ComboFix 08-05-07.2 - Ilona 2008-05-13 19:17:24.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.529 [GMT 2:00]
Running from: D:\Instalki\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-13 19:20 . 2008-05-13 19:20 53,248 --a------ C:\temp\catchme.dll
2008-05-11 12:34 . 2008-05-11 12:34
d-------- C:\Program Files\Kaspersky Lab
2008-05-11 12:34 . 2008-05-11 12:47 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-11 12:34 . 2008-05-11 12:47 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-11 12:29 . 2008-05-11 12:29 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-11 12:23 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 11:17 . 2008-05-11 11:17 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-10 23:03 . 2008-05-10 23:03 d-------- C:\Program Files\Avira
2008-05-10 23:03 . 2008-05-11 12:30 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-10 22:50 . 2008-05-10 22:50 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-10 12:06 . 2008-05-10 12:06 461 --a------ C:\WINDOWS\system32\spssprod.inf
2008-05-10 12:06 . 2008-05-10 12:06 175 --a------ C:\WINDOWS\SpssLM.ini
2008-05-08 20:30 . 2008-05-08 20:30 d-------- C:\Program Files\Trend Micro
2008-05-08 17:10 . 2008-05-07 05:11 d-------- C:\SDFix
2008-05-07 21:37 . 2008-05-07 21:37 247 --a------ C:\WINDOWS\cake40.ini
2008-05-07 21:37 . 2008-05-07 21:37 223 --a------ C:\WINDOWS\shell40.ini
2008-05-07 21:37 . 2008-05-07 21:37 45 --a------ C:\WINDOWS\dk.ini
2008-05-07 21:37 . 2008-05-07 21:37 36 --a------ C:\WINDOWS\neuronix.ini
2008-05-07 19:51 . 2008-05-07 19:51 d-------- C:\Documents and Settings\Ilona\sphinx
2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iTunes
2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iPod
2008-04-27 12:12 . 2008-04-27 15:47 d-------- C:\Program Files\a-squared Free
2008-04-27 10:29 . 2008-04-27 10:29 d-------- C:\Program Files\VS Revo Group
2008-04-21 12:57 . 2008-04-21 12:57 d-------- C:\Rozliczenie Roczne 2007
2008-04-19 09:39 . 2008-04-19 09:39 d-------- C:\Program Files\Secunia
2008-04-16 08:33 . 2008-04-16 08:33 d-------- C:\Program Files\Common Files\Skype
2008-04-16 08:33 . 2008-05-13 18:29 d-------- C:\Documents and Settings\Ilona\Application Data\skypePM
2008-04-16 08:33 . 2008-04-16 08:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 17:20 430,112 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-13 17:19 13,228,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-13 17:14 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Skype
2008-05-13 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-13 04:53 42,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-13 04:53 178,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-12 19:33 --------- d-----w C:\Program Files\Odkurzacz
2008-05-11 16:59 691,545 ----a-w C:\WINDOWS\unins001.exe
2008-05-11 10:23 --------- d-----w C:\Program Files\Java
2008-05-11 09:35 --------- d-----w C:\Program Files\Google
2008-05-11 09:26 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 20:39 --------- d-----w C:\Program Files\SensorsViewPro31
2008-04-30 12:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-27 19:06 --------- d-----w C:\Program Files\Opera
2008-04-25 22:06 --------- d-----w C:\Program Files\SkanerOnline
2008-04-09 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-03 21:51 --------- d-----w C:\Documents and Settings\Ilona\Application Data\StatSoft
2008-04-03 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\StatSoft
2008-04-03 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 21:49 --------- d-----w C:\Program Files\StatSoft
2008-04-01 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 20:53 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-01 20:37 --------- d-----w C:\Program Files\PrinterAnywhere
2008-03-27 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-19 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 22:57 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-15 19:12 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Autodesk
2008-03-15 19:11 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Ansys
2008-03-15 19:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-15 18:54 --------- d-----w C:\Program Files\Autodesk
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-11-25 22:58 92,064 ----a-w C:\Documents and Settings\Ilona\mqdmmdm.sys
2007-11-25 22:58 9,232 ----a-w C:\Documents and Settings\Ilona\mqdmmdfl.sys
2007-11-25 22:58 79,328 ----a-w C:\Documents and Settings\Ilona\mqdmserd.sys
2007-11-25 22:58 66,656 ----a-w C:\Documents and Settings\Ilona\mqdmbus.sys
2007-11-25 22:58 6,208 ----a-w C:\Documents and Settings\Ilona\mqdmcmnt.sys
2007-11-25 22:58 5,936 ----a-w C:\Documents and Settings\Ilona\mqdmwhnt.sys
2007-11-25 22:58 4,048 ----a-w C:\Documents and Settings\Ilona\mqdmcr.sys
2007-11-25 22:58 25,600 ----a-w C:\Documents and Settings\Ilona\usbsermptxp.sys
2007-11-25 22:58 22,768 ----a-w C:\Documents and Settings\Ilona\usbsermpt.sys
2006-06-22 23:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-10-04 08:56 88 --sh--r C:\WINDOWS\system32\6B9949C076.sys
