ComboFix 08-05-07.2 - Ilona 2008-05-13 19:17:24.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.529 [GMT 2:00] Running from: D:\Instalki\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . 2008-05-13 19:20 . 2008-05-13 19:20 53,248 --a------ C:\temp\catchme.dll 2008-05-11 12:34 . 2008-05-11 12:34 d-------- C:\Program Files\Kaspersky Lab 2008-05-11 12:34 . 2008-05-11 12:47 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-11 12:34 . 2008-05-11 12:47 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-11 12:29 . 2008-05-11 12:29 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-11 12:23 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-11 11:17 . 2008-05-11 11:17 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-10 23:03 . 2008-05-10 23:03 d-------- C:\Program Files\Avira 2008-05-10 23:03 . 2008-05-11 12:30 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-10 22:50 . 2008-05-10 22:50 d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-05-10 12:06 . 2008-05-10 12:06 461 --a------ C:\WINDOWS\system32\spssprod.inf 2008-05-10 12:06 . 2008-05-10 12:06 175 --a------ C:\WINDOWS\SpssLM.ini 2008-05-08 20:30 . 2008-05-08 20:30 d-------- C:\Program Files\Trend Micro 2008-05-08 17:10 . 2008-05-07 05:11 d-------- C:\SDFix 2008-05-07 21:37 . 2008-05-07 21:37 247 --a------ C:\WINDOWS\cake40.ini 2008-05-07 21:37 . 2008-05-07 21:37 223 --a------ C:\WINDOWS\shell40.ini 2008-05-07 21:37 . 2008-05-07 21:37 45 --a------ C:\WINDOWS\dk.ini 2008-05-07 21:37 . 2008-05-07 21:37 36 --a------ C:\WINDOWS\neuronix.ini 2008-05-07 19:51 . 2008-05-07 19:51 d-------- C:\Documents and Settings\Ilona\sphinx 2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iTunes 2008-04-30 15:09 . 2008-04-30 15:09 d-------- C:\Program Files\iPod 2008-04-27 12:12 . 2008-04-27 15:47 d-------- C:\Program Files\a-squared Free 2008-04-27 10:29 . 2008-04-27 10:29 d-------- C:\Program Files\VS Revo Group 2008-04-21 12:57 . 2008-04-21 12:57 d-------- C:\Rozliczenie Roczne 2007 2008-04-19 09:39 . 2008-04-19 09:39 d-------- C:\Program Files\Secunia 2008-04-16 08:33 . 2008-04-16 08:33 d-------- C:\Program Files\Common Files\Skype 2008-04-16 08:33 . 2008-05-13 18:29 d-------- C:\Documents and Settings\Ilona\Application Data\skypePM 2008-04-16 08:33 . 2008-04-16 08:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 17:20 430,112 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-13 17:19 13,228,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-13 17:14 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Skype 2008-05-13 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-13 04:53 42,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-13 04:53 178,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-12 19:33 --------- d-----w C:\Program Files\Odkurzacz 2008-05-11 16:59 691,545 ----a-w C:\WINDOWS\unins001.exe 2008-05-11 10:23 --------- d-----w C:\Program Files\Java 2008-05-11 09:35 --------- d-----w C:\Program Files\Google 2008-05-11 09:26 --------- d-----w C:\Program Files\Yahoo! 2008-05-10 20:39 --------- d-----w C:\Program Files\SensorsViewPro31 2008-04-30 12:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-27 19:06 --------- d-----w C:\Program Files\Opera 2008-04-25 22:06 --------- d-----w C:\Program Files\SkanerOnline 2008-04-09 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-03 21:51 --------- d-----w C:\Documents and Settings\Ilona\Application Data\StatSoft 2008-04-03 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\StatSoft 2008-04-03 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-03 21:49 --------- d-----w C:\Program Files\StatSoft 2008-04-01 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-01 20:53 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-04-01 20:37 --------- d-----w C:\Program Files\PrinterAnywhere 2008-03-27 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-03-19 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-16 22:57 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-15 19:12 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Autodesk 2008-03-15 19:11 --------- d-----w C:\Documents and Settings\Ilona\Application Data\Ansys 2008-03-15 19:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-03-15 18:54 --------- d-----w C:\Program Files\Autodesk 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-11-25 22:58 92,064 ----a-w C:\Documents and Settings\Ilona\mqdmmdm.sys 2007-11-25 22:58 9,232 ----a-w C:\Documents and Settings\Ilona\mqdmmdfl.sys 2007-11-25 22:58 79,328 ----a-w C:\Documents and Settings\Ilona\mqdmserd.sys 2007-11-25 22:58 66,656 ----a-w C:\Documents and Settings\Ilona\mqdmbus.sys 2007-11-25 22:58 6,208 ----a-w C:\Documents and Settings\Ilona\mqdmcmnt.sys 2007-11-25 22:58 5,936 ----a-w C:\Documents and Settings\Ilona\mqdmwhnt.sys 2007-11-25 22:58 4,048 ----a-w C:\Documents and Settings\Ilona\mqdmcr.sys 2007-11-25 22:58 25,600 ----a-w C:\Documents and Settings\Ilona\usbsermptxp.sys 2007-11-25 22:58 22,768 ----a-w C:\Documents and Settings\Ilona\usbsermpt.sys 2006-06-22 23:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2007-10-04 08:56 88 --sh--r C:\WINDOWS\system32\6B9949C076.sys 2007-12-28 20:18 88 --sh--r C:\WINDOWS\system32\E7CB225014.sys 2008-01-03 20:27 6,372 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-08_20.44.34.99 