ComboFix 08-01-04.1 - Margaretta 2008-01-05 17:52:01.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.60 [GMT 1:00]
Running from: D:\Downloads\ComboFix.exe
 * Created a new restore point
.
[i] ADS - explorer.exe: deleted 3758396 bytes in 7 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3456346345643.exe

.
(((((((((((((((((((((((((   Files Created from 2007-12-05 to 2008-01-05  )))))))))))))))))))))))))))))))
.

2008-01-05 17:51 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 17:59	---------	d-----w	C:\Documents and Settings\Margaretta\Dane aplikacji\AdobeUM
2007-12-13 15:47	---------	d-----w	C:\Documents and Settings\Margaretta\Dane aplikacji\XCPCSync.OEM
2007-12-13 15:32	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-12 16:39	1,033,728	----a-w	C:\WINDOWS\explorer.exe
2007-11-30 14:11	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Norbyte
2007-11-30 13:56	---------	d-----w	C:\Documents and Settings\Margaretta\Dane aplikacji\Norbyte
2007-10-20 12:47	81,920	----a-w	C:\Documents and Settings\Margaretta\Dane aplikacji\ezpinst.exe
2007-10-20 12:47	47,360	----a-w	C:\Documents and Settings\Margaretta\Dane aplikacji\pcouffin.sys
2007-10-19 18:23	131,072	----a-w	C:\WINDOWS\system32\SpoonUninstall.exe
2006-02-07 12:39	8	--sha-w	C:\WINDOWS\system32\6EDE297414.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 14:03 2396160]
"SoundMan"=" SOUNDMAN.EXE" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BoostSpeed"="D:\Program Files\AusLogics BoostSpeed\boostspeed.exe" [2005-02-11 10:46 1170944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-01-07 15:55 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 11:32 188416]
"mks_mail"="D:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 04:06 520192]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 20:00 315392]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"MKSRegmon"="D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 04:06 303104]
"mkstray"="D:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-09 11:23 663552]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-18 20:02:26]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - D:\Program Files\Photo Express\CalCheck.exe [2005-08-17 16:17:35]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2005-09-02 18:34:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]
R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys [2007-05-24 04:06]
R1 mksfwallt;mksfwallt;C:\WINDOWS\system32\mksfwallt.sys [2007-05-24 04:06]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]
R2 MksFwall;MksFwall;"D:\Program Files\mks_vir_2007\bin\MksFwall.exe" [2007-05-24 04:06]
R2 MksPC;MksPC;"D:\Program Files\mks_vir_2007\bin\MksPC.exe" [2007-05-24 04:06]
R2 MksUpdate;MksUpdate;"D:\Program Files\mks_vir_2007\bin\mksupdate.exe" [2007-05-24 04:06]
R2 mp3mplus;mp3mplus;C:\WINDOWS\system32\drivers\mp3mplus.sys [2006-03-13 19:26]
R3 mksfwallf;mksfwallf;C:\WINDOWS\system32\mksfwallf.sys [2007-05-24 04:06]
R3 mksidsf;mksidsf;C:\WINDOWS\system32\mksidsf.sys [2007-05-24 04:06]
R3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
R3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
R3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-06-28 14:07]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 MksMonEn;MksMonEn;D:\Program Files\mks_vir_2007\bin\MksMonEn.sys [2007-08-12 09:50]
S3 MksMonEv;MksMonEv;D:\Program Files\mks_vir_2007\bin\MksMonEv.sys [2007-05-24 04:06]
S3 MksMonFd;MksMonFd;D:\Program Files\mks_vir_2007\bin\MksMonFd.sys [2007-05-24 04:06]
S3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

*Newly Created Service* - PROCEXP90 
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 17:56:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------- 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\Program Files\mks_vir_2007\bin\mkslsp.dll
.
Completion time: 2008-01-05 17:58:51
ComboFix-quarantined-files.txt  2008-01-05 16:58:42