ComboFix 08-06-12.2 - kocurrro 2008-06-14 22:33:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.302 [GMT 2:00]
Running from: D:\Programy\combofix\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\CALIBRIB.TTF

.
(((((((((((((((((((((((((   Files Created from 2008-05-14 to 2008-06-14  )))))))))))))))))))))))))))))))
.

2008-06-11 12:10 . 2008-04-14 17:53	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 11:03 . 2008-06-08 11:04	<DIR>	d--------	C:\Program Files\Speed Video Splitter
2008-06-08 11:03 . 2008-06-08 11:43	67	--a------	C:\WINDOWS\Speed Video Splitter.INI
2008-06-08 11:01 . 2008-06-08 11:11	<DIR>	d--------	C:\Program Files\Ultra Video Splitter

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:40	909,824	------w	C:\WINDOWS\system32\Cp3245mt.dll
2060-08-18 17:40	24,064	------w	C:\WINDOWS\system32\Borlndmm.dll
2060-08-18 17:02	1,496,064	------w	C:\WINDOWS\system32\Cc3250mt.dll
2008-06-14 20:25	---------	d-----w	C:\Documents and Settings\kocurrro\Dane aplikacji\Azureus
2008-06-14 08:02	23,040	----a-w	C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-05-28 16:36	---------	d-----w	C:\Program Files\English Translator 3
2008-05-23 17:03	---------	d-----w	C:\Program Files\Capture-A-ScreenShot
2008-05-22 07:21	---------	d-----w	C:\Program Files\Avast4
2008-05-08 17:42	---------	d-----w	C:\Documents and Settings\kocurrro\Dane aplikacji\MSPWNOUP2006
2008-05-08 17:36	---------	d-----w	C:\Program Files\słownik
2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 19:53	---------	d-----w	C:\Program Files\English Translator 3 Demo
2008-05-07 18:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-07 18:03	---------	d-----w	C:\Program Files\Techland
2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03	662,016	----a-w	C:\WINDOWS\system32\wininet.dll
2008-04-16 17:10	---------	d-----w	C:\Program Files\Azureus
2008-04-14 15:53	273,024	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys
2004-03-11 11:27	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 14:25 28672]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 13:32 552960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53 131072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 17:15 348160]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-11-15 21:31 33792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 18:28 172032]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-07-13 23:18 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-07-13 23:11 659456]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 14:25 28672]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 14:25:56 28672]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50]
R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 13:04]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49]
R2 WinDriver;WinDriver;C:\WINDOWS\system32\WINDRVR.SYS [2007-08-03 19:57]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\drivers\GVTDrv.sys [2008-06-14 10:02]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\74.tmp []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-30 15:47]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21851942-210b-11dc-acb8-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 07:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-14 16:55:04 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 22:35:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\74.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-06-14 22:35:54
ComboFix-quarantined-files.txt  2008-06-14 20:35:41

Pre-Run: 2,949,599,232 bajtów wolnych
Post-Run: 3,526,795,264 bajtów wolnych

134	--- E O F ---	2008-06-11 10:30:20