at3r

ComboFix 08-06-20.4 - at3r 2008-07-01  8:05:48.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.0.1250.1.1045.18.292 [GMT 2:00]Running from: C:\Documents and Settings\at3r\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED </strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\at3r\Ustawienia lokalne\Temporary Internet Files\ijjistarter_verinfo.datC:\WINDOWS\system32\lcss.exeC:\WINDOWS\system32\NSIS.Library.RegTool.v2.{4E0D6D56-7CB2-4E80-8A39-05C0FE3C95E7}.exe.(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  ))))))))))))))))))))))))))))))).2008-06-29 20:38 . 2008-06-29 20:38	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\Xfire2008-06-29 15:44 . 2008-06-29 15:56	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\GSC2008-06-29 15:10 . 2008-06-29 15:17	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-06-29 15:10 . 2008-06-17 15:14	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll2008-06-29 07:45 . 2008-07-01 08:05	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\Xfire2008-06-29 07:31 . 2008-06-29 07:31	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\InstallShield2008-06-26 22:10 . 2008-06-26 22:10	42,320	--a------	C:\WINDOWS\system32\xfcodec.dll2008-06-25 20:13 . 2008-06-25 20:13	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\Locktime2008-06-25 20:11 . 2008-06-25 20:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Locktime2008-06-24 06:56 . 2004-07-09 04:27	1,769,472	--a------	C:\WINDOWS\system32\dxdiagn.dll2008-06-21 12:43 . 2008-06-21 12:43	162	--a------	C:\ASWL2K.ini2008-06-21 12:42 . 2008-06-21 12:42	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-06-21 11:58 . 2008-06-21 11:58	<DIR>	d--------	C:\Program Files\ASUS2008-06-21 11:58 . 2006-02-21 17:23	525,824	--a------	C:\WINDOWS\system32\ASWL2K.exe2008-06-21 11:58 . 2004-05-06 12:21	496,640	--a------	C:\WINDOWS\system32\ASWLSVC.exe2008-06-21 11:58 . 2005-02-11 21:46	371,712	--a------	C:\WINDOWS\system32\drivers\BCMWL5.SYS2008-06-21 11:58 . 2004-05-07 18:57	159,827	--a------	C:\WINDOWS\system32\RemSvc.exe2008-06-21 11:58 . 2003-10-09 19:38	141,824	--a------	C:\WINDOWS\system32\ClientCpl.cpl2008-06-21 11:58 . 2002-09-09 21:01	61,440	--a------	C:\WINDOWS\system32\ASUSW32N50.dll2008-06-21 11:58 . 2008-06-21 11:58	20,747	--a------	C:\WINDOWS\system32\drivers\AegisP.sys2008-06-21 11:58 . 2002-09-09 19:54	16,269	--a------	C:\WINDOWS\system32\ASNDIS5.sys2008-06-21 11:58 . 2001-04-16 05:48	15,577	--a------	C:\WINDOWS\system32\ASNDIS3.vxd2008-06-17 14:15 . 2008-03-03 14:25	5,702	--ah-----	C:\WINDOWS\nod32restoretemdono.reg2008-06-17 14:15 . 2008-03-03 18:21	568	--ah-----	C:\WINDOWS\nod32fixtemdono.reg2008-06-17 14:14 . 2008-06-17 14:14	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\ESET2008-06-17 13:42 . 2008-06-17 13:42	0	-ra------	C:\WINDOWS\system32\TFTP32922008-06-17 13:26 . 2008-06-17 13:28	10,240	--a------	C:\WINDOWS\system32\setup_11455.exe2008-06-17 13:18 . 2008-06-17 13:19	23,040	--ah-----	C:\WINDOWS\system32\mkwlk.exe2008-06-17 13:17 . 2008-06-17 13:59	61	--a------	C:\WINDOWS\system32\i2008-06-17 13:16 . 2008-06-17 13:20	545,280	-ra------	C:\WINDOWS\system32\TFTP24402008-06-12 06:43 . 2008-06-12 06:43	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\Tibia2008-06-12 06:42 . 2006-06-26 02:49	1,867,776	--a------	C:\WINDOWS\system\python24.dll2008-06-12 05:56 . 2008-06-22 15:12	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-11 20:23 . 2008-06-11 20:23	<DIR>	d--hs----	C:\WINDOWS\ftpcache2008-06-11 19:52 . 1999-12-17 10:13	86,016	--a------	C:\WINDOWS\unvise32.exe2008-06-08 18:12 . 2008-06-08 18:12	<DIR>	d--------	C:\Program Files\Google2008-06-05 09:32 . 2008-06-29 15:56	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\foobar20002008-06-03 13:12 . 2008-06-22 11:39	300	--a------	C:\WINDOWS\wcx_ftp.ini2008-06-02 20:43 . 2008-06-12 20:37	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\gtk-2.02008-06-02 20:43 . 2008-06-02 20:43	<DIR>	d--------	C:\Documents and Settings\at3r\.thumbnails2008-06-02 20:42 . 2008-06-12 20:37	<DIR>	d--------	C:\Documents and Settings\at3r\.