ComboFix 07-08-09.3 - "Damian" 2007-08-09 13:01:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.57 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 ))))))))))))))))))))))))))))))) 2007-08-09 13:00 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-03 18:34 81,920 --a------ C:\DOCUME~1\Damian\DANEAP~1\ezpinst.exe 2007-08-03 18:34 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-08-03 18:34 47,360 --a------ C:\DOCUME~1\Damian\DANEAP~1\pcouffin.sys 2007-08-03 18:34 d-------- C:\DOCUME~1\Damian\DANEAP~1\Vso 2007-08-03 18:33 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-08-03 18:33 314,368 --a------ C:\WINDOWS\system32\avisynth.dll 2007-08-03 18:32 d-------- C:\Program Files\McFunSoft Video Solution 2007-08-02 13:13 d-------- C:\Program Files\MoorHunt 2007-08-02 13:00 d-------- C:\Program Files\Peer2Mail 2007-07-27 15:39 d-------- C:\WINDOWS\$regcmp$ 2007-07-23 17:08 d-------- C:\DOCUME~1\Damian\DANEAP~1\Help (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-02 14:10 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2007-08-02 14:10 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-13 20:44 --------- d-a------ C:\Program Files\kulkiex20 2007-07-04 18:18 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\vlc 2007-07-04 18:17 --------- d-------- C:\Program Files\VideoLAN 2007-07-02 20:30 3045 --a------ C:\WINDOWS\mozver.dat 2007-06-26 20:08 2855 --a------ C:\WINDOWS\pif\Skoki narciarskie.PIF 2007-06-26 15:21 --------- d-------- C:\Program Files\Total Commander 7.0 2007-06-26 13:42 --------- d-------- C:\Program Files\Cream Software 2007-06-26 13:41 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner 2007-06-26 13:41 --------- d-------- C:\Program Files\AusLogics Disk Defrag 2007-06-26 13:33 --------- d-------- C:\Program Files\CCleaner 2007-06-26 13:31 --------- d-------- C:\Program Files\Ajt Soft 2007-06-26 13:27 --------- d-------- C:\Program Files\Registry Clean Expert 2007-06-26 13:01 --------- d-------- C:\Program Files\Elaborate Bytes 2007-06-26 12:59 --------- d-------- C:\Program Files\Xvid 2007-06-26 12:40 --------- d-------- C:\Program Files\GIMP-2.0 2007-06-26 12:38 --------- d-------- C:\Program Files\Common Files\GTK 2007-06-26 12:35 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\Gadu-Gadu 2007-06-26 12:32 --------- d-------- C:\Program Files\Gadu-Gadu 2007-06-26 12:21 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\AdobeUM 2007-06-26 12:07 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\Lavasoft 2007-06-26 12:06 --------- d-------- C:\Program Files\Lavasoft 2007-06-26 12:01 --------- d-------- C:\Program Files\WinCleaner Memory Optimizer 2007-06-26 11:58 --------- d-------- C:\Program Files\XnView 2007-06-26 11:53 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\XnView 2007-06-26 11:44 --------- d-------- C:\Program Files\AIDA32 - Personal System Information 2007-06-25 22:10 --------- d-------- C:\Program Files\Common Files\Nero 2007-06-25 22:05 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-25 22:05 --------- d-------- C:\Program Files\Ahead 2007-06-25 20:11 --------- d-------- C:\Program Files\Winamp 2007-06-25 19:43 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\Microsoft Web Folders 2007-06-25 19:42 --------- d-------- C:\Program Files\microsoft frontpage 2007-06-25 19:26 --------- d-a------ C:\Program Files\AutoRuns 8.43 2007-06-24 22:36 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-24 22:36 --------- d-------- C:\DOCUME~1\Damian\DANEAP~1\Talkback 2007-06-24 22:15 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-06-24 22:15 --------- d-------- C:\Program Files\RALINK 2007-06-24 22:15 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-06-24 22:09 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-06-24 22:09 --------- d-------- C:\Program Files\Common Files\ODBC 2007-06-24 20:45 0 -rahs---- C:\MSDOS.SYS 2007-06-24 20:45 0 -rahs---- C:\IO.SYS 2007-06-24 20:45 0 --a------ C:\CONFIG.SYS 2007-06-24 20:45 0 --a------ C:\AUTOEXEC.BAT 2007-06-24 20:39 --------- d--h----- C:\Program Files\WindowsUpdate 2007-06-24 20:37 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-06-24 20:36 --------- d-------- C:\Program Files\Movie Maker 2007-06-24 20:33 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 20:32 --------- d-------- C:\Program Files\MSN Gaming Zone 2007-06-24 20:32 --------- d-------- C:\Program Files\Messenger 2007-06-24 20:31 --------- d-------- C:\Program Files\Windows NT 2007-06-06 07:00 545 --a------ C:\WINDOWS\UC.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\RAR.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\LHA.PIF 2007-06-06 07:00 545 --a------ C:\WINDOWS\ARJ.PIF --------- C:\Program Files\Usługi online --------- C:\Program Files\Przeglądarka migawek ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R3 ad1816;WDM Driver for AD1815/16;C:\WINDOWS\system32\drivers\15_16wdm.sys R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys R3 sermouse;Sterownik myszy szeregowej;C:\WINDOWS\system32\DRIVERS\sermouse.sys S3 NtApm;Sterownik interfejsu NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-09 13:05:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-09 13:10:31 --- E O F ---