ComboFix 08-04-08.10 - Administrator 2008-04-09 19:21:43.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.791 [GMT 2:00]
Running from: C:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\amvo0.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-09 18:52 . 2008-04-09 18:52
2008-04-09 18:48 . 2008-04-09 18:48 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-04-09 18:48 . 2008-04-09 18:48 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-04-09 18:48 . 2008-04-09 18:48 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-04-09 18:48 . 2008-04-09 18:48 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-04-09 18:36 . 2008-04-09 18:36
2008-04-09 18:35 . 2008-04-09 18:35
2008-04-09 18:35 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-04-09 18:34 . 2008-04-09 18:34
2008-04-09 18:34 . 2008-04-09 18:34
2008-04-09 18:34 . 2008-04-09 18:34
2008-04-09 18:34 . 2008-04-09 18:34
2008-04-09 18:31 . 2008-04-09 18:31
2008-04-09 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-09 18:27 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-09 18:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-09 18:27 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-09 16:29 . 2008-04-09 16:29
2008-04-09 16:29 . 2008-04-09 16:29
2008-04-09 16:29 . 2008-04-09 16:29
2008-04-09 16:19 . 2008-04-09 16:19
2008-04-09 16:18 . 2008-04-09 16:18 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-09 00:25 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-09 00:25 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-09 00:25 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-09 00:25 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-09 00:25 . 2001-08-17 23:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-09 00:25 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-04-09 00:25 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-09 00:25 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-04-09 00:25 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-09 00:24 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-09 00:24 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-04-09 00:24 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-09 00:24 . 2001-08-17 23:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-04-09 00:23 . 2001-07-22 05:15 1,685,606 --a–c— C:\WINDOWS\system32\dllcache\sam.spd
2008-04-09 00:23 . 2008-04-09 16:17 865,792 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-04-09 00:23 . 2001-10-26 19:29 77,824 --a–c— C:\WINDOWS\system32\dllcache\spcommon.dll
2008-04-09 00:23 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-09 00:23 . 2001-10-26 19:28 61,440 --a–c— C:\WINDOWS\system32\dllcache\spcplui.dll
2008-04-09 00:23 . 2008-04-08 23:32 4,293 --a------ C:\WINDOWS\ODBCINST.INI
2008-04-09 00:23 . 2008-04-09 00:05 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-09 00:23 . 2001-07-22 05:15 888 --a–c— C:\WINDOWS\system32\dllcache\sam.sdf
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-08 23:29
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 00:22
2008-04-09 00:22 . 2008-04-09 16:42
2008-04-09 00:22 . 2008-04-09 00:02
2008-04-09 00:22 . 2008-04-09 00:06
2008-04-09 00:22 . 2008-04-09 18:52
2008-04-09 00:19 . 2008-04-09 17:20
2008-04-09 00:19 . 2008-04-09 19:17
2008-04-09 00:19 . 2008-04-09 00:19
2008-04-09 00:19 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-09 00:19 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-09 00:19 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-09 00:19 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-09 00:18 . 2008-04-09 16:14
2008-04-09 00:11 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-09 00:11 . 2008-04-09 00:11 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 00:10 . 2008-04-09 00:10
2008-04-09 00:10 . 2008-04-09 00:10
2008-04-09 00:08 . 2008-04-09 00:08
2008-04-09 00:07 . 2008-04-09 00:07
2008-04-09 00:01 . 2008-04-09 00:01
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 17:21 1,671,038 ----a-w C:\ComboFix.exe
2008-04-09 16:36 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-04-09 16:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 21:54 --------- d-----w C:\Program Files\My Company Name
2008-04-08 21:48 --------- d-----w C:\Program Files\Realtek
2008-04-08 21:45 --------- d-----w C:\Program Files\VIA
2008-04-08 21:43 --------- d-----w C:\Program Files\AMD
2008-04-08 21:32 558,142 ----a-w C:\WINDOWS\java\Packages\YARVB75B.ZIP
2008-04-08 21:32 155,995 ----a-w C:\WINDOWS\java\Packages\MQI1ZZ3F.ZIP
2008-04-08 21:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-08 21:29 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2008-03-03 14:44 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2006-02-10 12:25 15969280 C:\WINDOWS\RTHDCPL.exe]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-08-11 15:43 7630848]
“nwiz”=“nwiz.exe” [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2006-08-11 15:43 86016]
“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2007-12-10 14:53 1103752]
“SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-10-14 10:22 155648]
“PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-17 14:25 57393]
“IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-17 14:45 40960]
“SetDefPrt”=“C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe” [2005-01-26 18:02 49152]
“ControlCenter2.0”=“C:\Program Files\Brother\ControlCenter2\brctrcen.exe” [2005-05-17 17:42 933888]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-09 18:36:42 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\bootcd\wintools\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{041a77e4-0640-11dd-80b2-0017313729fc}]
\Shell\AutoRun\command - H:\INTRO.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{938e5bb0-05b6-11dd-80ae-0017313729fc}]
\Shell\AutoRun\command - G:\v.com
\Shell\explore\Command - G:\v.com
\Shell\open\Command - G:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db1a64f2-05c1-11dd-8008-806d6172696f}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db1a64f3-05c1-11dd-8008-806d6172696f}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db1a64f4-05c1-11dd-8008-806d6172696f}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:22:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-09 19:22:51
ComboFix-quarantined-files.txt 2008-04-09 17:22:41
Pre-Run: 12,905,697,280 bajtów wolnych
Post-Run: 12,895,379,456 bajtów wolnych