ComboFix 08-08-14.03 - Adrian 2008-08-15 14:15:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.554 [GMT 2:00]
Running from: C:\Documents and Settings\Adrian\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adrian\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\system32\ribytqlm.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Adrian\Cookies\adrian@komtrack[2].txt
C:\Documents and Settings\Adrian\Cookies\adrian@searchportal.information[2].txt
C:\Documents and Settings\Adrian\Dane aplikacji\m
C:\WINDOWS\exefld
C:\WINDOWS\exefld\1729703.exe
C:\WINDOWS\system32\actskn43.ocx
.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
2008-08-14 00:01 . 2008-08-14 00:01 45,056 --a------ C:\WINDOWS\system32\amosvid.dll
2008-08-13 23:56 . 2008-08-13 23:56 45,056 --a------ C:\WINDOWS\system32\amosv.dll
2008-08-13 20:41 . 2008-08-13 20:41
2008-08-13 20:20 . 2008-08-13 20:20
2008-08-09 20:52 . 2008-08-09 20:52
2008-08-09 20:52 . 2008-08-09 20:52
2008-08-09 20:52 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-08-09 20:52 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-08-09 20:47 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-08-08 23:42 . 2008-08-09 16:48
2008-08-08 22:49 . 2008-08-08 22:49
2008-08-08 18:45 . 2008-08-08 18:45
2008-08-08 18:32 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2008-08-08 18:32 . 2005-06-17 10:26 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 22:00 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\XnView
2008-08-13 18:19 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-08 21:01 --------- d–h--w C:\Program Files\Give4Free Plugin
2008-07-22 08:01 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-06-28 19:33 --------- d-----w C:\Program Files\Ashampoo Burning Studio 7
2008-06-28 19:21 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\Ashampoo
2008-06-28 19:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-06-17 17:35 --------- d-----w C:\Program Files\Common Files\Vbox
2008-06-17 17:35 --------- d-----w C:\Program Files\Common Files\Adobe
2005-11-22 21:57 141 —ha-w C:\Program Files\desktop.ini
2003-03-16 01:00 7,216 ----a-w C:\WINDOWS\inf\RAMDISK.SYS
2006-07-14 20:47 88 --sha-r C:\WINDOWS\system32\5CAC2ED575.sys
2006-02-09 02:27 8 --sha-r C:\WINDOWS\system32\75D52EAC5C.dll
2006-03-14 23:11 8 --sha-r C:\WINDOWS\system32\75D52EAC5C.sys
2006-07-14 20:47 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0603D38B-C4FF-458D-9E9A-C0FD113FAEC3}]
2008-08-14 00:01 45056 --a------ C:\WINDOWS\System32\amosvid.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Organizer”=“F:\Organizer\Organizer.exe” [2004-12-12 20:13 2673664]
“Desktop Architect”=“C:\Program Files\Desktop Architect\datray.exe” [2001-05-07 19:35 53248]
“CursorXP”=“C:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34 128000]
“Draco Organizer”=“F:\Draco Organizer 3\Organizer.exe” [2007-12-18 17:03 9885696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [2003-03-11 13:08 172032]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-03-03 13:00 335872]
“DiskeeperSystray”=“C:\Program Files\Diskeeper\DkIcon.exe” [2005-11-22 18:38 221184]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe” [2005-12-28 12:09 245248]
“BootSkin Startup Jobs”=“C:\Program Files\BootSkin\BootSkin.exe” [2004-04-26 17:21 270336]
“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 19:19 15872]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 15:07 49263]
“PivotSoftware”=“C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe” [2007-02-09 13:17 694008]
“DT LGE”=“C:\Program Files\Portrait Displays\forteManager\DTHtml.exe” [2007-06-12 13:32 291328]
“LWBMOUSE”=“C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE” [2004-08-04 17:19 365568]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06 487424]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“SoundMan”=“SOUNDMAN.EXE” [2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
“CHotkey”=“mHotkey.exe” [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2002-09-20 19:05 13312]
C:\Documents and Settings\Adrian\Menu Start\Programy\Autostart\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-10-23 19:35:01 118784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2007-12-31 03:46:25 3444008]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-08-09 20:52:23 950272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpnmodem32]
2004-05-06 11:33 8192 C:\WINDOWS\system32\dpnmodem32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.iv31”= C:\WINDOWS\System32\ir32_32.dll
“vidc.iv32”= C:\WINDOWS\System32\ir32_32.dll
“msacm.l3acm”= l3codecp.acm
“VIDC.JPEG”= JPEGCODE.DLL
“VIDC.MPEG”= JPEGCODE.DLL
“VIDC.ACDV”= ACDV.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
–a------ 2005-06-06 23:46 57344 D:\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
–a------ 2004-10-22 01:41 57344 C:\Program Files\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
–a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
–a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
–a------ 2003-11-14 15:46 159744 F:\PHOTOJ~1\data\product\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]
R1 Pivot;Pivot;C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 13:17]
R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 21:33]
R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\System32\drivers\Kmm4xNT.sys [2000-11-25 10:38]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-05-28 23:54]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2004-12-24 11:58]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\System32\DRIVERS\motodrv.sys []
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\System32\DRIVERS\motport.sys []
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 13:17]
S3 serusb;Motorola USB Comm Port;C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 23:03]
S3 Service_Desktop;Desktop;C:\Program Files\Virtual Desktop\Desktop.exe []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 02:32]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder
2008-07-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 18:00]
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-hldrrr - C:\WINDOWS\System32\hldrrr.exe
MSConfigStartUp-MyVBApp - C:\iexplorer.exe
MSConfigStartUp-NVMixerTray - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 14:23:18
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-15 14:25:58
ComboFix-quarantined-files.txt 2008-08-15 12:24:57
Pre-Run: 432,619,520 bajtów wolnych
Post-Run: 458,883,072 bajtów wolnych
156
