ComboFix 07-11-01.1 - Mariusz 2007-11-03 19:10:47.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.56 [GMT 1:00] Running from: D:\instalki\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))) . 2007-11-03 19:10 374,784 --a------ C:\WINDOWS\system32\m2n1.exe 2007-11-03 19:06 374,784 -r-hsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe 2007-11-03 19:05 394,240 -r-hs---- C:\WINDOWS\system\msnrav.exe 2007-11-03 19:04 574,464 -r-hs---- C:\WINDOWS\system32\directxx.exe 2007-11-03 19:04 394,240 --a------ C:\WINDOWS\system32\fu1.exe 2007-11-03 18:33 d-------- C:\WINDOWS\ERUNT 2007-11-03 18:27 d-------- C:\VundoFix Backups 2007-11-03 16:50 d-------- C:\Program Files\Real Alternative 2007-11-03 16:50 d-------- C:\Program Files\Media Player Classic 2007-11-02 20:11 d-------- C:\WINDOWS\ShellNew 2007-11-02 17:36 d-------- C:\Program Files\Alcohol Toolbar 2007-11-02 17:36 d-------- C:\Program Files\Alcohol Soft 2007-11-02 17:36 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_6136.exe 2007-11-02 17:33 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-02 15:59 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-02 15:59 274,432 --a------ C:\WINDOWS\system32\imon.dll 2007-11-02 15:02 d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Ahead 2007-11-02 15:00 d-------- C:\Program Files\Nero 2007-11-02 15:00 d-------- C:\Program Files\Common Files\Ahead 2007-11-02 14:50 d-------- C:\direct 2007-11-02 13:41 d---s---- C:\WINDOWS\system32\Microsoft 2007-11-02 13:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-02 12:44 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-11-02 12:44 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll 2007-11-02 12:40 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-11-02 12:40 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-11-02 12:40 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-11-02 12:40 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-11-02 12:40 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-11-02 12:40 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-11-02 12:40 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-11-02 12:30 d-------- C:\Program Files\Trend Micro 2007-11-02 12:06 d-------- C:\Program Files\SkanerOnline 2007-11-02 12:05 d---s---- C:\Documents and Settings\Mariusz\UserData 2007-11-02 11:59 d-------- C:\WINDOWS\pss 2007-10-30 16:29 115,200 --a------ C:\qkqmj.exe 2007-10-29 17:12 20,480 --a------ C:\etwquq.exe 2007-10-23 19:50 20,992 --a------ C:\WINDOWS\system32\azkrsy.exe 2007-10-23 17:19 90,112 --a------ C:\WINDOWS\system32\crehcjid.dll 2007-10-23 17:19 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys 2007-10-23 12:34 4 --a------ C:\WINDOWS\system32\linkh323.dat 2007-10-22 18:42 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-10-22 18:42 24,832 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-10-22 18:36 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-10-22 18:35 d-------- C:\Program Files\Hewlett-Packard 2007-10-22 16:32 d-------- C:\Program Files\Ares 2007-10-22 16:28 24,576 --a------ C:\WINDOWS\system32\iuenadva.exe 2007-10-22 12:38 d-------- C:\Program Files\Opera 2007-10-22 12:01 d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Gadu-Gadu 2007-10-22 11:58 d-------- C:\Program Files\Gadu-Gadu 2007-10-22 11:58 d-------- C:\Documents and Settings\Mariusz\Gadu-Gadu 2007-10-22 11:20 d-------- C:\Program Files\Alwil Software 2007-10-22 11:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-22 11:20 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-22 11:20 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-22 11:14 4 --a------ C:\WINDOWS\system32\sdfixwcs.dll 2007-10-22 11:11 411,648 --ahsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe(1).VIR 2007-10-22 11:08 253,008 --a------ C:\WINDOWS\adirasx64.exe 2007-10-22 11:08 194,128 --a------ C:\WINDOWS\adiras.exe 2007-10-22 11:08 169,496 --a------ C:\WINDOWS\system32\drivers\adiusbawx64.sys 2007-10-22 11:08 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-10-22 11:08 146,968 --a------ C:\WINDOWS\system32\drivers\e4usbawx64.sys 2007-10-22 11:08 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-10-22 11:08 118,552 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-10-22 11:08 104,344 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-10-22 11:07 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-22 11:06 d-------- C:\Program Files\SAGEM 2007-10-22 11:06 d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\InstallShield 2007-10-21 23:28 d--h----- C:\Documents and Settings\Mariusz\Ustawienia lokalne 2007-10-21 23:28 dr------- C:\Documents and Settings\Mariusz\Ulubione 2007-10-21 23:28 d--h----- C:\Documents and Settings\Mariusz\Szablony 2007-10-21 23:28 d-------- C:\Documents and Settings\Mariusz\Pulpit 2007-10-21 23:28 dr------- C:\Documents and Settings\Mariusz\Moje dokumenty 2007-10-21 23:28 dr------- C:\Documents and Settings\Mariusz\Menu Start 2007-10-21 23:28 dr-h----- C:\Documents and Settings\Mariusz\Dane aplikacji 2007-10-21 23:27 d--h----- C:\Documents and Settings\NetworkService\Ustawienia lokalne 2007-10-21 23:27 d-------- C:\Documents and Settings\NetworkService\Dane aplikacji 2007-10-21 23:27 d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne 2007-10-21 23:27 d-------- C:\Documents and Settings\LocalService\Dane aplikacji 2007-10-21 23:27 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-10-21 23:27 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys 2007-10-21 23:27 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-10-21 23:27 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-10-21 23:27 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-10-21 23:27 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-10-21 23:27 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys 2007-10-21 23:27 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-10-21 23:25 dr------- C:\Program Files 2007-10-21 23:24 dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2007-10-21 23:24 d-------- C:\Documents and Settings\Default User\Ulubione 2007-10-21 23:24 d--h----- C:\Documents and Settings\Default User\Szablony 2007-10-21 23:24 d-------- C:\Documents and Settings\Default User\Pulpit 2007-10-21 23:24 