ComboFix 07-10-23.1 - Tongpu 2007-10-24 16:06:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.304 [GMT 1:00] Running from: D:\Downloads\Logi - ochrona\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 09:23 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2007-10-24 09:20 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Lavasoft 2007-10-24 09:18 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-10-24 09:18 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-10-24 09:18 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-10-24 09:18 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-10-24 09:18 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-10-24 09:18 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-10-24 09:18 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-10-24 08:05 d-------- C:\Documents and Settings\Tongpu\Dane aplikacji\Media Player Classic 2007-10-24 07:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-24 07:08 d-------- C:\Program Files\K-Lite Codec Pack 2007-10-24 07:08 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-24 06:28 d-------- C:\Program Files\Lavasoft 2007-10-24 06:28 d-------- C:\Documents and Settings\Tongpu\Dane aplikacji\Lavasoft 2007-10-24 06:25 d--h----- C:\WINDOWS\PIF 2007-10-24 04:48 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-24 04:22 1,236,992 --a------ C:\WINDOWS\system32\wltray.exe 2007-10-24 04:22 1,093,632 --a------ C:\WINDOWS\system32\bcmwltry.exe 2007-10-24 04:22 180,224 --a------ C:\WINDOWS\system32\bcmwlu00.exe 2007-10-24 04:22 86,016 --a------ C:\WINDOWS\system32\preflib.dll 2007-10-24 04:22 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll 2007-10-24 04:22 18,944 --a------ C:\WINDOWS\system32\wltrysvc.exe 2007-10-24 04:21 d-------- C:\Program Files\Belkin 2007-10-24 04:16 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-24 04:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys 2007-10-24 04:15 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-10-24 04:14 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-10-24 04:14 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-10-24 04:14 36,425 --a------ C:\WINDOWS\system32\drivers\smcirda.sys 2007-10-24 04:14 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-10-24 04:14 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-10-24 04:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-10-24 04:14 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-10-24 04:13 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-10-24 04:13 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys 2007-10-24 04:13 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-10-24 04:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-10-24 04:13 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS 2007-10-24 04:13 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys 2007-10-24 04:13 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys 2007-10-24 04:13 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2007-10-24 04:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-10-24 04:12 d--hs---- C:\WINDOWS\system32\driver32\ldf 2007-10-24 04:12 d--hs---- C:\WINDOWS\system32\driver32 2007-10-24 04:12 d-------- C:\Program Files\ToniArts 2007-10-24 04:10 d-------- C:\Program Files\ATI Technologies 2007-10-24 04:08 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-24 04:08 d-------- C:\Program Files\Common Files\InstallShield 2007-10-24 04:07 d--hs---- C:\WINDOWS\Installer 2007-10-24 04:07 d--hs---- C:\Program Files\Internet Explore 2007-10-24 04:07 dr------- C:\Program Files 2007-10-24 04:04 dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Ulubione 2007-10-24 04:04 d--h----- C:\Documents and Settings\Default User\Szablony 2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Pulpit 2007-10-24 04:04 d-------- C:\Documents and Settings\Default User\Moje dokumenty 2007-10-24 04:04 dr------- C:\Documents and Settings\Default User\Menu Start 2007-10-24 04:04 d-------- C:\Documents and Settings\All Users\Ulubione 2007-10-24 04:04 d--h----- C:\Documents and Settings\All Users\Szablony 2007-10-24 04:04 d-------- C:\Documents and Settings\All Users\Pulpit 2007-10-24 04:04 dr------- C:\Documents and Settings\All Users\Menu Start 2007-10-24 04:04 dr------- C:\Documents and Settings\All Users\Dokumenty 2007-10-24 04:03 d-------- C:\WINDOWS\system32\CatRoot2 2007-10-24 04:03 d-------- C:\WINDOWS\system32\CatRoot 2007-10-24 04:03 dr-h----- C:\Documents and Settings\Default User\Dane aplikacji 2007-10-24 04:03 dr-h----- C:\Documents and Settings\All Users\Dane aplikacji 2007-10-24 04:02 d--h----- C:\Documents and Settings\Tongpu\Ustawienia lokalne 2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Ulubione 2007-10-24 04:02 d--h----- C:\Documents and Settings\Tongpu\Szablony 2007-10-24 04:02 d-------- C:\Documents and Settings\Tongpu\Pulpit 2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Moje dokumenty 2007-10-24 04:02 dr------- C:\Documents and Settings\Tongpu\Menu Start 2007-10-24 04:02 dr-h----- C:\Documents and Settings\Tongpu\Dane aplikacji 2007-10-24 04:02 d-------- C:\Documents and Settings 2007-10-24 04:00 d---s---- C:\WINDOWS\system32\Microsoft 2007-10-24 04:00 d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne 2007-10-24 04:00 d-------- C:\Documents and Settings\LocalService\Dane aplikacji . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-24 02:44 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 21:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 16:10:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ...