((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-25 16:53 . 2008-12-25 16:53
2008-12-25 16:49 . 2008-12-25 16:49
2008-12-25 16:49 . 2008-12-25 16:50
2008-12-23 23:31 . 2008-12-23 23:31
2008-12-23 23:29 . 2008-12-23 23:29
2008-12-23 17:16 . 2008-12-23 17:17
2008-12-23 11:32 . 2008-12-23 11:32
2008-12-23 11:32 . 2008-12-23 11:32
2008-12-23 11:32 . 2008-12-23 11:32
2008-12-23 11:31 . 2008-12-23 11:31
2008-12-23 11:30 . 2008-01-25 23:35 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-23 11:30 . 2008-01-25 23:35 25,856 --a–c— c:\windows\system32\dllcache\usbprint.sys
2008-12-23 11:30 . 2008-01-25 23:33 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-23 11:30 . 2008-01-25 23:33 15,104 --a–c— c:\windows\system32\dllcache\usbscan.sys
2008-12-23 11:28 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-12-23 11:28 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-23 11:28 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-23 11:28 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-23 11:28 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-12-23 11:28 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-23 11:27 . 2008-12-23 11:32
2008-12-23 11:27 . 2008-12-23 13:17 69,442 --a------ c:\windows\hpoins05.dat
2008-12-23 11:27 . 2004-12-15 02:04 19,696 --------- c:\windows\hpomdl05.dat
2008-12-23 00:40 . 2008-12-23 00:40
2008-12-23 00:40 . 2008-12-23 00:40
2008-12-23 00:37 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-12-23 00:37 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
2008-12-23 00:37 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-12-23 00:37 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-12-23 00:37 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
2008-12-23 00:37 . 2008-12-23 00:37 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-23 00:37 . 2008-12-23 00:37 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-23 00:36 . 2008-12-23 00:36
2008-12-23 00:36 . 2008-12-23 00:37
2008-12-23 00:36 . 2008-12-23 00:40
2008-12-22 09:10 . 2008-12-22 09:10
2008-12-22 07:17 . 2008-12-22 07:18
2008-12-22 07:05 . 2008-12-22 07:05 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 22:49 . 2008-12-21 22:49
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 01:09 22,328 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-26 01:09 2,451,488 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-26 01:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-26 01:06 4,352 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-26 01:06 344,096 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-25 15:47 --------- d-----w c:\program files\Tlen.pl
2008-12-22 23:36 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-22 14:11 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 06:05 --------- d-----w c:\program files\Java
2008-12-21 20:44 --------- d-----w c:\program files\Dziobas Rar Player
2008-12-21 18:21 --------- d-----w c:\program files\Kaspersky Lab
2008-12-21 18:20 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-21 18:20 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-21 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-21 18:18 --------- d-----w c:\program files\NAPI-PROJEKT
2008-12-21 18:17 --------- d-----w c:\program files\ACE Mega CoDecS Pack
2008-12-21 18:16 --------- d-----w c:\program files\PDFCreator
2008-12-21 18:12 --------- d-----w c:\program files\Winamp
2008-12-21 18:12 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\Winamp
2008-12-21 18:11 --------- d-----w c:\program files\Microsoft.NET
2008-12-21 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-21 18:05 --------- d-----w c:\program files\DAEMON Tools Pro
2008-12-21 18:04 --------- d-----w c:\program files\Common Files\snp2uvc
2008-12-21 18:04 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\InstallShield
2008-12-21 18:03 315,392 ----a-w c:\windows\HideWin.exe
2008-12-21 18:03 --------- d-----w c:\program files\Realtek
2008-12-21 17:59 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\DAEMON Tools Pro
2008-12-21 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2008-12-21 17:56 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\iPlus
2008-12-21 17:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-21 17:51 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-21 17:51 --------- d-----w c:\program files\WinPcap
2008-12-21 17:50 --------- d-----w c:\program files\iPlus
