ComboFix 08-05-01.3 - Administrator 2008-05-03 15:42:21.4 - [color=red][b]FAT32[/b][/color]x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.419 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Pulpit\cfscript.exe.txt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\WinData.cab . ---- Previous Run ------- . C:\Documents and Settings\Monia\Menu Start\Programy\Outerinfo C:\Documents and Settings\Monia\Menu Start\Programy\Outerinfo\Terms.lnk C:\Documents and Settings\Monia\Menu Start\Programy\Outerinfo\Uninstall.lnk C:\Documents and Settings\Monia\Moje dokumenty\SMBOLS~1 C:\Documents and Settings\Monia\Moje dokumenty\SMBOLS~1\w?auclt.exe C:\Program Files\inetget2 C:\Program Files\JavaCore C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\.exe C:\WINDOWS\system32\fccddbyw.dll C:\WINDOWS\system32\gmvi.dll C:\WINDOWS\system32\hjmnmnmp.ini C:\WINDOWS\system32\hjmnmnmp.ini2 C:\WINDOWS\system32\icroso~1 C:\WINDOWS\system32\icroso~1\?icrosoft\ C:\WINDOWS\system32\icroso~1\regedit.exe C:\WINDOWS\system32\opnklmjh.dll C:\WINDOWS\system32\opnllmki.dll C:\WINDOWS\system32\pmnmnmjh.dll C:\WINDOWS\system32\qlasyfvq.dll C:\WINDOWS\system32\qvfysalq.ini C:\WINDOWS\system32\tntvcxhd.dll C:\WINDOWS\system32\WinData.cab C:\WINDOWS\system32\WinNt32.dll . ((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))) . 2008-05-03 15:35 . 2008-05-03 15:45 1,161 --a------ C:\adware.exe 2008-05-03 15:34 . 2008-05-03 15:34 47,104 --a------ C:\WINDOWS\mrofinu1001186.exe 2008-05-03 15:27 . 2008-05-03 15:27 d-------- C:\WINDOWS\ERUNT 2008-05-03 15:26 . 2008-05-03 04:57 d-------- C:\SDFix 2008-05-03 14:39 . 2008-05-03 14:39 89,088 --ah----- C:\WINDOWS\system32\hqsw.exe 2008-05-03 14:35 . 2008-05-03 14:35 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-03 13:49 . 2008-04-30 17:34 d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-05-03 13:49 . 2008-04-30 17:34 d-------- C:\Documents and Settings\Administrator\Ulubione 2008-05-03 13:49 . 2008-04-30 17:34 d--h----- C:\Documents and Settings\Administrator\Szablony 2008-05-03 13:49 . 2008-04-30 17:34 d-------- C:\Documents and Settings\Administrator\Pulpit 2008-05-03 13:49 . 2008-04-30 17:34 d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-05-03 13:49 . 2008-04-30 17:34 dr------- C:\Documents and Settings\Administrator\Menu Start 2008-05-03 13:49 . 2008-05-03 13:49 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MxBoost 2008-05-03 13:49 . 2008-04-30 17:34 dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-05-03 13:49 . 2008-05-03 13:49 d-------- C:\Documents and Settings\Administrator 2008-05-03 13:49 . 2008-05-03 15:44 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-05-03 09:56 . 2008-05-03 09:56 0 --a------ C:\WINDOWS\BMabaad28c.xml 2008-05-03 09:55 . 2008-05-03 09:55 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2008-05-02 22:15 . 2008-05-02 22:15 d-------- C:\Program Files\SkanerOnline 2008-05-02 21:39 . 2008-05-02 21:39 d---s---- C:\WINDOWS\system32\Microsoft 2008-05-02 21:30 . 2008-05-02 21:30 d---s---- C:\Documents and Settings\Monia\UserData 2008-05-02 21:01 . 2008-05-02 21:01 63 --a------ C:\WINDOWS\system32\x 2008-05-02 15:22 . 2008-05-02 15:22 120,832 --ah----- C:\WINDOWS\system32\erqhclg.exe 2008-05-02 15:22 . 2008-05-02 15:23 113,588 --ah----- C:\WINDOWS\system32\xtbvuck.exe 2008-05-02 15:22 . 2008-05-02 15:23 72,096 --ah----- C:\WINDOWS\system32\uglskcqz.exe 2008-05-02 15:22 . 2008-05-02 15:23 69,632 --ah----- C:\WINDOWS\system32\anpfx.exe 2008-05-02 15:22 . 