ComboFix 08-08-01.04 - Właściciel 2008-08-02 16:48:27.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.607 [GMT 2:00]
Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.
2008-08-01 16:51 . 2008-08-01 16:51
2008-07-29 13:29 . 2008-07-29 13:29
2008-07-23 16:34 . 2008-07-23 16:34
2008-07-23 16:34 . 2008-07-23 16:34
2008-07-21 15:06 . 2008-07-21 15:06
2008-07-21 15:06 . 2008-07-21 15:06
2008-07-21 11:50 . 2008-07-21 11:51 9 --a------ C:\WINDOWS\nfsc_patch.ini
2008-07-19 15:01 . 2008-07-19 15:01
2008-07-18 13:27 . 2008-07-18 13:28
2008-07-17 14:08 . 2008-07-30 20:17
2008-07-09 16:43 . 2008-07-09 17:37
2008-07-09 16:42 . 2008-08-02 10:10
2008-07-07 17:26 . 2008-07-07 17:26
2008-07-06 14:19 . 2008-07-06 14:19
2008-07-06 14:19 . 2008-04-12 19:46 2,751,488 --a------ C:\WINDOWS\Photo! 3D ScreenSaver.scr
2008-07-06 14:13 . 2008-07-06 14:13
2008-07-06 14:06 . 2008-07-06 14:19
2008-07-06 14:05 . 2008-07-06 14:05
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 14:45 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype
2008-08-02 08:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 13:14 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-14 11:39 --------- d-----w C:\Program Files\SkanerOnline
2008-07-07 15:26 --------- d-----w C:\Program Files\Tibia
2008-07-01 16:53 32,600 -c–a-w C:\Documents and Settings\WĹ‚aĹ›ciciel\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-27 11:20 --------- d-----w C:\Program Files\THQ
2008-06-27 10:52 --------- d-----w C:\Program Files\Kingdom Elemental
2008-06-27 10:48 --------- d-----w C:\Program Files\Techland
2008-06-26 12:16 --------- d-----w C:\Program Files\LPM2005NE
2008-06-26 07:55 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-06-13 17:03 --------- d-----w C:\Program Files\TEXTware
2008-06-13 17:03 --------- d-----w C:\Program Files\IDM
2008-06-13 17:02 --------- d-----w C:\Program Files\QuickTime
2008-06-13 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-06-13 16:53 --------- d-----w C:\Program Files\Longman
2008-06-13 15:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-13 15:08 --------- d-----w C:\Program Files\Modi i Nanna
2008-06-10 10:38 --------- d-----w C:\Program Files\Metin2_PL
2008-06-09 14:24 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia
2008-06-09 13:44 --------- d-----w C:\Program Files\Asprate
2008-06-03 18:17 --------- d-----w C:\Program Files\Google
2008-06-02 14:08 --------- d-----w C:\Program Files\CDex
2008-05-30 14:27 3,126 ----a-w C:\WINDOWS\system32\tempimg.tmp
2008-05-26 16:47 130,048 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2006-05-25 22:46 1,635 -c–a-w C:\WINDOWS\inf\COMB9.tmp
2008-01-23 20:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3FC7223-752E-495B-9951-CE360FA1180C}]
2007-10-15 15:59 2265088 --a------ C:\Documents and Settings\Właściciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{BEBD573C-8315-43A8-9EA0-7028D471CC81}”= “C:\Documents and Settings\WĹ‚aĹ›ciciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll” [2007-10-15 15:59 2265088]
[HKEY_CLASSES_ROOT\clsid\{bebd573c-8315-43a8-9ea0-7028d471cc81}]
[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{BEBD573C-8315-43A8-9EA0-7028D471CC81}”= “C:\Documents and Settings\WĹ‚aĹ›ciciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll” [2007-10-15 15:59 2265088]
[HKEY_CLASSES_ROOT\clsid\{bebd573c-8315-43a8-9ea0-7028d471cc81}]
[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-10-13 18:33 19975208]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-06-11 14:16 68856]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 11:46 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-06-08 11:02 94208]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-06-08 10:59 77824]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2005-06-08 11:03 114688]
“EasyTuneV”=“C:\Program Files\Gigabyte\ET5\GUI.exe” [2004-06-14 11:54 200704]
