ComboFix 07-09-18.4 - "DarkXander" 2007-09-19 21:10:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.631 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 ))))))))))))))))))))))))))))))) . 2007-09-19 21:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 20:25 dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji 2007-09-19 20:25 dr------- C:\DOCUME~1\ADMINI~1\Menu Start 2007-09-19 20:25 d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne 2007-09-19 20:25 d--h----- C:\DOCUME~1\ADMINI~1\Szablony 2007-09-19 20:25 d-------- C:\DOCUME~1\ADMINI~1\Ulubione 2007-09-19 20:25 d-------- C:\DOCUME~1\ADMINI~1\Pulpit 2007-09-19 20:25 d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty 2007-09-08 14:58 d-------- C:\Program Files\Google 2007-09-08 14:58 d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\Google 2007-08-27 17:06 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2007-08-23 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-08-23 17:45 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-08-23 17:45 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-08-23 17:45 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-08-21 17:48 d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-19 20:26 --------- d-------- C:\Program Files\BFG 2007-09-18 05:55 --------- d-------- C:\Program Files\DAEMON Tools 2007-09-01 20:06 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-09-01 19:02 --------- d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\Skype 2007-08-26 19:04 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-23 17:34 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-20 18:01 --------- d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\Ahead 2007-08-19 09:56 --------- d-------- C:\Program Files\Opera 2007-08-16 18:04 --------- d-------- C:\Program Files\Winamp 2007-08-15 07:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google 2007-08-08 16:57 --------- d-------- C:\Program Files\Common Files\DirectX 2007-08-06 19:37 --------- d-------- C:\Program Files\SUBEDI~1 2007-08-05 20:45 --------- d-------- C:\Program Files\AGEIA Technologies 2007-08-05 20:40 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-05 20:33 --------- d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\InstallShield 2007-08-05 19:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Test Drive Unlimited 2007-08-05 13:17 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-08-05 13:16 --------- d-------- C:\Program Files\DivX 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-29 17:51 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-07-29 17:51 298104 --a------ C:\WINDOWS\system32\imon.dll 2007-07-29 17:51 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-07-29 12:22 --------- dr-h----- C:\DOCUME~1\DARKXA~1\DANEAP~1\SecuROM 2007-07-23 19:02 --------- d-------- C:\DOCUME~1\DARKXA~1\DANEAP~1\ScanSoft 2007-07-20 18:21 --------- dr------- C:\DOCUME~1\DARKXA~1\DANEAP~1\Brother 2007-06-26 14:16 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2004-07-22 11:51 3432656 --a------ C:\Program Files\ManagedDX.CAB 2004-07-19 23:58 1156363 --a------ C:\Program Files\BDANT.cab 2004-07-19 23:53 976020 --a------ C:\Program Files\BDAXP.cab 2004-07-16 15:30 3858 --a------ C:\Program Files\directx redist.txt 2004-07-09 15:17 13265040 --a------ C:\Program Files\dxnt.cab 2004-07-09 10:13 703080 --a------ C:\Program Files\BDA.cab 2004-07-09 10:13 15493481 --a------ C:\Program Files\DirectX.cab 2004-07-09 05:08 472576 --a------ C:\Program Files\dxsetup.exe 2004-07-09 05:08 2242560 --a------ C:\Program Files\dsetup32.dll 2004-07-09 04:03 62976 --a------ C:\Program Files\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-09-05 17:45] "nForce Tray Options"="sstray.exe" [2003-10-24 14:13 C:\WINDOWS\system32\sstray.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-29 17:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproRemote.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ComproRemote.lnk backup=C:\WINDOWS\pss\ComproRemote.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproScheduler.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ComproScheduler.lnk backup=C:\WINDOWS\pss\ComproScheduler.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TweakYC.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TweakYC.lnk backup=C:\WINDOWS\pss\TweakYC.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews] D:\TV - Cafe News\CafeNews\CN.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe S1 CXAVSAUD;Compro VideoMate X series Audio Capture;C:\WINDOWS\system32\DRIVERS\cxavsaud.sys S2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys S3 CXAVXBAR;Compro VideoMate X series AVStream Crossbar;C:\WINDOWS\system32\drivers\cxavxbar.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-19 21:11:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-19 21:12:05 . --- E O F ---