2008-05-02 15:23 68,152 --ah----- C:\WINDOWS\system32\xldo.exe 2008-05-02 15:22 . 2008-05-02 15:23 44,141 --ah----- C:\WINDOWS\system32\xdlzlngu.exe 2008-05-02 15:21 . 2008-05-02 15:21 120,832 --ah----- C:\WINDOWS\system32\xoybuynn.exe 2008-05-02 15:19 . 2008-05-02 15:20 120,832 --ah----- C:\WINDOWS\system32\ospm.exe 2008-05-02 15:18 . 2008-05-02 15:18 21,504 --a------ C:\WINDOWS\system32\hztxwe.exe 2008-05-02 15:17 . 2008-05-02 15:23 73,728 --ah----- C:\WINDOWS\system32\sinnpc.exe 2008-05-02 15:16 . 2008-05-02 15:23 52,736 --ah----- C:\WINDOWS\system32\rhdg.exe 2008-05-02 15:12 . 2008-05-02 15:12 51,200 --ah----- C:\WINDOWS\system32\ddds.exe 2008-05-02 15:12 . 2008-05-02 15:12 24,328 --ah----- C:\WINDOWS\system32\ilxwg.exe 2008-05-02 15:12 . 2008-05-02 15:12 120 --a------ C:\WINDOWS\system32\jmsarmx.bat 2008-05-02 15:10 . 2008-05-02 15:10 21,504 --a------ C:\WINDOWS\system32\hwal.exe 2008-05-02 15:08 . 2008-05-02 15:08 113,664 --ah----- C:\WINDOWS\system32\xbcm.exe 2008-05-02 15:06 . 2008-05-02 21:01 659,456 --a------ C:\WINDOWS\system32\hqghumea.dll 2008-05-02 15:04 . 2008-05-02 15:04 d--hs---- C:\FOUND.002 2008-05-02 15:02 . 2008-05-02 15:02 111,824 --ah----- C:\WINDOWS\system32\enlhzudj.exe 2008-05-02 15:02 . 2008-05-02 15:02 45,568 --ah----- C:\WINDOWS\system32\ebbngf.exe 2008-05-02 15:02 . 2008-05-02 15:02 21,504 --a------ C:\WINDOWS\system32\jtagc.exe 2008-05-02 14:59 . 2008-05-02 14:59 33,204 --ah----- C:\WINDOWS\system32\lmumug.exe 2008-05-02 14:59 . 2008-05-02 14:59 31,232 --ah----- C:\WINDOWS\system32\gsica.exe 2008-05-02 14:58 . 2008-05-02 14:58 1,179,648 ---hs---- C:\WINDOWS\system32\redyLive.exe 2008-05-02 14:58 . 2008-05-02 14:58 120,832 --ah----- C:\WINDOWS\system32\bowb.exe 2008-05-02 14:56 . 2008-05-02 14:56 21,504 --a------ C:\WINDOWS\system32\ftdcl.exe 2008-05-02 14:55 . 2008-05-02 14:56 120,832 --ah----- C:\WINDOWS\system32\xqazm.exe 2008-05-02 14:52 . 2008-05-02 14:52 112,128 --ah----- C:\WINDOWS\system32\mqsx.exe 2008-05-02 14:51 . 2008-05-02 14:52 40,448 --ah----- C:\WINDOWS\system32\lhxanlx.exe 2008-05-02 14:50 . 2008-05-02 14:52 94,644 --ah----- C:\WINDOWS\system32\xydsbp.exe 2008-05-02 14:49 . 2008-05-02 14:49 21,504 --a------ C:\WINDOWS\system32\joio.exe 2008-05-02 14:48 . 2008-05-02 14:52 108,544 --ah----- C:\WINDOWS\system32\pkxblow.exe 2008-05-02 14:48 . 2008-05-02 14:48 27,409 --a------ C:\WINDOWS\system32\kagcxsfi.exe 2008-05-02 14:45 . 2008-05-02 14:45 80,896 --ah----- C:\WINDOWS\system32\tejjdpf.exe 2008-05-02 14:45 . 2008-05-02 14:45 73,728 --ah----- C:\WINDOWS\system32\qnkdxgq.exe 2008-05-02 14:44 . 2008-05-02 14:45 85,276 --ah----- C:\WINDOWS\system32\yklhtym.exe 2008-05-02 14:42 . 2008-05-02 14:42 27,409 --a------ C:\WINDOWS\system32\pdbns.exe 2008-05-02 14:41 . 2008-05-02 14:41 21,504 --a------ C:\WINDOWS\system32\jvtgput.exe 2008-05-02 14:40 . 2008-05-02 14:45 49,664 --ah----- C:\WINDOWS\system32\chshl.exe 2008-05-02 14:39 . 2008-05-02 14:40 113,664 --ah----- C:\WINDOWS\system32\osxedg.exe 2008-05-02 14:39 . 2008-05-02 14:45 49,360 --ah----- C:\WINDOWS\system32\duywtcl.exe 2008-05-02 14:38 . 2008-05-02 14:38 149,504 --ah----- C:\WINDOWS\system32\mifmgmg.exe 2008-05-02 14:33 . 2008-05-02 14:33 56,832 --ah----- C:\WINDOWS\system32\lvcix.exe 2008-05-02 14:33 . 2008-05-02 14:33 46,592 --ah----- C:\WINDOWS\system32\ynytqar.exe 2008-05-02 14:33 . 2008-05-02 14:33 40,448 --ah----- C:\WINDOWS\system32\nuaw.exe 2008-05-02 14:33 . 2008-05-02 14:33 21,504 --a------ C:\WINDOWS\system32\exoxwacw.exe 2008-05-02 14:32 . 2008-05-02 14:33 125,952 --ah----- C:\WINDOWS\system32\ubaut.exe 2008-05-02 14:30 . 