ComboFix 07-09-20.1 - "Mariann" 2007-09-24 19:20:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.197 [GMT 2:00] . ((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 ))))))))))))))))))))))))))))))) . 2007-09-24 15:40 d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-09-24 15:36 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2007-09-24 15:36 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-09-24 15:36 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2007-09-24 15:36 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2007-09-24 15:36 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-09-24 15:35 d-------- C:\Program Files\Trojan Remover 2007-09-24 15:35 d-------- C:\DOCUME~1\Mariann\DANEAP~1\Simply Super Software 2007-09-24 15:35 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Simply Super Software 2007-09-24 15:06 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-09-24 15:06 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-09-24 15:06 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-09-24 15:06 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-09-24 15:05 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-09-24 15:05 d-------- C:\Program Files\Spyware Doctor 2007-09-24 15:05 d-------- C:\DOCUME~1\Mariann\DANEAP~1\PC Tools 2007-09-22 17:47 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-09-22 17:47 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab 2007-09-22 13:45 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-09-22 13:18 d-------- C:\Program Files\Tibia 2007-09-22 13:18 d-------- C:\DOCUME~1\Mariann\DANEAP~1\Tibia 2007-09-20 21:05 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-09-20 21:03 d-------- C:\Program Files\TuneUp Utilities 2006 2007-09-20 21:03 d-------- C:\DOCUME~1\Mariann\DANEAP~1\TuneUp Software 2007-09-20 21:00 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-20 21:00 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TuneUp Software 2007-09-20 14:09 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-20 13:45 d-------- C:\Program Files\Sophos 2007-09-20 11:24 d-------- C:\Program Files\Intel 2007-09-20 11:24 d-------- C:\Program Files\C-Media 3D Audio 2007-09-20 11:23 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-09-19 16:40 d-------- C:\WINDOWS\system32\LogFiles 2007-09-19 16:02 d-------- C:\Program Files\Tibia Auto 2007-09-19 16:01 1,867,776 --a------ C:\WINDOWS\system32\python24.dll 2007-09-19 15:15 d-------- C:\Program Files\Asprate 2007-09-18 23:10 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-09-18 23:09 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-09-18 23:09 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-09-18 23:09 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-09-18 23:07 dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-09-18 23:07 dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-09-18 23:07 dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-09-18 23:07 dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-09-18 23:07 d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-09-18 23:07 d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-09-18 23:07 d-------- C:\DOCUME~1\DEFAUL~1\Ulubione 2007-09-18 23:07 d-------- C:\DOCUME~1\DEFAUL~1\Pulpit 2007-09-18 23:07 d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty 2007-09-18 23:07 d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-09-18 23:07 d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-09-18 23:06 dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-09-18 23:06 dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-09-18 23:06 d-------- C:\WINDOWS\system32\CatRoot2 2007-09-18 23:06 d-------- C:\WINDOWS\system32\CatRoot 2007-09-18 22:20 d-------- C:\DOCUME~1\Mariann\DANEAP~1\Gadu-Gadu 2007-09-18 22:07 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 18:33 --------- d-------- C:\Program Files\Gadu-Gadu 2007-09-22 13:53 --------- d-------- C:\Program Files\Minilyrics 2007-09-20 11:25 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-18 21:59 --------- d-------- C:\Program Files\Thomson 2007-09-18 21:51 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-09-18 21:51 