ComboFix 08-01-21.4 - mario 2008-01-22 11:33:58.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.754 [GMT 1:00]
Running from: C:\Documents and Settings\mario\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-22 to 2008-01-22  )))))))))))))))))))))))))))))))
.

2008-01-22 11:07 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-17 10:10 . 2008-01-18 14:46	276	--a------	C:\WINDOWS\system\cmicnfg.ini
2008-01-15 23:22 . 2008-01-15 23:22	<DIR>	d--------	C:\WINDOWS\Vbox
2008-01-15 23:22 . 2008-01-15 23:22	<DIR>	d--------	C:\Program Files\TI Education
2008-01-15 23:22 . 2008-01-16 00:27	524	--ah-----	C:\WINDOWS\system32\ws783973.ocx
2008-01-15 23:22 . 2008-01-16 00:27	524	--ah-----	C:\os582744.bin
2008-01-14 22:18 . 2008-01-14 22:18	400,864	--a------	C:\WINDOWS\system32\drivers\timntr.sys
2008-01-14 22:18 . 2008-01-14 22:18	120,992	--a------	C:\WINDOWS\system32\drivers\snapman.sys
2008-01-14 22:18 . 2008-01-14 22:18	32,768	--a------	C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-01-14 22:16 . 2008-01-14 22:51	<DIR>	d--------	C:\Program Files\Common Files\Seagate
2008-01-14 09:55 . 2008-01-14 17:52	91,492	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-01-14 09:55 . 2008-01-14 17:52	85,860	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-01-14 09:54 . 2008-01-14 09:54	<DIR>	d--------	C:\Program Files\Kaspersky Lab
2008-01-14 09:54 . 2008-01-22 11:35	2,431,776	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-14 09:54 . 2008-01-22 11:35	47,392	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-14 09:54 . 2008-01-22 11:28	37,316	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-14 09:54 . 2008-01-22 11:28	6,344	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 08:37 . 2008-01-14 08:37	15	--a------	C:\WINDOWS\Robot Office Common.ini
2008-01-14 01:12 . 2008-01-22 10:46	<DIR>	d--------	C:\Program Files\SkanerOnline
2008-01-13 14:12 . 2008-01-13 14:13	<DIR>	d--------	C:\wincmd
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\UC.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\RAR.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\PKZIP.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\PKUNZIP.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\NOCLOSE.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\LHA.PIF
2008-01-13 14:12 . 2000-06-30 04:50	545	--a------	C:\WINDOWS\ARJ.PIF
2008-01-13 14:12 . 2008-01-13 15:04	308	--a------	C:\WINDOWS\wincmd.ini
2008-01-12 20:42 . 2008-01-12 20:43	<DIR>	d--------	C:\Temp
2008-01-12 20:42 . 2008-01-12 20:42	4,608	--a------	C:\WINDOWS\system32\[u]0[/u]7R4YGG.DLL
2008-01-12 20:26 . 2008-01-12 20:26	<DIR>	d--------	C:\Program Files\Kiwi Software GmbH
2008-01-12 20:26 . 2008-01-12 20:25	118,272	---------	C:\WINDOWS\system32\nslms324.dll
2008-01-12 20:26 . 2008-01-12 20:25	100,864	---------	C:\WINDOWS\system32\sx32w.dll
2008-01-12 20:26 . 2008-01-12 20:25	78,336	---------	C:\WINDOWS\system32\ccmove32.dll
2008-01-12 20:26 . 2008-01-12 20:25	54,784	---------	C:\WINDOWS\system32\ccchng32.dll
2008-01-12 20:25 . 2008-01-12 20:43	<DIR>	d--------	C:\WINDOWS\KIWISOFT.LOC
2008-01-09 14:27 . 2008-01-20 19:42	1,760	--a------	C:\WINDOWS\fd_win.INI
2008-01-09 11:27 . 2008-01-14 08:40	<DIR>	d--------	C:\Program Files\OpenOffice.org 2.3
2008-01-09 01:51 . 2008-01-09 01:51	<DIR>	d--hs----	C:\found.000
2008-01-09 01:29 . 2008-01-09 01:29	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-01-01 23:34 . 2008-01-01 23:34	<DIR>	d--------	C:\Program Files\NAPI-PROJEKT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 09:50	---------	d-----w	C:\Program Files\BitComet
2008-01-22 09:45	---------	d-----w	C:\Program Files\VideoLAN
2008-01-21 21:59	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2008-01-17 13:55	---------	d-----w	C:\Program Files\ACAD2000
2008-01-14 21:51	---------	d-----w	C:\Program Files\Seagate
2008-01-14 07:39	---------	d-----w	C:\Program Files\eMule
2008-01-14 07:37	---------	d-----w	C:\Program Files\Common Files\RoboBAT
2008-01-14 07:35	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-12 19:41	---------	d-----w	C:\Program Files\Common Files\Autodesk Shared
2008-01-10 17:45	---------	d-----w	C:\Program Files\Soulseek
2008-01-09 10:18	---------	d-----w	C:\Program Files\MSECache
2008-01-09 00:19	---------	d-----w	C:\Program Files\Microsoft Office2007
2007-12-30 23:33	---------	d-----w	C:\Program Files\Real Alternative
2007-12-30 23:32	---------	d-----w	C:\Program Files\PDF Editor 2
2007-11-25 19:59	---------	d-----w	C:\Program Files\Hewlett-Packard
2007-11-07 09:29	723,968	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15 83968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 08:01 188416]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 17:51 148760]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 21:27:40 962660]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-11 17:43 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

R2 SG_Service;SoftGuard Service;C:\Program Files\Common Files\RbtProt\sgsrv.exe [2003-10-25 11:51]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01cdf9dc-668e-11dc-9da5-4d6564696130}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1569db96-69b3-11dc-9daa-4d6564696130}]
\Shell\AutoRun\command - G:\u.bat
\Shell\explore\Command - G:\u.bat
\Shell\open\Command - G:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1569dba6-69b3-11dc-9daa-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{530b5610-491b-11dc-aeca-806d6172696f}]
\Shell\AutoRun\command - F:\Bin\assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{647a1941-4e3c-11dc-9d74-4d6564696130}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1e8389a-c6c7-11dc-98c4-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 15:00:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-13 14:00:30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-13 14:14:26 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 11:35:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-22 11:36:16
.
2008-01-09 09:34:02	--- E O F ---