTuner v2.02\RivaTuner32.sys S3 WINFLASH;WINFLASH;\??\C:\WINDOWS\system32\DRIVERS\WINFLASH.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-09 12:29:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... ************************************************************************** Completion time: 2007-08-09 12:34:16 --- E O F ---