<a href="http://www.download.net.pl/354/GIMP/">gimp</a>-2.42008-06-02 19:38 . 2008-06-02 19:38	1,148	--a------	C:\WINDOWS\mozver.dat2008-06-02 16:30 . 2008-06-02 16:30	<DIR>	d--------	C:\WINDOWS\Sun2008-06-02 16:17 . 2008-06-02 16:17	<DIR>	d--------	C:\Documents and Settings\at3r\Dane aplikacji\Talkback.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-29 05:32	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-26 08:46	12,400	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys2008-06-24 19:09	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\TrackMania2008-06-21 09:57	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-19 05:28	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\mIRC2008-06-12 13:08	58,800	----a-w	C:\WINDOWS\system32\ijjiPlugin2.dll2008-06-10 16:05	---------	d-----w	C:\Program Files\Common Files\Adobe2008-05-31 16:52	---------	d-----w	C:\Program Files\XP Codec Pack2008-05-31 12:30	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\DivX2008-05-31 12:20	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\GRETECH2008-05-31 11:06	---------	d-----w	C:\Program Files\Java2008-05-31 11:03	---------	d-----w	C:\Program Files\Common Files\Java2008-05-31 11:00	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\teamspeak22008-05-30 14:24	---------	d--h--w	C:\Documents and Settings\at3r\Dane aplikacji\ijjigame2008-05-30 04:15	---------	d-----w	C:\Program Files\Common Files\INCA Shared2008-05-30 04:12	---------	d-----w	C:\Program Files\NHN USA2008-05-29 23:34	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\Winamp2008-05-29 22:22	---------	d-----w	C:\Documents and Settings\at3r\Dane aplikacji\MetaProducts2008-05-29 22:18	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-05-29 22:04	---------	d-----w	C:\Program Files\Razer_Pro_Solutions2008-05-29 22:00	---------	d-----w	C:\Program Files\Creative2008-05-29 21:55	---------	d-----w	C:\Program Files\ATI Technologies2008-05-29 21:50	---------	d-----w	C:\Program Files\Gigabyte2008-05-29 21:40	---------	d-----w	C:\Program Files\microsoft frontpage2008-05-29 21:39	---------	d-----w	C:\Program Files\Usługi online2008-05-28 04:06	80,896	----a-w	C:\WINDOWS\system32\dxdllreg.exe2008-05-26 20:33	60,273	----a-w	C:\WINDOWS\system32\pthreadGC2.dll2008-04-27 17:13	704,512	----a-w	C:\WINDOWS\system32\ijjiSetup.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]"Steam"="d:\programy\steam\steam.exe" [2008-05-30 00:41 1271032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2001-08-17 23:06 208949]"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2001-08-17 23:08 77824]"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-17 23:12 737360]"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-17 23:12 737360]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]"razer"="C:\Program Files\Razer_Pro_Solutions\razerhid.exe" [2005-09-21 15:36 143360]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]"egui"="D:\Programy\Nod32\egui.exe" [2008-02-20 11:06 1443072]"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 21:10 1667584][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]C:\Documents and Settings\at3r\Menu Start\Programy\Autostart\Xfire.lnk - D:\Programy\Xfire\xfire.exe [2008-06-26 22:10:40 3031376][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.ac3filter"= ac3filter.acm"vidc.ffds"= ffdshow.ax"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001R1 nltdi;nltdi;C:\WINDOWS\System32\drivers\nltdi.sys [2007-04-23 13:03]R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\System32\ASNDIS5.SYS [2002-09-09 19:54]R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 22:43]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 21:53]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 22:03]*Newly Created Service* - ASNDIS5*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-07-01 08:07:20Windows 5.1.2600  NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\Ati2evxx.dll.Completion time: 2008-07-01  8:07:44ComboFix-quarantined-files.txt  2008-07-01 06:07:39Pre-Run: 15,872,135,168 bajtów wolnychPost-Run: 16,969,629,696 bajtów wolnych150