ComboFix 07-10-07.2 - Michaˆek 2007-10-07 21:39:56.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.554 [GMT 2:00] Running from: C:\Documents and Settings\Michaˆek\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 20:11 d-------- C:\WINDOWS\LastGood 2007-10-06 22:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-10-06 22:47 14 --a------ C:\WINDOWS\system32\systeminfo3.dll 2007-10-05 14:56 d---s---- C:\Documents and Settings\Michaˆek\UserData 2007-10-03 20:09 d-------- C:\Program Files\Common Files\EasyInfo 2007-10-03 13:50 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-10-01 15:32 d-------- C:\Program Files\Setup Files 2007-10-01 15:29 d-------- C:\Program Files\MSI 2007-09-28 17:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-09-17 19:30 d-------- C:\download 2007-09-13 21:31 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-09-13 21:31 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-09-13 21:28 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-09-13 21:28 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll 2007-09-12 15:32 d-------- C:\Program Files\Steam 2007-09-07 18:08 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-09-07 18:08 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-09-07 18:08 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-06 22:55 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-14 07:49 --------- d-------- C:\Program Files\Creative 2007-09-13 21:33 --------- d--h----- C:\Program Files\Creative Installation Information 2007-08-26 13:51 --------- d-------- C:\Program Files\Common Files\DirectX 2007-08-24 19:40 --------- d-------- C:\Program Files\BitTorrent 2007-08-23 21:47 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Zylom 2007-08-23 21:45 --------- d-------- C:\Program Files\Zylom Games 2007-08-17 22:31 --------- d-------- C:\Program Files\ATI Technologies 2007-08-16 15:48 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 20:48 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-08-07 21:56 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 05:37 8237056 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-07-28 05:31 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-07-28 05:30 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-07-28 05:24 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-07-28 05:23 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-07-28 05:23 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-07-28 05:22 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-07-28 05:22 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-28 05:22 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-07-28 05:21 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-07-28 05:20 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-07-28 05:12 3067712 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-07-28 05:06 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-07-28 05:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-07-28 04:50 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-07-28 04:47 266240 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-07-28 04:46 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-07-28 04:40 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-07-09 15:43 106496 --a------ C:\WINDOWS\DIIUnin.exe . ((((((((((((((((((((((((((((( snapshot_2007-09-01_203608,65 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 135,168 2007-09-28 07:06:08 C:\WINDOWS\catchme.exe ----a-w 39,386 2007-09-28 15:17:17 C:\WINDOWS\DIIUnin.dat ----a-w 223,232 2007-10-07 18:11:58 C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll ----a-w 53,248 2007-10-07 18:11:59 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll ----a-w 12,800 2007-10-07 18:11:59 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll ----a-w 473,600 2007-10-07 18:11:59 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll ----a-w 576,000 2007-10-07 18:12:00 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll ----a-w 145,920 2007-10-07 18:12:00 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll ----a-w 159,232 2007-10-07 18:12:00 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll ----a-w 364,544 2007-10-07 18:12:00 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll ----a-w 178,176 2007-10-07 18:12:01 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll ----a-r 27,648 2007-09-12 13:32:19 C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe ----a-w 2,297,552 2005-05-26 13:34:52 C:\WINDOWS\LastGood\system32\d3dx9_26.dll ----a-w 53,248 2005-03-18 15:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll ----a-w 12,800 2005-03-18 15:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll ----a-w 473,600 2005-03-18 15:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll ----a-w 145,920 2005-03-18 15:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll ----a-w 159,232 2005-03-18 15:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll ----a-w 364,544 2005-03-18 15:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll ----a-w 178,176 2005-03-18 15:23:12 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll ----a-w 223,232 2005-03-18 15:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll ----a-w 576,000 2005-05-26 13:15:56 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll ----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe ----a-w 18,359 2006-05-18 11:14:24 C:\WINDOWS\system32\Ntaccess.sys ----a-w 279,552 2007-10-05 08:07:31 C:\WINDOWS\system32\swreg.exe -c--a-w 65,536 2002-04-11 01:41:06 C:\WINDOWS\system32\dllcache\a3d.dll ----a-w 6,912 2006-11-01 14:18:34 C:\WINDOWS\system32\drivers\FlashSys.sys ----a-w 53,248 2007-08-07 11:37:56 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll ----a-w 182,248 2007-08-07 15:20:44 C:\WINDOWS\system32\Macromed\Director\SwDir.dll ----a-w 585,728 2007-08-07 11:35:56 C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll ----a-w 1,490,944 2007-08-07 11:19:40 C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll ----a-w 24,576 2007-08-07 11:36:32 C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll ----a-w 1,113,600 2007-08-07 14:52:32 C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll ----a-w 52,288 2007-08-07 11:08:48 C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll ----a-w 606,208 2007-08-07 11:17:24 C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll ----a-w 339,968 2007-08-07 11:35:22 C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll ----a-w 483,328 2007-08-07 11:35:32 C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll ----a-w 180,224 2007-08-07 11:28:38 C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll ----a-w 391,144 2007-08-07 15:20:28 C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe ----a-w 77,824 2007-08-07 11:37:56 C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe ----a-w 86,016 2007-08-07 11:35:18 C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll ----a-w 98,304 2007-08-07 11:37:58 C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll ----a-w 50,808 2007-08-07 11:08:46 C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL ----a-w 149,504 1999-06-25 08:55:30 C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE . ----a-w 109,056 2007-07-19 22:47:22 C:\WINDOWS\catchme.exe ----a-w 38,171 2007-07-09 13:52:03 C:\WINDOWS\DIIUnin.dat ----a-w 16,789,464 2007-08-03 04:34:10 C:\WINDOWS\system32\MRT.exe ----a-w 279,552 2007-07-22 16:39:27 C:\WINDOWS\system32\swreg.exe -c--a-w 98,304 2001-10-26 15:29:28 C:\WINDOWS\system32\dllcache\a3d.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08] "mkstray"="D:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-07 10:47] "mks_mail"="D:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06] "MKSRegmon"="D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06] "DAEMON Tools"="D:\Program Files\Programy\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "P17Helper"="P17.dll" [2005-05-03 13:38 C:\WINDOWS\system32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "AlcoholAutomount"="D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Color Calibration.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Color Calibration.lnk backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "D:\Download\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;"D:\Program Files\mks_vir_2007\bin\MksFwall.exe" R2 MksPC;MksPC;"D:\Program Files\mks_vir_2007\bin\MksPC.exe" R2 MksUpdate;MksUpdate;"D:\Program Files\mks_vir_2007\bin\mksupdate.exe" R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;\??\D:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;\??\D:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;\??\D:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 UCORESYS;UCORESYS;\??\C:\PROGRA~1\MSI\LIVEUP~1\FlashUty\AMI\AFUWIN\UCORESYS.SYS S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 21:41:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-07 21:42:24 C:\ComboFix-quarantined-files.txt ... 2007-09-01 20:36 C:\ComboFix2.txt ... 2007-09-01 20:36 C:\ComboFix3.txt ... 2007-07-05 12:14 . --- E O F ---