298104 --a------ C:\WINDOWS\system32\imon.dll 2007-09-18 21:51 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-18 21:48 --------- d-------- C:\Program Files\Ahead 2007-09-18 21:47 --------- d-------- C:\Program Files\Common Files\Ahead 2007-09-18 21:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead 2007-09-18 21:45 --------- d-------- C:\Program Files\DAEMON Tools 2007-09-18 21:44 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-18 21:42 --------- d-------- C:\DOCUME~1\Mariann\DANEAP~1\ATI 2007-09-18 21:40 --------- d-------- C:\Program Files\Vplayer 2007-09-18 21:39 --------- d-------- C:\Program Files\The KMPlayer 2007-09-18 21:39 --------- d-------- C:\Program Files\PowerISO 2007-09-18 21:39 --------- d-------- C:\Program Files\Peer2Mail 2007-09-18 21:37 --------- d-------- C:\Program Files\IrfanView 2007-09-18 21:35 --------- d-------- C:\Program Files\ATI Technologies 2007-09-18 21:29 --------- d-------- C:\Program Files\Real Alternative 2007-09-18 21:29 --------- d-------- C:\Program Files\Media Player Classic 2007-09-18 21:29 --------- d-------- C:\DOCUME~1\Mariann\DANEAP~1\Real 2007-09-18 21:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real 2007-09-18 21:28 --------- d-------- C:\Program Files\QuickTime 2007-09-18 21:28 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-18 21:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer 2007-09-18 21:27 --------- d-------- C:\Program Files\Xvid 2007-09-18 21:27 --------- d-------- C:\Program Files\Winamp 2007-09-18 21:25 --------- d-------- C:\Program Files\CyberLink 2007-09-18 21:25 --------- d-------- C:\Program Files\Alcohol Soft 2007-09-18 21:18 --------- d-------- C:\Program Files\microsoft frontpage 2001-11-23 06:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL --------- C:\Program Files\Usługi online . ((((((((((((((((((((((((((((( snapshot_2007-09-20_142541,84 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 585,791 2007-09-22 15:29:10 C:\WINDOWS\gmer.dll ----a-w 581,632 2007-06-29 07:38:18 C:\WINDOWS\gmer.exe ----a-w 11,808,768 2007-09-22 12:28:56 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\99cdb1d6b5863d46b660982245cb414a\System.Web.ni.dll ----a-w 2,310,144 2007-09-22 12:29:05 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff864d58c101b44481a72518f05cacad\System.Web.Mobile.ni.dll ----a-w 237,568 2007-09-22 12:29:06 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\5c4e6a69a33e144d9b2fb479bf83074f\System.Web.RegularExpressions.ni.dll ----a-w 1,945,600 2007-09-22 12:29:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e7733aa45b9b24f9c569af8d8c0ac8b\System.Web.Services.ni.dll ----a-r 27,200 2001-07-21 22:15:50 C:\WINDOWS\system32\ctl3dv2.dll ----a-w 58,596 2007-09-24 17:13:15 C:\WINDOWS\system32\perfc009.dat ----a-w 74,230 2007-09-24 17:13:15 C:\WINDOWS\system32\perfc015.dat ----a-w 392,296 2007-09-24 17:13:15 C:\WINDOWS\system32\perfh009.dat ----a-w 448,004 2007-09-24 17:13:15 C:\WINDOWS\system32\perfh015.dat ----a-w 70,001 2007-09-22 15:29:10 C:\WINDOWS\system32\drivers\gmer.sys ----a-w 213,048 2005-05-24 09:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll ----a-w 94,208 2007-09-07 09:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe ----a-w 946,176 2007-09-07 09:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ----a-w 27,200 2001-07-21 22:15:50 C:\WINDOWS\system32\ctl3dv2.dll ----a-w 58,596 2007-09-18 20:01:57 C:\WINDOWS\system32\perfc009.dat ----a-w 74,230 2007-09-18 20:01:57 C:\WINDOWS\system32\perfc015.dat ----a-w 392,296 2007-09-18 20:01:57 C:\WINDOWS\system32\perfh009.dat ----a-w 448,004 2007-09-18 20:01:57 C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-18 21:51] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-21 16:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2006-10-05 16:09] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE "WinampAgent"=C:\Program Files\Winamp\winampa.exe "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-09-20 19:05:40 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-24 19:21:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-24 19:22:02 C:\ComboFix-quarantined-files.txt ... 2007-09-24 19:22 . --- E O F ---