ComboFix 07-09-17.2 - "Mati" 2007-09-17 22:45:34.2 - [color=red][b]FAT32[/b][/color]x86 
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.467 [GMT 2:00]
.

(((((((((((((((((((((((((   Files Created from 2007-08-17 to 2007-09-17  )))))))))))))))))))))))))))))))
.

2007-09-17 22:45	99,328	--a------	C:\hxvaqsbo.exe
2007-09-17 22:45	86,528	--a------	C:\jvrmgf.exe
2007-09-17 22:45	75,264	--a------	C:\hbwpb.exe
2007-09-17 22:41	<DIR>	d--------	C:\!KillBox
2007-09-17 22:15	61,952	--a------	C:\WINDOWS\NirCmd.exe
2007-09-17 21:33	<DIR>	d--------	C:\DOCUME~1\Mati\DANEAP~1\foobar2000
2007-09-17 21:21	<DIR>	d--------	C:\WINDOWS\nview
2007-09-17 21:16	<DIR>	d--------	C:\Program Files\mks_vir_2007
2007-09-17 21:14	<DIR>	d--------	C:\WINDOWS\NV11561364.TMP
2007-09-17 21:13	<DIR>	d--------	C:\NVIDIA
2007-09-17 21:12	<DIR>	d--------	C:\Program Files\foobar2000
2007-09-17 21:11	<DIR>	d--------	C:\DOCUME~1\Mati\DANEAP~1\Tibia

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-11-29 10:18	77	---hs----	C:\Program Files\Common Files\Desktop.ini
2004-09-28 03:00	26240	--a------	C:\WINDOWS\inf\RAMDSK.SYS
.