2008-12-21 17:47 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\Talkback
2008-12-21 17:45 --------- d-----w c:\program files\VistaExperience.org
2008-12-21 17:45 --------- d-----w c:\program files\Styler
2008-12-21 17:45 --------- d-----w c:\documents and settings\Zenon Elezja\Application Data\Styler
2008-12-21 17:40 --------- d-----w c:\program files\microsoft frontpage
2008-12-21 17:38 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-21 17:36 --------- d-----w c:\program files\Stardock
2008-12-21 17:36 --------- d-----w c:\program files\Kristanix
2008-12-21 17:36 --------- d-----w c:\program files\Common Files\Stardock
2008-12-21 17:36 --------- d-----w c:\program files\Alky for Applications
2008-12-21 17:33 --------- d-----w c:\program files\Sysinternals
2008-12-21 17:33 --------- d-----w c:\program files\Common Files\Java
2008-12-21 17:29 --------- d-----w c:\program files\Windows Sidebar
2008-12-21 17:26 --------- d-----w c:\program files\Utilities
2008-12-21 17:26 --------- d-----w c:\program files\Unlocker
2008-12-21 17:26 --------- d-----w c:\program files\LClock
2008-12-21 17:26 --------- d-----w c:\program files\Desktop
2008-12-21 17:26 --------- d-----w c:\program files\CCleaner
2008-12-21 17:25 --------- d-----w c:\program files\Microsoft PowerToys
2008-12-21 17:25 --------- d-----w c:\program files\HashTab Shell Extension
2008-02-10 16:34 113,664 ----a-w c:\windows\inf\hdaudio.sys
.
------- Sigcheck -------
2008-02-10 17:34 361344 c2a7acf7c62b3ff97500adba3360808c c:\windows\system32\drivers\tcpip.sys
2008-02-10 17:39 2185216 00b82d0ba9d0e85cfccbff295a3ecb8f c:\windows\system32\ntkrnlpa.exe
2008-02-10 17:34 2306560 6a8eeeaecafc9014772e8ed62995b4f3 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-01-26 15360]
“DAEMON Tools Pro Agent”=“c:\program files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-12-22 136600]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-09-16 13574144]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-09-16 86016]
“snp2uvc”=“c:\windows\vsnp2uvc.exe” [2006-12-29 569344]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2008-07-29 206088]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 49152]
“nwiz”=“nwiz.exe” [2008-09-16 c:\windows\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2007-06-13 c:\windows\RTHDCPL.exe]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_3”=“advpack.dll” [2007-08-13 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.mpng”= c:\program files\t@b\0.958\686\tabdec.dll
“vidc.mvjp”= c:\program files\t@b\0.958\686\tabdec.dll
“vidc.444p”= c:\program files\t@b\0.958\686\tabdec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Zenon Elezja^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Zenon Elezja\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
–a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
–a------ 2006-08-28 11:30 274432 c:\program files\iPlus\iPlusChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
–a------ 2004-09-19 12:27 65536 c:\program files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
–a------ 2007-12-02 22:58 1230848 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
–a------ 2006-09-07 17:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
–a------ 2007-04-25 09:45 956928 c:\program files\Utilities\VisualTooltip\VisualToolTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-01-15 23:54 37376 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2008-12-21 16128]
R3 GTMMDMUSB;GT M 3G+ USB MDM;c:\windows\system32\DRIVERS\gtmmdmusb.sys [2008-12-21 25344]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2008-12-21 112000]
R3 GTMSERUSB;GT M 3G+ USB SER;c:\windows\system32\DRIVERS\gtmserusb.sys [2008-12-21 21760]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2008-12-21 8064]
R3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2008-12-21 19328]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\DRIVERS\GtVUsb.sys [2008-12-21 5120]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Zenon Elezja\Application Data\Mozilla\Firefox\Profiles\nzkcp9sl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - google.pl
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 02:09:21
Windows 5.1.2600 Service Pack 3, v.3300 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-26 2:11:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-26 01:11:19
Pre-Run: 27,704,889,344 bytes free
Post-Run: 27,630,153,728 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
237