d-------- C:\Documents and Settings\Default User\Moje dokumenty 2007-10-21 23:24 dr------- C:\Documents and Settings\Default User\Menu Start 2007-10-21 23:24 d-------- C:\Documents and Settings\All Users\Ulubione 2007-10-21 23:24 d--h----- C:\Documents and Settings\All Users\Szablony 2007-10-21 23:24 d-------- C:\Documents and Settings\All Users\Pulpit 2007-10-21 23:24 dr------- C:\Documents and Settings\All Users\Menu Start 2007-10-21 23:24 dr------- C:\Documents and Settings\All Users\Dokumenty 2007-10-21 23:23 d-------- C:\WINDOWS\system32\CatRoot2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-29 16:34 12,800 ----a-w C:\WINDOWS\system32\svchost.exe 2007-10-22 10:09 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-10-21 21:43 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-21 21:40 --------- d-----w C:\Program Files\Us³ugi online . ((((((((((((((((((((((((((((( snapshot_2007-11-02_16.51.17,66 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-02 21:37:01 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-11-03 17:34:11 1,355,776 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-11-03 17:34:11 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2007-11-02 21:37:01 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-11-03 17:34:04 1,355,776 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-11-03 17:34:04 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2007-11-02 16:54:41 585,791 ----a-w C:\WINDOWS\gmer.dll + 2007-06-29 08:38:18 581,632 ----a-w C:\WINDOWS\gmer.exe + 2007-11-02 19:17:07 167,936 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\accicons.exe + 2007-11-02 19:17:07 81,920 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\fpicon.exe + 2007-11-02 19:17:06 34,304 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\misc.exe + 2007-11-02 19:17:07 8,192 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2007-11-02 19:17:07 3,584 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2007-11-02 19:17:07 114,688 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2007-11-02 19:17:07 16,384 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2007-11-02 19:17:07 30,720 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2007-11-02 19:17:07 22,528 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2007-11-02 19:17:06 45,056 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2007-11-02 19:17:06 90,112 ----a-r C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2001-01-22 02:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL - 2007-10-22 10:16:29 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-03 18:10:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-02 15:50:12 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat + 2007-11-03 18:10:42 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat - 2007-10-22 10:16:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2007-11-03 18:10:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-10-22 10:16:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-11-03 18:10:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-11-02 16:54:41 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys + 1999-10-18 03:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL + 1999-10-18 03:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL - 2007-10-21 21:48:41 93,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2007-11-03 10:10:39 118,152 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 1999-01-28 16:42:40 521,856 ----a-w C:\WINDOWS\system32\MAPI.DLL + 1999-04-14 14:07:34 39,184 ----a-w C:\WINDOWS\system32\MAPISRVR.EXE + 1999-04-08 10:23:34 53,248 ----a-w C:\WINDOWS\system32\MFC42PLK.DLL + 2000-06-02 15:48:46 427,520 ----a-w C:\WINDOWS\system32\MPG4C32.DLL + 1999-06-04 14:22:38 7,680 ----a-w C:\WINDOWS\system32\MSPRPPL.DLL + 2000-05-11 12:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL + 2000-05-24 05:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL + 1998-08-09 18:07:34 94,208 ----a-w C:\WINDOWS\system32\MSSTKPRP.DLL + 2000-06-02 15:51:02 84,480 ----a-w C:\WINDOWS\system32\NSCMPS.DLL + 2000-06-02 15:51:50 34,240 ----a-w C:\WINDOWS\system32\NSERROR.DLL + 1998-12-09 02:53:58 212,480 ----a-w C:\WINDOWS\system32\PCDLIB32.DLL + 2001-06-23 00:31:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll + 1998-03-26 03:57:34 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll + 1998-05-12 19:36:44 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll + 2000-04-03 16:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL + 2005-04-06 22:52:06 176,167 ----a-w C:\WINDOWS\system32\rmoc3260.dll + 1998-03-25 04:54:08 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL + 1999-11-25 01:40:50 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 10:50] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-02 15:58] "Windows Firewall Updater"="directxx.exe" [2007-11-03 19:05 C:\WINDOWS\system32\directxx.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 22:54] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Windows Firewall Updater"=directxx.exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-22 11:08:02] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid] crehcjid.dll 2007-10-23 17:19 90112 C:\WINDOWS\system32\crehcjid.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hØ ] hØ  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ø`P] ø`P [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\€P] €P [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= e1.dll R2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" R2 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe" R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys R3 NtApm;Sterownik interfejsu NT Apm/Legacy;C:\WINDOWS\System32\DRIVERS\NtApm.sys S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys S2 FFI;FFI;C:\WINDOWS\System32\svchost.exe:exm.exe *Newly Created Service* - DISTRIBUTED_ALLOCATED_MEMORY_UNIT *Newly Created Service* - MSN_RAV . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 19:11:36 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI] "ImagePath"="C:\WINDOWS\System32\svchost.exe:exm.exe" . Completion time: 2007-11-03 19:12:43 C:\ComboFix2.txt ... 2007-11-02 13:53 C:\ComboFix3.txt ... 2007-11-02 13:44 . --- E O F ---