(((((((((((((((((((((((((((((   snapshot_2007-09-17_222148,37   )))))))))))))))))))))))))))))))))))))))))
.
----a-w         1,044,480 2005-04-07 17:48:42  C:\WINDOWS\explorer.exe
----a-w           101,376 2004-08-03 21:44:30  C:\WINDOWS\system32\userinit.exe
----a-w            76,800 2004-08-03 21:44:28  C:\WINDOWS\system32\rundll32.exe
----a-w            16,384 2004-08-03 21:44:30  C:\WINDOWS\system32\winver.exe
----a-w           525,824 2004-08-03 21:44:22  C:\WINDOWS\system32\logonui.exe
----a-w            26,624 2004-08-03 21:44:20  C:\WINDOWS\system32\dmremote.exe
----a-w            21,504 2004-08-03 21:44:20  C:\WINDOWS\system32\dumprep.exe
----a-w           192,512 2004-08-03 21:44:20  C:\WINDOWS\system32\dwwin.exe
----a-w           116,736 2004-08-03 21:44:22  C:\WINDOWS\system32\magnify.exe
----a-w           187,392 2004-08-03 21:44:22  C:\WINDOWS\system32\mobsync.exe
----a-w            77,824 2004-08-03 21:44:26  C:\WINDOWS\system32\odbcad32.exe
----a-w           259,584 2004-08-03 21:44:26  C:\WINDOWS\system32\osk.exe
----a-w           150,528 2004-08-03 21:44:28  C:\WINDOWS\system32\taskmgr.exe
----a-w            93,696 2004-08-03 21:44:30  C:\WINDOWS\system32\utilman.exe
----a-w            24,576 2004-08-03 21:44:30  C:\WINDOWS\system32\wscntfy.exe
----a-w           357,888 2004-08-03 21:44:28  C:\WINDOWS\system32\tourstart.exe
----a-w            49,664 2004-08-10 20:05:14  C:\WINDOWS\system32\wdfmgr.exe
----a-w           151,552 2004-08-03 22:44:30  C:\WINDOWS\system32\wuauclt.exe
----a-w           419,328 2004-08-03 22:33:18  C:\WINDOWS\system32\mstsc.exe
----a-w           549,888 2004-08-03 22:44:28  C:\WINDOWS\system32\spider.exe
----a-w            66,560 2001-10-26 16:29:54  C:\WINDOWS\system32\freecell.exe
----a-w           171,520 2001-10-26 16:29:58  C:\WINDOWS\system32\mshearts.exe
----a-w           163,328 2001-10-26 16:30:06  C:\WINDOWS\system32\winmine.exe
----a-w            68,096 2001-10-26 16:30:02  C:\WINDOWS\system32\sol.exe
----a-w           125,952 2001-10-26 16:29:48  C:\WINDOWS\system32\calc.exe
----a-w           172,098 2007-04-19 11:26:00  C:\WINDOWS\system32\nvsvc32.exe
----a-w         1,671,168 2007-04-19 11:26:00  C:\WINDOWS\system32\nwiz.exe
----a-w           806,912 2007-04-19 11:26:00  C:\WINDOWS\system32\nvcplui.exe
------w            65,808 2000-06-26 05:44:20  C:\WINDOWS\system32\MsPMSPSv.exe
----a-w           322,048 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
----a-w            32,768 2007-09-17 20:43:32  C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
----a-w            32,768 2007-09-17 20:43:32  C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
----a-w            10,240 2007-09-17 20:45:28  C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SXGFK3KB\adv735[1].exe
----a-w            16,384 2007-09-17 20:43:32  C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w           253,440 2004-08-03 21:44:22  C:\WINDOWS\system32\usmt\migwiz.exe
----a-w           393,728 2004-08-03 22:44:28  C:\WINDOWS\system32\Restore\rstrui.exe
----a-r            79,872 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\xlicons.exe
----a-r            46,080 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\wordicon.exe
----a-r            38,912 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\misc.exe
----a-r            40,960 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\pptico.exe
----a-r           165,888 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\accicons.exe
----a-w           177,664 2007-03-13 08:57:12  C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
----a-w         1,033,728 2005-04-07 17:48:42  C:\WINDOWS\explorer.exe
----a-w            25,088 2004-08-03 21:44:30  C:\WINDOWS\system32\userinit.exe
----a-w            33,280 2004-08-03 21:44:28  C:\WINDOWS\system32\rundll32.exe
----a-w             5,632 2004-08-03 21:44:30  C:\WINDOWS\system32\winver.exe
----a-w           515,072 2004-08-03 21:44:22  C:\WINDOWS\system32\logonui.exe
----a-w            15,872 2004-08-03 21:44:20  C:\WINDOWS\system32\dmremote.exe
----a-w            10,752 2004-08-03 21:44:20  C:\WINDOWS\system32\dumprep.exe
----a-w           180,224 2004-08-03 21:44:20  C:\WINDOWS\system32\dwwin.exe
----a-w            73,216 2004-08-03 21:44:22  C:\WINDOWS\system32\magnify.exe
----a-w           143,872 2004-08-03 21:44:22  C:\WINDOWS\system32\mobsync.exe
----a-w            32,768 2004-08-03 21:44:26  C:\WINDOWS\system32\odbcad32.exe
----a-w           216,064 2004-08-03 21:44:26  C:\WINDOWS\system32\osk.exe
----a-w           139,776 2004-08-03 21:44:28  C:\WINDOWS\system32\taskmgr.exe
----a-w            50,176 2004-08-03 21:44:30  C:\WINDOWS\system32\utilman.exe
----a-w            13,824 2004-08-03 21:44:30  C:\WINDOWS\system32\wscntfy.exe
----a-w           347,136 2004-08-03 21:44:28  C:\WINDOWS\system32\tourstart.exe
----a-w            38,912 2004-08-10 20:05:14  C:\WINDOWS\system32\wdfmgr.exe
----a-w           112,128 2004-08-03 22:44:30  C:\WINDOWS\system32\wuauclt.exe
----a-w           408,576 2004-08-03 22:33:18  C:\WINDOWS\system32\mstsc.exe
----a-w           539,136 2004-08-03 22:44:28  C:\WINDOWS\system32\spider.exe
----a-w            55,808 2001-10-26 16:29:54  C:\WINDOWS\system32\freecell.exe
----a-w           128,000 2001-10-26 16:29:58  C:\WINDOWS\system32\mshearts.exe
----a-w           119,808 2001-10-26 16:30:06  C:\WINDOWS\system32\winmine.exe
----a-w            57,344 2001-10-26 16:30:02  C:\WINDOWS\system32\sol.exe
----a-w           115,200 2001-10-26 16:29:48  C:\WINDOWS\system32\calc.exe
----a-w           159,810 2007-04-19 11:26:00  C:\WINDOWS\system32\nvsvc32.exe
----a-w         1,626,112 2007-04-19 11:26:00  C:\WINDOWS\system32\nwiz.exe
----a-w           794,624 2007-04-19 11:26:00  C:\WINDOWS\system32\nvcplui.exe
------w            53,520 2000-06-26 05:44:20  C:\WINDOWS\system32\MsPMSPSv.exe
----a-w           293,376 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
----a-w            32,768 2005-11-28 07:35:52  C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
----a-w            32,768 2005-11-28 07:35:52  C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
----a-w            16,384 2005-11-28 07:35:52  C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w           242,688 2004-08-03 21:44:22  C:\WINDOWS\system32\usmt\migwiz.exe
----a-w           382,976 2004-08-03 22:44:28  C:\WINDOWS\system32\Restore\rstrui.exe
----a-r            69,120 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\xlicons.exe
----a-r            35,328 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\wordicon.exe
----a-r            28,160 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\misc.exe
----a-r            30,208 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\pptico.exe
----a-r           155,136 2005-11-28 08:37:42  C:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\accicons.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-11-28 10:32]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 23:21]
"mkstray"="C:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-06-29 16:41]
"MKSRegmon"="C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06]
"mks_mail"="C:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast2KLoadDefault]
rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFoxV2]
C:\WINDOWS\system32\WF2K.EXE Initial

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SystemSuite Task Manager"=2 (0x2)

R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys
R1 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys
R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys
R2 MksFwall;MksFwall;"C:\Program Files\mks_vir_2007\bin\MksFwall.exe"
R2 MksPC;MksPC;"C:\Program Files\mks_vir_2007\bin\MksPC.exe"
R2 MksUpdate;MksUpdate;"C:\Program Files\mks_vir_2007\bin\mksupdate.exe"
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys
R3 MksMonEn;MksMonEn;\??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys
R3 MksMonEv;MksMonEv;\??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys
R3 MksMonFd;MksMonFd;\??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3bc43ba-5fef-11da-8bb0-806d6172696f}]
AutoRun\command- I:\Bin\Assetup.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 22:46:33
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-17 22:47:12
C:\ComboFix-quarantined-files.txt ... 2007-09-17 22:47
C:\ComboFix2.txt ... 2007-09-17 22:22
.
	--- E O F ---