ComboFix 07-11-08.1 - wujek 2007-11-13 2:15:26.1 - NTFSx86 Running from: C:\Documents and Settings\wujek\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 02:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 00:43 d-------- C:\WINDOWS\ERUNT 2007-11-13 00:23 d-------- C:\Documents and Settings\wujek\Dane aplikacji\Simply Super Software 2007-11-13 00:23 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-11-13 00:23 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-11-13 00:23 3,440 --a------ C:\WINDOWS\undo.reg 2007-11-13 00:22 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-11-13 00:21 d-------- C:\Program Files\K-Lite Codec Pack 2007-11-13 00:21 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-11-13 00:21 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-13 00:21 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-11-13 00:21 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-13 00:21 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-13 00:21 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-11-13 00:21 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-13 00:15 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-11-12 22:46 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2007-11-12 22:46 d-------- C:\Documents and Settings\Administrator\Ulubione 2007-11-12 22:46 d--h----- C:\Documents and Settings\Administrator\Szablony 2007-11-12 22:46 d-------- C:\Documents and Settings\Administrator\Pulpit 2007-11-12 22:46 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2007-11-12 22:46 dr------- C:\Documents and Settings\Administrator\Menu Start 2007-11-12 22:46 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2007-11-12 22:44 1,006 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-12 22:39 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-12 22:39 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-11-12 17:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-11-10 23:00 d-------- C:\Documents and Settings\wujek\dwhelper 2007-11-08 13:30 d-------- C:\Documents and Settings\wujek\Dane aplikacji\CyberLink 2007-11-08 13:30 d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-11-08 13:26 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-06 11:37 d-------- C:\Documents and Settings\wujek\.gimp-1.2 2007-11-06 11:09 d-------- C:\Documents and Settings\wujek\Dane aplikacji\XnView 2007-11-01 15:27 d-------- C:\Documents and Settings\wujek\Dane aplikacji\Axialis 2007-11-01 15:26 d-------- C:\Program Files\Axialis 2007-10-31 00:02 d-------- C:\Program Files\Raxco 2007-10-31 00:02 d-------- C:\Program Files\Common Files\Raxco 2007-10-31 00:02 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Raxco 2007-10-29 22:55 d-------- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA 2007-10-29 22:54 d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-10-29 14:58 24 --a------ C:\WINDOWS\popcinfo.dat 2007-10-29 14:51 d-------- C:\Program Files\PopCap Games 2007-10-28 20:37 d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH 2007-10-28 20:36 d-------- C:\Documents and Settings\wujek\Dane aplikacji\GRETECH 2007-10-28 19:40 d-------- C:\Documents and Settings\wujek\Dane aplikacji\uTorrent 2007-10-28 17:40 d-------- C:\WINDOWS\Sun 2007-10-28 16:14 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-10-28 16:13 d-------- C:\Program Files\Microsoft Works 2007-10-28 16:12 d-------- C:\Program Files\Microsoft.NET 2007-10-28 16:09 d-------- C:\WINDOWS\SHELLNEW 2007-10-28 16:09 d-------- C:\Program Files\Microsoft Office 2007 2007-10-28 16:09 dr-h----- C:\MSOCache 2007-10-28 16:09 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-10-28 15:41 d-------- C:\Program Files\SkanerOnline 2007-10-27 13:57 d-------- C:\Documents and Settings\wujek\Dane aplikacji\Gadu-Gadu 2007-10-27 13:42 d-------- C:\Documents and Settings\wujek\Gadu-Gadu 2007-10-26 15:21 d-------- C:\Documents and Settings\wujek\Dane aplikacji\SiteAdvisor 2007-10-26 15:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor 2007-10-26 15:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2007-10-26 12:58 d-------- C:\Program Files\Winamp 2007-10-26 12:55 d-------- C:\Documents and Settings\wujek\Dane aplikacji\Ahead 2007-10-26 12:55 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-26 12:54 d-------- C:\Program Files\Common Files\Ahead 2007-10-26 12:54 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-10-26 12:23 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 12:16 d-------- C:\Program Files\Common Files\EZB Systems 2007-10-26 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-10-26 12:11 d-------- C:\Kodeki 2007-10-26 12:07 d-------- C:\Internet 2007-10-26 12:06 d-------- C:\Program Files\Java 2007-10-26 12:06 d-------- C:\Program Files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 01:17 8,141,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-13 01:17 293,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-13 01:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-11-13 01:11 30,404 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-13 01:11 121,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-10 21:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 12:36 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-10-26 12:36 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-10-26 12:16 --------- d-----w C:\Program Files\Thomson 2007-10-26 12:15 --------- d-----w C:\Documents and Settings\wujek\Dane aplikacji\Grisoft 2007-10-26 12:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-10-26 12:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-10-26 12:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-26 11:26 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-10-26 10:55 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-26 10:38 --------- d-----w C:\Program Files\AMD 2007-10-26 10:30 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-26 10:30 --------- d-----w C:\Program Files\Common Files\NVIDIA Shared 2007-10-26 10:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-26 10:23 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-26 10:22 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26] "nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe] "SmcService"="C:\Internet\Firewall\smc.exe" [2004-08-13 18:05] "!AVG Anti-Spyware"="C:\Internet\Anty Spyware\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "AVP"="C:\Internet\Antyvirus\Kasper\avp.exe" [2007-06-28 11:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="D:\Program Files\Wirtualne Dyski\Alcohol\Alcohol 120\axcmd.exe" [2007-07-02 11:29] R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\Program Files\Wirtualne Dyski\UltraISO\UltraISO\drivers\ISODrive.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 02:17:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 2:18:16 . --- E O F ---