ComboFix 08-05-07.2 - Ilona 2008-05-08 23:49:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.471 [GMT 2:00] Running from: D:\Instalki\ComboFix.exe Command switches used :: C:\Documents and Settings\Ilona\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\system32\activexdebugger32.exe . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-08 23:52 . 2008-05-08 23:52 53,248 --a------ C:\temp\catchme.dll 2008-05-08 22:35 . 2008-05-08 22:35 d-------- C:\temp\hsperfdata_Ilona 2008-05-08 20:30 . 2008-05-08 20:30 d-------- C:\Program Files\Trend Micro 2008-05-08 17:10 . 2008-05-07 05:11 d-------- C:\SDFix 2008-05-07 21:37 . 2008-05-07 21:37 247 --a------ C:\WINDOWS\cake40.ini 2008-05-07 21:37 . 2008-05-07 21:37 223 --a------ C:\WINDOWS\shell40.ini 2008-05-07 21:37 . 2008-05-07 21:37 45 --a------ C:\WINDOWS\dk.ini 2008-05-07 21:37 . 2008-05-07 21:37 36 --a------ C:\WINDOWS\neuronix.ini 2008-05-07 19:51 . 2008-05-07 19:51 d-------- C:\Documents and Settings\Ilona\sphinx 2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iTunes 2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iPod 2008-04-27 12:12 . 2008-04-27 15:47 d-------- C:\Program Files\a-squared Free 2008-04-27 10:29 . 2008-04-27 10:29 d-------- C:\Program Files\VS Revo Group 2008-04-21 12:57 . 2008-04-21 12:57 d-------- C:\Rozliczenie Roczne 2007 2008-04-19 09:39 . 2008-04-19 09:39 d-------- C:\Program Files\Secunia 2008-04-16 08:33 . 2008-04-16 08:33 d-------- C:\Program Files\Common Files\Skype 2008-04-16 08:33 . 2008-05-08 17:14 d-------- C:\Documents and Settings\Ilona\Application Data\skypePM 2008-04-16 08:33 . 2008-04-16 08:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 20:31 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Skype 2008-04-30 17:56 1,632,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-04-30 12:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-27 19:06 --------- d-----w C:\Program Files\Opera 2008-04-26 22:58 410,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-26 22:58 40,592 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-26 22:58 152,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-26 22:58 11,235,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 20:44 --------- d-----w C:\Program Files\Winamp Remote 2008-04-25 22:06 --------- d-----w C:\Program Files\SkanerOnline 2008-04-09 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-03 21:51 --------- d-----w C:\Documents and Settings\Ilona\Application Data\StatSoft 2008-04-03 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\StatSoft 2008-04-03 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-03 21:49 --------- d-----w C:\Program Files\StatSoft 2008-04-01 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-01 20:57 691,545 ----a-w C:\WINDOWS\unins001.exe 2008-04-01 20:53 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-04-01 20:37 --------- d-----w C:\Program Files\PrinterAnywhere 2008-03-27 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-03-19 23:32 --------- d-----w C:\Program Files\Odkurzacz 2008-03-19 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-16 22:57 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-15 19:12 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Autodesk 2008-03-15 19:11 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Ansys 2008-03-15 19:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-03-15 18:54 --------- d-----w C:\Program Files\Autodesk 2008-03-15 18:12 --------- d-----w C:\Program Files\Java 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-11-25 22:58 92,064 ----a-w C:\Documents and Settings\Ilona\mqdmmdm.sys 2007-11-25 22:58 9,232 ----a-w C:\Documents and Settings\Ilona\mqdmmdfl.sys 2007-11-25 22:58 79,328 ----a-w C:\Documents and Settings\Ilona\mqdmserd.sys 2007-11-25 22:58 66,656 ----a-w C:\Documents and Settings\Ilona\mqdmbus.sys 2007-11-25 22:58 6,208 ----a-w C:\Documents and Settings\Ilona\mqdmcmnt.sys 2007-11-25 22:58 5,936 ----a-w C:\Documents and Settings\Ilona\mqdmwhnt.sys 2007-11-25 22:58 4,048 ----a-w C:\Documents and Settings\Ilona\mqdmcr.sys 2007-11-25 22:58 25,600 ----a-w C:\Documents and Settings\Ilona\usbsermptxp.sys 2007-11-25 22:58 22,768 ----a-w C:\Documents and Settings\Ilona\usbsermpt.sys 2006-06-22 23:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2007-10-04 08:56 88 --sh--r C:\WINDOWS\system32\6B9949C076.sys 2007-12-28 20:18 88 --sh--r C:\WINDOWS\system32\E7CB225014.sys 2008-01-03 20:27 6,372 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-08-24 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 18:48 68856] "Ashampoo Magical Optimizer Taskplaner"="D:\Program Files\Ashampoo\Ashampoo Magical Optimizer\AMO_Taskplaner.exe" [2007-02-08 14:18 1266872] "ccleaner"="D:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-07 17:08 2101248] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616] "Creative Detector U"="D:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 10:45 110592] "VS Online"="C:\Program Files\VS Online\VSOnline.exe" [2007-12-16 01:40 1093632] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288] "SpybotSD TeaTimer"="d:\Program F\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 06:10 16049664 C:\WINDOWS\RTHDCPL.exe] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\wmccfg.exe" [2006-10-18 21:58 8704] "ZoneAlarm Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280] "WinampAgent"="d:\Program Files\wianmpa.exe" [ ] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-08-24 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072] "InCD"="d:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01 1397760] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 18:34 1836544] "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 14:00 7618560] "NvMediaCenter"="NvMCTray.dll" [2006-08-24 14:00 86016 C:\WINDOWS\system32\nvmctray.dll] "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-08-24 14:00 15360] "Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Second run install"="C:\INSTALL\2ndrun.bat" [ ] C:\Documents and Settings\Ilona\Start Menu\Programs\Startup\ Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 11:09:52 626688] Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-12-26 20:09:22 36864] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664] HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248] NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-12-26 20:11:24 49220] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 NMSAccessU;NMSAccessU;d:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2007-08-17 18:00] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 23:28] R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24] R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-08-17 09:39] S3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys [2005-08-17 09:39] . Contents of the 'Scheduled Tasks' folder "2008-04-30 12:55:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 23:53:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-08 23:53:52 ComboFix-quarantined-files.txt 2008-05-08 21:53:49 ComboFix2.txt 2008-05-08 18:45:12 Pre-Run: 10,151,636,992 bytes free Post-Run: 10,114,379,776 bytes free 199 --- E O F --- 2008-04-09 06:39:39