ComboFix 07-10-25.4 - a 2007-10-25 19:29:43.5 - [color=red][b]FAT32[/b][/color]x86 Running from: C:\Program Files\HiJackThis\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\f3PSSavr.scr . ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-25 09:03 d-------- C:\Program Files\Lavasoft 2007-10-23 19:51 d-------- C:\Program Files\Fotosik Manager 2007-10-23 10:50 d--hs---- C:\FOUND.003 2007-10-21 16:47 d-------- C:\Documents and Settings\a\Dane aplikacji\Zylom 2007-10-21 16:43 d-------- C:\Program Files\Zylom Games 2007-10-21 16:43 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Zylom 2007-10-15 08:13 dr-h----- C:\Documents and Settings\a\Dane aplikacji\SecuROM 2007-10-15 07:58 d-------- C:\Program Files\DAEMON Tools 2007-10-14 10:55 d-------- C:\Program Files\ReflexiveArcade 2007-10-13 12:03 d-------- C:\Program Files\PLANET WL-8310 2007-10-13 11:58 411,680 -ra------ C:\WINDOWS\system32\drivers\ar5211.sys 2007-10-11 13:13 d--hs---- C:\FOUND.002 2007-10-10 14:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-09-29 10:36 d-------- C:\Documents and Settings\a\Dane aplikacji\Media Player Classic 2007-09-29 10:36 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-09-29 10:35 d-------- C:\Program Files\K-Lite Codec Pack 2007-09-29 10:35 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-09-29 10:35 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-09-29 10:35 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-09-29 10:35 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-09-29 10:35 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-09-29 10:35 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-09-29 10:35 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-09-29 10:04 d-------- C:\Downloads 2007-09-28 20:36 d-------- C:\Documents and Settings\a\Dane aplikacji\TibiaTestserver 2007-09-28 14:06 d-------- C:\Program Files\TibiaTek Bot DevTeam . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-13 14:06 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-13 14:06 249,856 ------w C:\WINDOWS\Setup1.exe 2007-10-13 10:03 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys 2007-09-23 09:16 --------- d-----w C:\Documents and Settings\a\Dane aplikacji\Jane s Hotel 2007-09-19 21:46 --------- d-----w C:\Program Files\BearShare Applications 2007-09-19 21:31 --------- d-----w C:\Documents and Settings\a\Dane aplikacji\Azureus 2007-09-19 21:30 --------- d-----w C:\Program Files\Azureus 2007-09-19 20:51 --------- d-----w C:\Documents and Settings\a\Dane aplikacji\Tibia 2007-09-12 17:28 --------- d-----w C:\Program Files\Disc2Phone 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-22 13:19 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 13:19 661,504 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 13:19 616,448 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 13:19 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 13:19 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 13:19 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 13:19 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 13:19 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 13:19 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 13:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 13:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 13:19 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 13:19 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 13:19 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,055,744 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-05-23 19:42:24 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 04:01 C:\WINDOWS\SOUNDMAN.EXE] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\taskbaricon.exe" [2003-10-16 18:07] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="E:\CCleaner\ccleaner.exe" [2007-07-13 11:10] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-12-20 16:36:08] PLANET WL-8310 Configuration Utility.lnk - C:\Program Files\PLANET WL-8310\WLANPRO.exe [2007-10-13 12:03:08] Reg.lnk - C:\Program Files\PLANET WL-8310\Reg.exe [2007-10-13 12:03:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Menu Start^Programy^Autostart^Blaero Start Orb.lnk] backup=C:\WINDOWS\pss\Blaero Start Orb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "E:\Daemon\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\Nowy folder\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows] C:\WINDOWS\service.exe S1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys . Contents of the 'Scheduled Tasks' folder "2007-06-28 05:02:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 19:32:20 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 19:33:06 . --- E O F ---