2008-05-02 14:30 d--hs---- C:\FOUND.001 2008-05-02 14:10 . 2008-05-02 14:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-02 14:10 . 2008-05-02 14:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-02 14:10 . 2008-05-02 14:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-02 14:10 . 2008-05-02 14:10 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-02 14:10 . 2008-05-02 14:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-02 14:10 . 2008-05-02 14:10 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-02 14:07 . 2001-10-26 19:30 543,744 --a------ C:\WINDOWS\system32\spider.exe 2008-05-02 14:07 . 2001-10-26 19:29 396,800 --a------ C:\WINDOWS\system32\mstsc.exe 2008-05-02 14:07 . 2001-10-26 19:29 351,744 --a------ C:\WINDOWS\system32\mspaint.exe 2008-05-02 14:07 . 2001-10-26 19:29 193,024 --a------ C:\WINDOWS\system32\accwiz.exe 2008-05-02 14:07 . 2001-10-26 19:29 137,728 --a------ C:\WINDOWS\system32\mshearts.exe 2008-05-02 13:57 . 2001-10-26 19:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-05-02 13:57 . 2001-10-26 19:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-05-01 18:54 . 2001-10-26 17:30 85,504 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax 2008-05-01 18:54 . 2001-10-26 17:30 55,808 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax 2008-05-01 18:54 . 2001-10-26 17:29 50,688 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2008-05-01 18:54 . 2001-10-26 17:30 38,912 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax 2008-05-01 18:53 . 2005-03-25 17:18 82,148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys 2008-05-01 18:53 . 2004-10-19 13:37 61,312 --a------ C:\WINDOWS\system32\drivers\VComm.sys 2008-05-01 18:53 . 2005-04-30 14:50 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys 2008-05-01 18:53 . 2005-05-31 15:40 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys 2008-05-01 18:53 . 2005-04-30 14:50 11,860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys 2008-05-01 18:09 . 2001-10-26 17:30 117,248 --------- C:\WINDOWS\system32\ksproxy.ax 2008-05-01 18:09 . 2001-08-17 22:07 83,712 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-05-01 18:09 . 2001-08-17 22:07 18,560 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-05-01 18:09 . 2001-08-17 22:07 16,256 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-05-01 18:09 . 2001-08-17 21:48 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-05-01 17:23 . 2008-05-01 17:23 d-------- C:\Program Files\Maxthon2 2008-05-01 16:53 . 2008-05-01 16:53 d-------- C:\Program Files\Gadu-Gadu 2008-05-01 10:16 . 2008-05-01 10:16 d-------- C:\WINDOWS\Sun 2008-05-01 09:17 . 2008-05-01 09:17 d--hs---- C:\FOUND.000 2008-05-01 02:21 . 14,976 C:\WINDOWS\system32\drivers\Ksy27.sys 2008-05-01 02:21 . 2008-05-01 23:31 14,976 --a------ C:\WINDOWS\system32\drivers\Ksy27(5).sys 2008-05-01 02:21 . 2008-05-02 14:20 14,976 --a------ C:\WINDOWS\system32\drivers\Ksy27(4).sys 2008-05-01 02:21 . 2008-05-02 14:26 14,976 --a------ C:\WINDOWS\system32\drivers\Ksy27(3).sys 2008-05-01 02:21 . 2008-05-02 14:26 14,976 --a------ C:\WINDOWS\system32\drivers\Ksy27(2).sys 2008-05-01 02:21 . 2008-05-02 14:31 10,240 --a------ C:\WINDOWS\system32\WinNt32(2).dll 2008-04-30 20:05 . 2008-04-30 20:05 d-------- C:\Documents and Settings\Monia\Dane aplikacji\MxBoost 2008-04-30 19:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-30 19:50 . 2008-04-30 19:50 1,160 --a------ C:\WINDOWS\mozver.dat 2008-04-30 19:49 . 2008-04-30 19:49 d-------- C:\Program Files\Java 2008-04-30 19:47 . 