2007-12-28 20:18 88 --sh--r C:\WINDOWS\system32\E7CB225014.sys
2008-01-03 20:27 6,372 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-08_20.44.34.99 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 18:39:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 16:28:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-11-08 16:30:02 3,805,236 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\ARPPRODUCTICON.exe
+ 2008-05-10 10:06:48 3,805,236 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\ARPPRODUCTICON.exe
- 2007-11-08 16:30:02 45,056 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\BaseProductionModeShortCut.exe
+ 2008-05-10 10:06:48 45,056 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\BaseProductionModeShortCut.exe
- 2007-11-08 16:30:02 40,960 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\NewShortcut1.exe
+ 2008-05-10 10:06:48 40,960 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\NewShortcut1.exe
- 2002-08-09 10:38:24 462,848 ----a-w C:\WINDOWS\system32\dformd.dll
+ 2002-08-09 09:38:24 462,848 ----a-w C:\WINDOWS\system32\dformd.dll
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-10-31 11:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-28 17:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 11:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 16:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
- 2008-04-09 15:35:54 454,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-10 20:59:59 454,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-07-25 23:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-07-25 23:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-07-26 01:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-08 16:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
- 2001-09-12 14:32:12 1,335,584 ----a-w C:\WINDOWS\system32\sbe6_32.dll
+ 2001-09-12 13:32:12 1,335,584 ----a-w C:\WINDOWS\system32\sbe6_32.dll
+ 2000-06-13 12:30:06 222,720 ----a-w C:\WINDOWS\system32\spss_lmd.exe
- 1996-01-12 00:00:00 722,192 ----a-w C:\WINDOWS\system32\vb40032.dll
+ 1996-01-11 23:00:00 722,192 ----a-w C:\WINDOWS\system32\vb40032.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-08-24 14:00 15360]
"Ashampoo Magical Optimizer Taskplaner"="D:\Program Files\Ashampoo\Ashampoo Magical Optimizer\AMO_Taskplaner.exe" [2007-02-08 14:18 1266872]
"ccleaner"="D:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-07 17:08 2101248]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"Creative Detector U"="D:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 10:45 110592]
"VS Online"="C:\Program Files\VS Online\VSOnline.exe" [2007-12-16 01:40 1093632]
"SpybotSD TeaTimer"="d:\Program F\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 06:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\wmccfg.exe" [2006-10-18 21:58 8704]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-08-24 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072]
"InCD"="d:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01 1397760]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 18:34 1836544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 14:00 7618560]
"NvMediaCenter"="NvMCTray.dll" [2006-08-24 14:00 86016 C:\WINDOWS\system32\nvmctray.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaaspersky Innternet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-08-24 14:00 15360]
"Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Second run install"="C:\INSTALL\2ndrun.bat" [ ]
C:\Documents and Settings\Ilona\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 11:09:52 626688]
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KAASPE~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\wianmpa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-12-01 11:46 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaaspersky Innternet Security 7.0\\avp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NMSAccessU;NMSAccessU;d:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2007-08-17 18:00]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 23:28]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-08-17 09:39]
S3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys [2005-08-17 09:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554484a1-3ace-11dc-8a32-00032f4d354b}]
\Shell\AutoRun\command - L:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f4caf1-fde6-11db-89bc-00032f4d354b}]
\Shell\Auto\command - E:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - E:\activexdebugger32.exe f
\Shell\open\Command - E:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 12:55:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 19:20:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-13 19:21:16
ComboFix-quarantined-files.txt 2008-05-13 17:21:11
ComboFix2.txt 2008-05-10 20:57:20
ComboFix3.txt 2008-05-09 21:42:12
ComboFix4.txt 2008-05-09 20:24:00
ComboFix5.txt 2008-05-08 21:53:55
Pre-Run: 9,223,364,608 bytes free
Post-Run: 9,254,363,136 bytes free
243 --- E O F --- 2008-04-09 06:39:39