ComboFix 07-09-20.1 - "Atalante" 2007-09-20 13:39:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.574 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 ))))))))))))))))))))))))))))))) . 2007-09-20 13:37 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-18 16:30 d-------- C:\DOCUME~1\Atalante\DANEAP~1\Help 2007-09-18 16:04 d-------- C:\Program Files\3DO 2007-09-18 15:13 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-09-14 13:25 d-------- C:\Program Files\MarBit 2007-09-14 13:00 234 --a------ C:\WINDOWS\system32\ts.dll 2007-09-14 13:00 234 --a------ C:\WINDOWS\system32\mp4.dll 2007-09-14 13:00 234 --a------ C:\WINDOWS\system32\mkzlib.dll 2007-09-14 13:00 234 --a------ C:\WINDOWS\system32\mkx.dll 2007-09-14 13:00 234 --a------ C:\WINDOWS\system32\mkunicode.dll 2007-09-01 18:03 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Trymedia 2007-09-01 17:49 d-------- C:\DOCUME~1\Atalante\DANEAP~1\InstallShield 2007-09-01 15:07 d-------- C:\Program Files\SystemRequirementsLab 2007-09-01 15:06 d-------- C:\DOCUME~1\Atalante\SystemRequirementsLab 2007-08-27 13:43 d-------- C:\Program Files\SkanerOnline 2007-08-26 09:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 13:09 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-20 12:30 --------- d-------- C:\DOCUME~1\Atalante\DANEAP~1\foobar2000 2007-09-14 10:45 --------- d-------- C:\Program Files\Gadu-Gadu 2007-09-03 19:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-03 19:15 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-08-09 12:00 --------- d-------- C:\DOCUME~1\Atalante\DANEAP~1\Creative 2007-08-09 11:51 --------- d-------- C:\Program Files\Creative 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-23 17:30 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-20 11:20 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-07-20 11:20 --------- d-------- C:\Program Files\AVSMedia 2007-07-15 18:18 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-07-09 21:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-09 21:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 11:38] "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50] "nwiz"="nwiz.exe" [2007-03-22 04:50 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-10-21 19:07] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-10-21 19:07] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 04:50] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 10:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23] C:\DOCUME~1\Atalante\MENUST~1\Programy\AUTOST~1\ GIGABYTE VGA Utility.lnk - C:\DOCUME~1\Atalante\DANEAP~1\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2007-07-18 11:19:42] H3 The Shadow of Death(TM).lnk - D:\Program Files\3DO\Heroes3\RegisterSOD\Remind32.exe [2007-09-18 16:05:50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Atalante^Menu Start^Programy^Autostart^Registration The Settlers II - Dziesiêciolecie.LNK] path=C:\Documents and Settings\Atalante\Menu Start\Programy\Autostart\Registration The Settlers II - Dziesiêciolecie.LNK backup=C:\WINDOWS\pss\Registration The Settlers II - Dziesiêciolecie.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06060f34-46a9-11dc-85e3-0013d4309257}] AutoRun\command- F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b75d32f8-54d7-11dc-85f2-0013d4309257}] AutoRun\command- F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab86fa9-32eb-11dc-b071-806d6172696f}] AutoRun\command- E:\ASUSACPI.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9bcae3a-57ef-11dc-85fc-0013d4309257}] AutoRun\command- F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91aeb12-5727-11dc-85fa-0013d4309257}] AutoRun\command- F:\Setup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-08-31 18:00:13 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2007-09-20 11:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 13:39:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-20 13:40:14 . --- E O F ---