ComboFix 07-10-17.8 - Czarny 2007-10-17 16:48:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1526 [GMT 2:00] Running from: C:\Documents and Settings\Czarny\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B2D4D2 C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B2DB4A C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B2E24F.bin C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B2E83B.bin C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B2F52B.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-17 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-17 16:11 d-------- C:\Program Files\Trend Micro 2007-10-16 15:14 d-------- C:\Program Files\K-Lite Codec Pack 2007-10-16 15:14 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-10-16 15:14 157,696 --a------ C:\WINDOWS\system32\unrar.dll 2007-10-15 15:34 d-------- C:\Program Files\JoWood 2007-10-14 19:08 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Apple Computer 2007-10-14 19:08 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Apple Computer 2007-10-14 19:06 d-------- C:\Program Files\QuickTime 2007-10-14 19:06 d-------- C:\Program Files\Apple Software Update 2007-10-14 19:06 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-10-14 19:06 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-10-14 18:44 d-------- C:\Program Files\DivX 2007-10-13 19:23 d-------- C:\Program Files\Avanquest update 2007-10-13 19:22 d-------- C:\Program Files\mobile PhoneTools 2007-10-13 19:22 42,496 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys 2007-10-13 17:14 d-------- C:\WINDOWS\vf_hip 2007-10-13 17:14 d-------- C:\Program Files\Hide IP Platinum 2007-10-13 16:26 d-------- C:\Fraps 2007-10-13 14:52 d-------- C:\Program Files\Activision 2007-10-13 12:00 1 --a------ C:\WINDOWS\system32\SysDVDtoavi.dat 2007-10-13 09:46 d-------- C:\Program Files\MSXML 4.0 2007-10-13 09:27 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-10-13 09:26 d-------- C:\Program Files\Microsoft.NET 2007-10-13 09:25 d-------- C:\WINDOWS\SHELLNEW 2007-10-13 09:15 d--h----- C:\WINDOWS\$hf_mig$ 2007-10-13 09:09 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-13 09:08 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-10-13 09:06 d---s---- C:\Documents and Settings\Czarny\UserData 2007-10-13 07:58 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Minnetonka Audio Software 2007-10-13 07:58 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2007-10-13 07:58 1,025 --a------ C:\WINDOWS\system32\clauth2.dll 2007-10-13 07:58 1,025 --a------ C:\WINDOWS\system32\clauth1.dll 2007-10-13 07:58 205 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-10-13 07:58 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-10-11 21:07 d-------- C:\Program Files\Total Video Converter 2007-10-11 21:00 d-------- C:\Program Files\Gabest 2007-10-11 20:55 d-------- C:\Program Files\AviSynth 2.5 2007-10-11 20:34 d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-10-11 19:21 d-------- C:\Program Files\Bonjour 2007-10-11 19:14 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-10-11 18:29 d-------- C:\Program Files\foobar2000 2007-10-11 18:29 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\foobar2000 2007-10-11 18:29 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\foobar2000 2007-10-10 16:32 d-------- C:\Program Files\BearShare 2007-10-10 16:32 d-------- C:\My Downloads 2007-10-07 14:51 d-------- C:\Program Files\Audacity 2007-10-07 14:49 d-------- C:\Program Files\GoldWave 2007-10-06 18:09 d-------- C:\Program Files\AV Vcs 4.0 DIAMOND 2007-10-06 18:07 d-------- C:\Program Files\Skype 2007-10-06 18:07 d-------- C:\Program Files\Common Files\Skype 2007-10-06 18:07 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Skype 2007-10-06 18:07 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Skype 2007-10-06 17:59 d-------- C:\Program Files\AV Vcs 5.5 DIAMOND 2007-10-06 16:14 d-------- C:\Thesycon 2007-10-05 18:40 d-------- C:\Program Files\RivaTuner v2.05 2007-09-29 10:50 2,368 --a------ C:\WINDOWS\system32\SVKP.sys 2007-09-29 10:49 d-------- C:\Program Files\Ultra RM Converter 2007-09-29 08:47 d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina 2007-09-27 13:35 d-------- C:\Program Files\Winamp 2007-09-26 20:43 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Media Player Classic 2007-09-26 20:43 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\Media Player Classic 2007-09-26 20:42 d-------- C:\Program Files\Real Alternative 2007-09-26 19:49 d-------- C:\WINDOWS\SxsCaPendDel 2007-09-26 14:27 d-------- C:\Program Files\Toribash-2.6 2007-09-26 14:11 d-------- C:\Program Files\Toribash-2.8 2007-09-23 18:17 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-09-23 18:14 d-------- C:\Program Files\Nero 2007-09-23 18:14 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-09-23 08:37 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\mIRC 2007-09-23 