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-08 18:39:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-13 16:28:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2007-11-08 16:30:02 3,805,236 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\ARPPRODUCTICON.exe + 2008-05-10 10:06:48 3,805,236 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\ARPPRODUCTICON.exe - 2007-11-08 16:30:02 45,056 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\BaseProductionModeShortCut.exe + 2008-05-10 10:06:48 45,056 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\BaseProductionModeShortCut.exe - 2007-11-08 16:30:02 40,960 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\NewShortcut1.exe + 2008-05-10 10:06:48 40,960 ----a-r C:\WINDOWS\Installer\{4AA61A60-6970-4a41-B644-170EBA077049}\NewShortcut1.exe - 2002-08-09 10:38:24 462,848 ----a-w C:\WINDOWS\system32\dformd.dll + 2002-08-09 09:38:24 462,848 ----a-w C:\WINDOWS\system32\dformd.dll + 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-10-31 11:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys + 2007-12-28 17:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys + 2007-12-13 11:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys + 2008-02-08 16:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat - 2008-04-09 15:35:54 454,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-10 20:59:59 454,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2006-07-25 23:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-07-25 23:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-07-26 01:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-08 16:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll - 2001-09-12 14:32:12 1,335,584 ----a-w C:\WINDOWS\system32\sbe6_32.dll + 2001-09-12 13:32:12 1,335,584 ----a-w C:\WINDOWS\system32\sbe6_32.dll + 2000-06-13 12:30:06 222,720 ----a-w C:\WINDOWS\system32\spss_lmd.exe - 1996-01-12 00:00:00 722,192 ----a-w C:\WINDOWS\system32\vb40032.dll + 1996-01-11 23:00:00 722,192 ----a-w C:\WINDOWS\system32\vb40032.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-08-24 14:00 15360] "Ashampoo Magical Optimizer Taskplaner"="D:\Program Files\Ashampoo\Ashampoo Magical Optimizer\AMO_Taskplaner.exe" [2007-02-08 14:18 1266872] "ccleaner"="D:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-07 17:08 2101248] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416] "Creative Detector U"="D:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 10:45 110592] "VS Online"="C:\Program Files\VS Online\VSOnline.exe" [2007-12-16 01:40 1093632] "SpybotSD TeaTimer"="d:\Program F\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 06:10 16049664 C:\WINDOWS\RTHDCPL.exe] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\wmccfg.exe" [2006-10-18 21:58 8704] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-08-24 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072] "InCD"="d:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01 1397760] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 18:34 1836544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 14:00 7618560] "NvMediaCenter"="NvMCTray.dll" [2006-08-24 14:00 86016 C:\WINDOWS\system32\nvmctray.dll] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AVP"="C:\Program Files\Kaspersky Lab\Kaaspersky Innternet Security 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-08-24 14:00 15360] "Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Second run install"="C:\INSTALL\2ndrun.bat" [ ] C:\Documents and Settings\Ilona\Start Menu\Programs\Startup\ Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 11:09:52 626688] Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664] HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KAASPE~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] d:\Program Files\wianmpa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-12-01 11:46 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaaspersky Innternet Security 7.0\\avp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 NMSAccessU;NMSAccessU;d:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2007-08-17 18:00] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 23:28] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24] R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-08-17 09:39] S3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys [2005-08-17 09:39] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554484a1-3ace-11dc-8a32-00032f4d354b}] \Shell\AutoRun\command - L:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f4caf1-fde6-11db-89bc-00032f4d354b}] \Shell\Auto\command - E:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - E:\activexdebugger32.exe f \Shell\open\Command - E:\activexdebugger32.exe f . Contents of the 'Scheduled Tasks' folder "2008-04-30 12:55:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 19:20:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-13 19:21:16 ComboFix-quarantined-files.txt 2008-05-13 17:21:11 ComboFix2.txt 2008-05-10 20:57:20 ComboFix3.txt 2008-05-09 21:42:12 ComboFix4.txt 2008-05-09 20:24:00 ComboFix5.txt 2008-05-08 21:53:55 Pre-Run: 9,223,364,608 bytes free Post-Run: 9,254,363,136 bytes free 243 --- E O F --- 2008-04-09 06:39:39