ComboFix 07-10-23.1 - Tongpu 2007-10-24 7:38:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.262 [GMT 1:00]
Running from: D:\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.
2007-10-24 07:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 07:08
d-------- C:\Program Files\K-Lite Codec Pack
2007-10-24 07:08 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-24 06:28 d-------- C:\Program Files\Lavasoft
2007-10-24 06:28 d-------- C:\Documents and Settings\Tongpu\Dane aplikacji\Lavasoft
2007-10-24 06:25 d--h----- C:\WINDOWS\PIF
2007-10-24 04:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 04:22 1,236,992 --a------ C:\WINDOWS\system32\wltray.exe
2007-10-24 04:22 1,093,632 --a------ C:\WINDOWS\system32\bcmwltry.exe
2007-10-24 04:22 180,224 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2007-10-24 04:22 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-10-24 04:22 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2007-10-24 04:22 18,944 --a------ C:\WINDOWS\system32\wltrysvc.exe
2007-10-24 04:21 d-------- C:\Program Files\Belkin
2007-10-24 04:16 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-24 04:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-10-24 04:15 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-24 04:14 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-24 04:14 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-24 04:14 36,425 --a------ C:\WINDOWS\system32\drivers\smcirda.sys
2007-10-24 04:14 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-24 04:14 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-24 04:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-24 04:14 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-10-24 04:13 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-10-24 04:13 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2007-10-24 04:13 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-24 04:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-24 04:13 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-10-24 04:13 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-10-24 04:13 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-10-24 04:13 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-10-24 04:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-24 04:12 d--hs---- C:\WINDOWS\system32\driver32\ldf
2007-10-24 04:12 d--hs---- C:\WINDOWS\system32\driver32
2007-10-24 04:12 d-------- C:\Program Files\ToniArts
2007-10-24 04:12 20,480 --ahs---- C:\WINDOWS\system32\SP00LSV.EXE
2007-10-24 04:10 d-------- C:\Program Files\ATI Technologies
2007-10-24 04:08 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-24 04:08 d-------- C:\Program Files\Common Files\InstallShield
2007-10-24 04:07 d--hs---- C:\WINDOWS\Installer
2007-10-24 04:07 d--hs---- C:\Program Files\Internet Explore
2007-10-24 04:07 dr------- C:\Program Files
2007-10-24 04:07 5,632 --ahs---- C:\WINDOWS\system32\ccPrxy.exe
2007-10-24 04:04 dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Ulubione
2007-10-24 04:04 d--h----- C:\Documents and Settings\Default User\Szablony
2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Pulpit
2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-10-24 04:04 dr------- C:\Documents and Settings\Default User\Menu Start
2007-10-24 04:04 d-------- C:\Documents and Settings\All Users\Ulubione
2007-10-24 04:04 d--h----- C:\Documents and Settings\All Users\Szablony
2007-10-24 04:04 d-------- C:\Documents and Settings\All Users\Pulpit
2007-10-24 04:04 dr------- C:\Documents and Settings\All Users\Menu Start
2007-10-24 04:04 dr------- C:\Documents and Settings\All Users\Dokumenty
2007-10-24 04:03 d-------- C:\WINDOWS\system32\CatRoot2
2007-10-24 04:03 d-------- C:\WINDOWS\system32\CatRoot
2007-10-24 04:03 dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-10-24 04:03 dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2007-10-24 04:02 d--h----- C:\Documents and Settings\Tongpu\Ustawienia lokalne
2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Ulubione
2007-10-24 04:02 d--h----- C:\Documents and Settings\Tongpu\Szablony
2007-10-24 04:02 d-------- C:\Documents and Settings\Tongpu\Pulpit
2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Moje dokumenty
2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Menu Start
2007-10-24 04:02 dr-h----- C:\Documents and Settings\Tongpu\Dane aplikacji
2007-10-24 04:00 d---s---- C:\WINDOWS\system32\Microsoft
2007-10-24 04:00 d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2007-10-24 04:00 d-------- C:\Documents and Settings\LocalService\Dane aplikacji
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 02:47 9,216 --sha-w C:\WINDOWS\sy.exe
2007-10-24 02:47 5,632 --sha-w C:\WINDOWS\ldup.exe
2007-10-24 02:47 20,480 --sha-w C:\WINDOWS\ld.exe
2007-10-24 02:44 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 21:00]
"ccPrxy.exe"="ccPrxy.exe" [2007-10-24 03:47 C:\WINDOWS\system32\ccPrxy.exe]
"SP00LSV.EXE"="SP00LSV.EXE" [2007-10-24 03:47 C:\WINDOWS\system32\SP00LSV.EXE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
C:\Documents and Settings\Tongpu\Menu Start\Programy\Autostart\
Update.exe [2007-10-24 03:47:14]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Auto\command - F:\infrom.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
*Newly Created Service* - BCMLOGON
*Newly Created Service* - CATCHME
*Newly Created Service* - HTTPFILTER
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 07:43:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-24 7:45:52
.
--- E O F ---