08:37 d-------- C:\Documents and Settings\Czarny\Dane aplikacji\mIRC 2007-09-21 20:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-09-21 20:37 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-09-21 20:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-21 18:49 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-09-20 20:26 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Eset 2007-09-19 22:09 d--h----- C:\Documents and Settings\Czarny\Dane aplikacji\ijjigame 2007-09-19 22:09 d--h----- C:\Documents and Settings\Czarny\Dane aplikacji\ijjigame 2007-09-19 19:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\IJJIGame 2007-09-19 18:03 d-------- C:\Documents and Settings\All Users\Dane aplikacji\DFX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 14:25 --------- d-----w C:\Program Files\Call of Duty 2007-10-17 14:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-15 19:40 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-15 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-14 12:50 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-13 07:25 --------- d-----w C:\Program Files\Microsoft Works 2007-10-07 08:14 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-06 16:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-02 10:26 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\Thinstall 2007-10-02 10:26 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\Thinstall 2007-09-29 16:18 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\Ahead 2007-09-29 16:18 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\Ahead 2007-09-23 16:16 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-23 08:16 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-21 17:41 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\teamspeak2 2007-09-21 17:41 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\teamspeak2 2007-09-21 16:49 --------- d-----w C:\Program Files\Realtek 2007-09-19 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-18 05:44 --------- d-----w C:\Program Files\Rockstar Games 2007-09-16 19:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-09-16 09:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-09-16 08:49 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-09-15 08:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Age of Empires 3 2007-09-13 11:34 --------- d-----w C:\Program Files\The All-Seeing Eye 2007-09-11 15:23 4,614,656 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-09-11 14:54 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-09-08 13:30 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\uTorrent 2007-09-08 13:30 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\uTorrent 2007-09-03 10:53 --------- d-----w C:\Program Files\TP 2007-08-31 18:47 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire 2007-08-27 17:07 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-08-25 18:16 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-08-20 06:33 --------- d-----w C:\Program Files\Your Uninstaller 2006 2007-08-20 06:08 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\URSoft 2007-08-20 06:08 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\URSoft 2007-08-18 06:14 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\gtopala 2007-08-18 06:14 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\gtopala 2007-08-17 07:39 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\DivX 2007-08-17 07:39 --------- d-----w C:\Documents and Settings\Czarny\Dane aplikacji\DivX 2007-08-12 12:46 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-08-03 11:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe 2007-07-30 20:51 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-07-26 16:06 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe 2007-07-26 15:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 20:36] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 10:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"=1 (0x1) "NoResolveSearch"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DualCoreCenter.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DualCoreCenter.lnk backup=C:\WINDOWS\pss\DualCoreCenter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "MDM"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" /tray "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RTHDCPL"=RTHDCPL.EXE R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.05\RivaTuner32.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 kbeepm;kbeepm;\??\C:\DOCUME~1\Czarny\USTAWI~1\Temp\kbeepm.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S4 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-10-12 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-10-14 17:06:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-17 16:50:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-17 16:51:33 - machine was rebooted . --- E O F ---