2008-04-30 19:47 d-------- C:\Program Files\Common Files\Java 2008-04-30 19:44 . 2008-04-30 19:44 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-30 19:00 . 2008-04-30 19:00 d--hs---- C:\Recycled 2008-04-30 18:49 . 2008-04-30 18:50 65,057 --a------ C:\WINDOWS\system32\uyh.exe 2008-04-30 18:45 . 2008-04-30 18:45 d-------- C:\Documents and Settings\Monia\Dane aplikacji\Gadu-Gadu 2008-04-30 18:44 . 2008-04-30 18:44 d-------- C:\Documents and Settings\Monia\Gadu-Gadu 2008-04-30 18:42 . 2008-04-30 18:43 143,872 --a------ C:\WINDOWS\system32\mssmpp(2).exe 2008-04-30 18:39 . 2008-04-30 18:39 d-------- C:\WINDOWS\nview 2008-04-30 18:39 . 2006-08-11 21:42 221,184 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-04-30 18:39 . 2006-08-11 21:42 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-04-30 18:34 . 2008-04-30 18:34 d-------- C:\Program Files\Common Files\InstallShield 2008-04-30 18:34 . 2008-04-30 18:34 d-------- C:\NVIDIA 2008-04-30 18:34 . 2006-08-16 17:55 221,184 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-04-30 18:31 . 2003-01-07 09:32 15,400 -ra------ C:\WINDOWS\system32\drivers\NetMotCM.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-03 13:34 100,864 ----a-w C:\WINDOWS\system32\VT100.EXE 2008-04-30 15:49 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-30 15:42 --------- d-----w C:\Program Files\Us³ugi online . ------- Sigcheck ------- 2001-10-26 17:29 1012224 a01e2ffac9498bd3f5d6b22714f4e0c7 C:\WINDOWS\explorer.exe 2001-10-26 17:29 23040 af70626dad24b1a2b5f0a524cd8fae7a C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 17:29 23040] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1089565] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848] "nwiz"="nwiz.exe" [2006-08-11 21:43 1531904 C:\WINDOWS\system32\nwiz.exe] "BearShare"="f:\BearShare\BearShare.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 21:43 86016] "WinDLL (redyLive.exe)"="C:\WINDOWS\System32\redyLive.exe" [2008-05-02 14:58 1179648] "WinDLL (redyLive.exe)"="C:\WINDOWS\System32\redyLive.exe" [2008-05-02 14:58 1179648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 17:29 23040] "JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ] "Rroa"="C:\WINDOWS\System32\ICROSO~1\regedit.exe" [ ] "Ovbgnkdw"="C:\Documents and Settings\Monia\Moje dokumenty\s?mbols\w?auclt.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklmjh] opnklmjh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksy27.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 R0 hpt3xx;hpt3xx;C:\WINDOWS\System32\DRIVERS\hpt3xx.sys [2001-08-17 21:52] R0 Ksy27;Ksy27;C:\WINDOWS\System32\Drivers\Ksy27.sys [] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-03 09:55] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-03 15:45:46 Windows 5.1.2600 FAT NTAPI detected NTDLL code modification: ZwOpenFile scanning hidden processes ... C:\WINDOWS\System32\VT100.EXE [3016] 0x81A44798 scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run VT100 Emulator = C:\WINDOWS\System32\VT100.EXE runner1 = C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VT100 Emulator"="C:\\WINDOWS\\System32\\VT100.EXE" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\TEMP\DIL6.tmp C:\WINDOWS\17PHolmes1001186.exe . ************************************************************************** . Completion time: 2008-05-03 15:46:47 - machine was rebooted [Monia] ComboFix-quarantined-files.txt 2008-05-03 13:46:42 Pre-Run: 1,555,017,728 bajtów wolnych Post-Run: 1,532,817,408 bajt˘w wolnych 250