ComboFix 07-10-04.6 - oem 2007-10-06 10:49:14.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.200 [GMT 2:00] Running from: C:\Documents and Settings\oem\Moje dokumenty\Ada˜\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 ))))))))))))))))))))))))))))))) . 2007-10-05 21:45 d-------- C:\WINDOWS\Content.IE5 2007-10-05 15:17 23 --ahs---- C:\WINDOWS\system32\bcbcfd5_r.dll 2007-10-05 15:17 d-------- C:\Program Files\jv16 PowerTools 2007 2007-10-03 22:49 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Help 2007-09-28 16:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-28 15:44 1,252 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-28 15:43 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-09-28 15:43 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-09-28 15:43 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-09-28 15:43 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-09-28 15:43 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-09-28 15:43 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-09-28 15:43 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-09-27 18:46 d-------- C:\!KillBox 2007-09-27 17:46 d-------- C:\Program Files\Trend Micro 2007-09-27 17:36 d-------- C:\Program Files\RogueRemover FREE 2007-09-27 17:16 d-------- C:\Program Files\Enigma Software Group 2007-09-27 14:44 d-------- C:\Documents and Settings\oem\Dane aplikacji\U3 2007-09-26 20:58 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-09-26 20:58 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-09-26 20:58 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-09-26 20:58 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-09-26 20:58 d-------- C:\Program Files\Spyware Doctor 2007-09-26 20:58 d-------- C:\Documents and Settings\oem\Dane aplikacji\PC Tools 2007-09-26 20:57 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-09-25 12:16 d-------- C:\Program Files\BearShare 2007-09-24 17:16 d-------- C:\Program Files\eMule 2007-09-24 08:22 d-------- C:\Program Files\Movie Player Pro ActiveX Control 2007-09-20 14:02 d-------- C:\Program Files\Electronic Arts 2007-09-12 19:42 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-09-12 19:41 d-------- C:\Program Files\Zapu 2007-09-12 16:58 308,224 --a------ C:\WINDOWS\IsUn040a.exe 2007-09-09 14:46 d-------- C:\Program Files\AdVantage 2007-09-09 14:41 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-08 13:23 d-------- C:\Program Files\Common Files\Panda Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-03 22:24 --------- d-------- C:\Program Files\Panda Software 2007-09-28 15:10 --------- d-------- C:\Documents and Settings\oem\Dane aplikacji\Skype 2007-09-27 17:49 --------- d-------- C:\Program Files\Google 2007-09-26 09:37 --------- d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-09-12 20:09 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-02 12:46 --------- d-------- C:\Program Files\Player Tool 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2005-03-31 23:17 40960 --a------ C:\Program Files\Uninstall_CDS.exe 2006-07-23 08:21:52 56 --sh--r C:\WINDOWS\system32\BE093BF920.sys 2006-11-24 21:37:00 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AT-Watch"="" [] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys S3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys S3 SaiNtHid;%SAINTHID_NAME%;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66368178-6cf6-11dc-afe4-0013d4dc6301}] AutoRun\command- G:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-06 10:50:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? nt???w????????????????.???????Y???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-06 10:51:17 C:\ComboFix-quarantined-files.txt ... 2007-10-06 10:51 C:\ComboFix2.txt ... 2007-10-05 17:52 C:\ComboFix3.txt ... 2007-10-04 18:19 . --- E O F ---