ComboFix 07-09-14.2 - "Dom" 2007-09-15 21:14:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.247 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1.\autorun.exe
C:\DOCUME~1\Dom\DANEAP~1\tmp12B.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmp14.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmp7.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmp9.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmpA.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmpC.tmp.exe
C:\DOCUME~1\Dom\DANEAP~1\tmpD.tmp.exe
C:\DOCUME~1\Dom\err.log
C:\DOCUME~1\Dom\MENUST~1\Programy\AUTOST~1\system.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\ssttst.dll
C:\WINDOWS\system32\dna831d801.dat
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\btcusb.inf
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\tsttss.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_WINNOTIFY
-------\Winnotify
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 21:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 22:51 <DIR> d-------- C:\Program Files\SkanerOnline
2007-09-14 00:11 <DIR> d-------- C:\WINDOWS\pss
2007-09-13 19:04 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\DANEAP~1\ArcaBit
2007-09-13 19:04 <DIR> d-------- C:\WINDOWS\speech
2007-09-13 19:04 <DIR> d-------- C:\Program Files\Setup
2007-09-13 19:04 <DIR> d-------- C:\Program Files\RadLinker
2007-09-13 19:04 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\Help
2007-09-13 18:31 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Ulubione
2007-09-05 19:36 1,159,168 --a------ C:\WINDOWS\system32\config\SYSTEM~1\NTUSER(2).DAT
2007-09-02 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Bluetooth
2007-08-31 17:35 18,488,163 --a------ C:\rad_w2kxp_omega_2590.exe
2007-08-28 16:30 3,663,208 --a------ C:\BSINSTALLPL_(
www.programs.pl).exe
2007-08-24 20:14 35,927,524 --a------ C:\Ivona_Demo-1.0-7_Install.exe
2007-08-24 20:14 <DIR> d-------- C:\Program Files\ivo
2007-08-20 19:39 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\ArcaBit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WINDOWS\system32\mswsock.dll ... is infected !! C:\WINDOWS\system32\drivers\tcpip.sys ... is infected !! (additional data below) ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
"SpeedTouch USB Diagnostics"="C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 10:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-07-03 01:37]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 10:37:26]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-10 13:55:56]
C:\DOCUME~1\Dom\MENUST~1\Programy\AUTOST~1\
UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2006-03-06 16:55:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2004-10-01 20:34 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\125866]
125866.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-07-09 21:27:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 21:23:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\cmd.exe [2688] 0x8154F020
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 21:26:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 21:26
.
--- E O F ---
- http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
spokojnie hehe :*
