ComboFix 07-08-30.3 - "Michaˆek" 2007-09-01 20:34:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.520 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 ))))))))))))))))))))))))))))))) 2007-09-01 13:52 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-09-01 13:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-09-01 13:51 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2007-09-01 13:51 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-08-28 11:48 d-------- C:\WINDOWS\ShellNew 2007-08-26 15:57 227,840 --a------ C:\WINDOWS\system32\DECO_32.DLL 2007-08-26 15:57 17,920 --a------ C:\WINDOWS\system32\IMPLODE.DLL 2007-08-26 15:56 304,640 --a------ C:\WINDOWS\IsUn0415.exe 2007-08-26 15:35 305,152 --a------ C:\WINDOWS\IsUninst.exe 2007-08-26 15:35 d-------- C:\DOCUME~1\MICHAE~1\WINDOWS 2007-08-26 13:51 d-------- C:\Program Files\Common Files\DirectX 2007-08-24 19:57 d-------- C:\Downloads 2007-08-24 19:40 d-------- C:\Program Files\BitTorrent 2007-08-23 21:45 d-------- C:\Program Files\Zylom Games 2007-08-23 21:45 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Zylom 2007-08-16 15:39 d-------- C:\ATI 2007-08-08 20:48 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-08-08 20:44 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9021.sys 2007-08-08 20:44 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-07 21:56 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Trymedia 2007-08-07 12:56 dr------- C:\DOCUME~1\LOCALS~1\Ulubione 2007-08-06 17:47 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-08-06 17:47 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-06 17:45 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\DVD Shrink 2007-08-06 17:35 131,072 --a------ C:\WINDOWS\system32\imgproc.dll 2007-08-06 17:32 d-------- C:\Program Files\Windows Media Connect 2 2007-08-06 17:31 d-------- C:\WINDOWS\system32\LogFiles 2007-08-06 17:31 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-08-03 16:54 d-------- C:\Program Files\Common Files\ATI Technologies 2007-08-03 16:50 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-08-03 16:50 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat 2007-08-03 16:49 d-------- C:\Program Files\ATI Technologies 2007-08-03 16:10 d-------- C:\Program Files\A4Tech (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-24 19:57 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-08-16 15:48 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 07:44 45296 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-07-28 05:37 8237056 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-07-28 05:31 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-07-28 05:30 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-07-28 05:30 2371584 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-07-28 05:24 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-07-28 05:23 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-07-28 05:23 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-07-28 05:22 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-07-28 05:22 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-28 05:22 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-07-28 05:21 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-07-28 05:20 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-07-28 05:12 3067712 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-07-28 05:06 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-07-28 05:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-07-28 04:50 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-07-28 04:47 266240 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-07-28 04:46 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-07-28 04:45 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-07-28 04:40 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-07-23 19:46 89872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys 2007-07-23 19:46 81728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-07-23 19:46 79488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys 2007-07-23 19:46 6576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-07-23 19:46 6144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-07-23 19:46 6144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-07-21 21:25 --------- d-------- C:\Program Files\DirectX 2007-07-16 15:47 --------- d-------- C:\Program Files\SLD Codec Pack 2007-07-12 17:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Tenebril 2007-07-09 15:43 2829 --a------ C:\WINDOWS\DIIUnin.pif 2007-07-09 15:43 106496 --a------ C:\WINDOWS\DIIUnin.exe 2007-07-06 17:11 --------- d-------- C:\Program Files\SAGEM 2007-07-06 16:26 --------- d-------- C:\Program Files\Neostrada TP 2007-07-05 12:57 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-07-05 10:31 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NVIDIA 2007-07-04 23:20 --------- d-------- C:\Program Files\Creative 2007-07-04 23:14 --------- d-------- C:\Program Files\FRISK Software 2007-07-04 23:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FRISK Software 2007-07-04 23:03 --------- d-------- C:\Program Files\Common Files\Nero 2007-07-04 23:02 --------- d-------- C:\Program Files\Common Files\Ahead 2007-07-04 23:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead 2007-07-04 22:52 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-04 22:50 --------- d-------- C:\Program Files\epson 2007-07-04 22:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\UDL 2007-07-04 22:44 28352 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-07-04 22:44 --------- d-------- C:\Program Files\MUSICMATCH 2007-07-04 22:43 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2007-07-04 22:43 --------- d-------- C:\Program Files\Common Files\Logitech 2007-07-04 21:44 --------- d--h----- C:\Program Files\Creative Installation Information 2007-07-04 21:43 --------- d-------- C:\Program Files\Common Files\Creative 2007-07-04 20:54 --------- d-------- C:\Program Files\microsoft frontpage 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe --------- C:\Program Files\Us³ugi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17Helper"="P17.dll" [2005-05-03 13:38 C:\WINDOWS\system32\P17.dll] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08] "mkstray"="D:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-07 10:47] "mks_mail"="D:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06] "MKSRegmon"="D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06] "DAEMON Tools"="D:\Program Files\Programy\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "BitTorrent"="D:\Download\BitTorrent\bittorrent.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Color Calibration.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Color Calibration.lnk backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "D:\Program Files\Steam\Steam.exe" -silent R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;"D:\Program Files\mks_vir_2007\bin\MksFwall.exe" R2 MksPC;MksPC;"D:\Program Files\mks_vir_2007\bin\MksPC.exe" R2 MksUpdate;MksUpdate;"D:\Program Files\mks_vir_2007\bin\mksupdate.exe" R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;\??\D:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;\??\D:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;\??\D:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS *Newly Created Service* - CATCHME ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-01 20:35:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-01 20:36:21 C:\ComboFix-quarantined-files.txt ... 2007-09-01 20:36 C:\ComboFix2.txt ... 2007-07-05 12:14 C:\ComboFix3.txt ... 2007-07-05 12:09 --- E O F ---