ComboFix 07-10-20.6 - 007 2007-10-21 17:53:18.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.512 [GMT 2:00] Running from: C:\Mozilla\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))) . 2007-10-21 17:36 51,200 --a------ D:\WINDOWS\NirCmd.exe 2007-10-21 17:31 33,280 --a------ D:\WINDOWS\system32\drivers\AmdLLD.sys 2007-10-21 17:30 d-------- D:\WINDOWS\Downloaded Installations 2007-10-21 15:24 d-------- D:\WINDOWS\speech 2007-10-21 15:24 d-------- D:\WINDOWS\lhsp 2007-10-21 15:03 58,624 --a------ D:\WINDOWS\system32\drivers\redbook.sys 2007-10-21 15:03 25,856 --a------ D:\WINDOWS\system32\drivers\usbprint.sys 2007-10-21 15:03 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys 2007-10-21 15:02 77,312 --a------ D:\WINDOWS\system32\usbui.dll 2007-10-21 15:02 20,992 --a------ D:\WINDOWS\system32\drivers\RTL8139.sys 2007-10-21 15:01 dr------- D:\Program Files 2007-10-21 15:00 dr-h----- D:\Documents and Settings\Default User\Ustawienia lokalne 2007-10-21 15:00 d-------- D:\Documents and Settings\Default User\Ulubione 2007-10-21 15:00 d--h----- D:\Documents and Settings\Default User\Szablony 2007-10-21 15:00 d-------- D:\Documents and Settings\Default User\Pulpit 2007-10-21 15:00 d-------- D:\Documents and Settings\Default User\Moje dokumenty 2007-10-21 15:00 dr------- D:\Documents and Settings\Default User\Menu Start 2007-10-21 15:00 d-------- D:\Documents and Settings\All Users\Ulubione 2007-10-21 15:00 d--h----- D:\Documents and Settings\All Users\Szablony 2007-10-21 15:00 d-------- D:\Documents and Settings\All Users\Pulpit 2007-10-21 15:00 dr------- D:\Documents and Settings\All Users\Menu Start 2007-10-21 15:00 dr------- D:\Documents and Settings\All Users\Dokumenty . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-21 15:54 87,840 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-21 15:54 869,152 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2007-10-21 15:51 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-10-21 15:31 14,864 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2007-10-21 15:31 10,112 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-21 12:48 --------- d-----w D:\Documents and Settings\007\Dane aplikacji\Kerio 2007-10-21 12:45 --------- d--h--w D:\Program Files\InstallShield Installation Information 2007-10-21 12:39 --------- d-----w D:\Program Files\Microsoft.NET 2007-10-21 12:35 --------- d-----w D:\Program Files\Winamp 2007-10-21 12:33 --------- d-----w D:\Documents and Settings\007\Dane aplikacji\Media Player Classic 2007-10-21 12:20 --------- d-----w D:\Program Files\MarBit 2007-10-21 12:12 82,061 ----a-w D:\WINDOWS\system32\drivers\klick.dat 2007-10-21 12:12 81,549 ----a-w D:\WINDOWS\system32\drivers\klin.dat 2007-10-21 12:12 --------- d-----w D:\Program Files\Realtek 2007-10-21 12:08 --------- d-----w D:\Program Files\ATI Technologies 2007-10-21 11:53 315,392 ----a-w D:\WINDOWS\HideWin.exe 2007-10-21 11:53 --------- d-----w D:\Documents and Settings\007\Dane aplikacji\ATI 2007-10-21 11:43 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-10-21 11:40 --------- d-----w D:\Program Files\DIFX 2007-10-21 11:38 --------- d-----w D:\Documents and Settings\007\Dane aplikacji\Gadu-Gadu 2007-10-21 11:35 --------- d-----w D:\Program Files\Kaspersky Lab 2007-10-21 11:34 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-10-21 11:30 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-10-21 11:13 --------- d-----w D:\Program Files\microsoft frontpage 2007-10-21 11:11 --------- d-----w D:\Program Files\Usługi online 2007-09-28 16:07 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll 2007-09-28 16:05 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 739,840 ----a-w D:\WINDOWS\system32\divx.dll 2007-09-04 16:56 164,352 ----a-w D:\WINDOWS\system32\unrar.dll 2007-07-29 15:51 7,680 ----a-w D:\WINDOWS\system32\ff_vfw.dll 2007-07-25 13:24 1,559,040 ----a-w D:\WINDOWS\system32\xvidcore.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 D:\WINDOWS\RTHDCPL.EXE] "amd_dc_opt"="C:\Program Files\amd_dc_opt.exe" [2006-11-17 16:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R3 AmdLLD;AMD Low Level Device Driver;D:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys S3 kvpndev;Kerio VPN adapter;D:\WINDOWS\system32\DRIVERS\kvpndrv.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-21 17:54:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-21 17:55:21 . --- E O F ---