“UMonit”=“C:\WINDOWS\system32\umonit.exe” [2003-08-21 17:47 49152]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2004-03-10 16:26 406016]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-08-02 16:35 7110656]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-08-02 16:35 86016]
“NVRTCLK”=“C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe” [2003-12-30 11:44 24576]
“PathNvidiaTV”=“C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe” [2005-01-27 12:47 20480]
“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2005-03-18 13:18 98304]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-11-21 20:32 282624]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 02:38 34672]
“nwiz”=“nwiz.exe” [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2005-07-13 10:37 14679552 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Remote Control.lnk - C:\Program Files\KWorld Multimedia\PVR-TV 883 Utilities\C8XRCtl.exe [2005-11-17 12:59:35 57344]
UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2007-09-21 09:05:21 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.MJPG”= Pvmjpg21.dll
“VIDC.PIM1”= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTemp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\eMule\\emule.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Microprose\\Grand Prix 3\\GP3.ICD”=
“C:\\games\\RedFaction\\RedFaction.exe”=
“C:\\games\\RedFaction\\rf.exe”=
“C:\\Program Files\\Skispringen 2006\\skispringen2006.exe”=
“C:\\Program Files\\Valve\\hl.exe”=
“C:\\Program Files\\Valve\\hlds.exe”=
“C:\\Program Files\\Metin2_PL\\metin2.bin”=
“C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe”=
“C:\\Program Files\\Skype\\Phone\\Skype.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 CX88XBAR;KWorld TV88X Crossbar;C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-01-18 12:58]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-04-04 03:55]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\cdrmkaun.sys []
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 17:49]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fe28d2-2ad0-11da-8499-806d6172696f}]
\shell\PlayWithPowerDVD\Command - “C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe” “%L”
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{6A3FBC63-0A47-4CA5-A2A4-FD76B5CB32B6}: NameServer = 85.255.113.138,85.255.112.171
O17 -: HKLM\CCS\Interface\{90167034-B02F-4ED6-BBD9-E7EF4AD4BD9F}: NameServer = 85.255.113.138,85.255.112.171
O17 -: HKLM\CCS\Interface\{B5D819E4-24CD-4128-9EF5-033BFE577C7D}: NameServer = 85.255.113.138,85.255.112.171
O17 -: HKLM\CCS\Interface\{BD916037-A2D4-4134-BC13-B4E44FB7B301}: NameServer = 85.255.113.138,85.255.112.171
O17 -: HKLM\CCS\Interface\{DDCAC8E6-D40F-4089-87D5-253FE5051F24}: NameServer = 85.255.113.138,85.255.112.171
O17 -: HKLM\CCS\Interface\{F9E649AD-D7CD-4C5C-8845-BF094CF7216F}: NameServer = 85.255.113.138,85.255.112.171
O16 -: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - hxxp://mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 16:50:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\umonit.exe?USB\Vid_05e3&Pid_07108???6&PI???B\ROOT_H8???V???h???w???b@???<$?|???$?|???w??@???w???@???t???|X$?|???$?|Q$?|???@
PathNvidiaTV = C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe???|E??|N??|????????E??????|?????x????D?|p??|???|?D?|?5?|?C?|????????????????????????X???\<??????????|P???????Q??|????m??|???????????????|???????????|???????????&s?|???|?s?|???[???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-02 16:52:01
ComboFix-quarantined-files.txt 2008-08-02 14:51:55
ComboFix2.txt 2008-08-02 14:46:57
ComboFix3.txt 2008-08-02 14:27:42
ComboFix4.txt 2008-08-02 14:16:18
ComboFix5.txt 2008-08-02 14:48:07
Pre-Run: 26,227,093,504 bajtĂłw wolnych
Post-Run: 26,211,303,424 bajtĂłw wolnych
184 — E O F — 2008-03-06 09:20:34
