ComboFix 07-10-04.6 - kkk 2007-10-04 23:49:10.2 - [color=red][b]FAT32[/b][/color]x86 Running from: C:\Documents and Settings\kkk\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-04 23:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 23:23 d-------- C:\Temp 2007-10-04 12:19 d-------- C:\Program Files\GoldWave 2007-10-04 10:42 23,040 --a------ C:\WINDOWS\system32\mszsrn32.dll 2007-10-04 10:20 d-------- C:\!KillBox 2007-10-02 15:13 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-10-02 15:13 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-10-02 15:13 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-10-02 15:13 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-10-02 15:13 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-10-02 15:13 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-10-02 15:13 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-10-02 13:03 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-10-02 12:15 d-------- C:\Documents and Settings\kkk\Dane aplikacji\CyberLink 2007-10-01 22:19 d-------- C:\WINDOWS\SHELLNEW 2007-10-01 22:19 d-------- C:\Program Files\Microsoft Works 2007-10-01 21:39 d-------- C:\Program Files\FastStone Image Viewer 2007-10-01 21:39 d-------- C:\Documents and Settings\kkk\Dane aplikacji\FastStone 2007-09-28 11:29 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Help 2007-09-28 11:29 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2007-09-28 00:35 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Media Player Classic 2007-09-25 09:50 d-------- C:\Program Files\PhotoFiltre 2007-09-23 21:50 d-------- C:\Program Files\UltraISO 2007-09-23 21:50 d-------- C:\Program Files\Common Files\EZB Systems 2007-09-23 21:34 d-------- C:\Documents and Settings\kkk\Dane aplikacji\stamina 2007-09-21 22:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-09-21 18:58 d-------- C:\Program Files\Inno Setup 5 2007-09-15 15:01 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2007-09-15 11:43 d-------- C:\Program Files\Yahoo! 2007-09-15 11:43 d-------- C:\Program Files\CCleaner 2007-09-14 09:11 d-------- C:\Documents and Settings\kkk\Dane aplikacji\GetRightToGo 2007-09-13 23:48 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Kingston 2007-09-13 23:24 d-------- C:\Program Files\Common Files\ACD Systems 2007-09-13 23:24 d-------- C:\Program Files\ACD Systems 2007-09-13 23:24 d-------- C:\Documents and Settings\kkk\Dane aplikacji\ACD Systems 2007-09-13 23:24 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2007-09-12 13:25 41,472 --a------ C:\WINDOWS\system32\ocfpcsc1.dll 2007-09-11 13:43 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Cimaware 2007-09-11 13:35 d-------- C:\Program Files\Cimaware 2007-09-11 11:52 d-------- C:\Program Files\Ontrack 2007-09-10 18:14 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-10 10:19 d-------- C:\WINDOWS\AVerTV2K 2007-09-10 10:08 234,050 --a------ C:\WINDOWS\Uninstall.exe 2007-09-09 00:46 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Opera 2007-09-08 18:03 d-------- C:\Program Files\NetLimiter 2007-09-08 18:03 d-------- C:\Documents and Settings\kkk\Dane aplikacji\LockTime 2007-09-08 14:07 d-------- C:\Documents and Settings\kkk\Dane aplikacji\AdobeUM 2007-09-08 14:04 d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-09-07 19:04 148,992 --a------ C:\WINDOWS\system32\mllink5.dll 2007-09-07 18:50 d-------- C:\Program Files\Working Model 2D 2007-09-07 18:22 dr-h----- C:\Documents and Settings\Go˜†\Dane aplikacji 2007-09-07 18:22 dr------- C:\Documents and Settings\Go˜†\Ulubione 2007-09-07 18:22 dr------- C:\Documents and Settings\Go˜†\Moje dokumenty 2007-09-07 18:22 dr------- C:\Documents and Settings\Go˜†\Menu Start 2007-09-07 18:22 d--h----- C:\Documents and Settings\Go˜†\Ustawienia lokalne 2007-09-07 18:22 d--h----- C:\Documents and Settings\Go˜†\Szablony 2007-09-07 18:22 d-------- C:\Documents and Settings\Go˜†\Pulpit 2007-09-07 18:03 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-09-07 17:53 d-------- C:\Program Files\SubEdit-Player 2007-09-07 15:46 d-------- C:\WINDOWS\system32\NtmsData 2007-09-07 15:31 d-------- C:\Program Files\Browser MOUSE 2007-09-07 12:26 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-09-07 12:26 61,008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-09-07 12:26 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-09-07 12:26 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-09-07 12:26 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-09-07 12:26 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-09-07 12:26 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-09-07 12:26 d-------- C:\Program Files\Sygate 2007-09-07 12:18 d-------- C:\Program Files\uTorrent 2007-09-07 12:18 d-------- C:\Documents and Settings\kkk\Dane aplikacji\uTorrent 2007-09-07 12:17 d-------- C:\Program Files\FlashGet 2007-09-07 12:06 d-------- C:\WINDOWS\Profiles 2007-09-07 12:06 d-------- C:\Documents and Settings\kkk\Dane aplikacji\InterTrust 2007-09-07 12:04 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys 2007-09-07 12:04 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys 2007-09-07 12:04 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys 2007-09-07 12:04 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys 2007-09-07 12:04 2,973,696 --------- C:\WINDOWS\NuNinst.exe 2007-09-07 12:03 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-09-07 12:03 d-------- C:\Program Files\CyberLink 2007-09-07 12:03 d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-09-07 12:02 40,960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-09-07 12:02 d-------- C:\Program Files\CyberLink DVD Solution 2007-09-07 11:57 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-07 11:57 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-07 11:57 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-07 11:57 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-07 11:57 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-07 11:57 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-07 11:56 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-07 11:56 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-09-07 11:56 d-------- C:\Program Files\Alwil Software 2007-09-07 11:55 d-------- C:\Program Files\Opera 2007-09-07 11:54 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-09-07 11:53 d-------- C:\Program Files\K-Lite Codec Pack 2007-09-07 11:53 d-------- C:\Documents and Settings\kkk\Dane aplikacji\Real 2007-09-07 11:53 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Real 2007-09-07 11:52 d-------- C:\Program Files\IrfanView 2007-09-07 11:48 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-07 18:02 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-07 18:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-07 10:58 --------- d-------- C:\Program Files\Common Files\Ahead 2007-09-07 10:58 --------- d-------- C:\Program Files\Ahead 2007-09-07 10:34 --------- d-------- C:\Program Files\WinFast 2007-09-07 10:34 --------- d-------- C:\Program Files\Common Files\Ulead Systems 2007-09-07 10:34 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-09-07 10:22 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-07 10:22 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-07 10:22 --------- d-------- C:\Program Files\Analog Devices 2007-09-07 10:15 --------- d-------- C:\Program Files\microsoft frontpage --------- C:\Program Files\Us³ugi online . ((((((((((((((((((((((((((((( snapshot@2007-10-04_23.37.08,08 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16] "FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2007-09-07 15:31] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2007-09-08 18:04] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2003-06-22 16:38] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent] "C:\Program Files\ChrisTV\ChrisTV_Agent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] DevDetect.exe -autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\flashget.exe /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SoundMAX Agent Service (default)"=2 (0x2) "InCDsrv"=2 (0x2) "aawservice"=2 (0x2) *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-04 10:00:02 C:\WINDOWS\Tasks\Auto-scheduled task of Free Registry Fix.job" - C:\Program Files\Free Registry Fix\regfix.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 23:50:29 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-04 23:51:31 C:\ComboFix2.txt ... 2007-10-04 23:38 . --- E O F ---