ComboFix 08-05-15.3 - Emilia 2008-05-18 20:10:13.1 - NTFSx86
Running from: C:\Documents and Settings\Emilia\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Emilia\Pulpit\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0003841F
C:\Program Files\myglobalsearch\bar\Cache\00038999.bin
C:\Program Files\myglobalsearch\bar\Cache\00039E73.bin
C:\Program Files\myglobalsearch\bar\Cache\0003A1DA.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\9.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\drivers\OLD9.tmp
C:\WINDOWS\system32\mmdmm.exe
C:\WINDOWS\system32\NinKey.exe
C:\WINDOWS\system32\setup.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 19:42 . 2008-05-18 19:42
2008-05-18 19:22 . 2008-05-18 19:22
2008-05-18 19:18 . 2008-05-18 19:18
2008-05-18 19:17 . 2008-05-18 19:17
2008-05-18 19:17 . 2008-05-18 19:17
2008-05-18 19:15 . 2008-05-18 19:26
2008-05-18 10:45 . 2008-05-18 10:45 76,383 --a------ C:\WINDOWS\system32\msv.exe
2008-05-16 20:45 . 2008-05-16 20:48 41,216 --a------ C:\WINDOWS\system32\hqghumea.dll
2008-05-16 18:23 . 2008-05-16 18:23 70,320 --a------ C:\WINDOWS\system32\lfo.exe
2008-05-16 18:23 . 2008-05-16 18:23 70,298 --a------ C:\WINDOWS\system32\ivnt.exe
2008-05-16 18:14 . 2008-05-18 19:39 60 --a------ C:\WINDOWS\system32\i
2008-05-16 18:10 . 2008-05-16 18:10
2008-05-16 17:58 . 2003-02-25 14:30 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-05-16 17:58 . 2003-05-24 09:06 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-05-16 17:58 . 2002-10-24 10:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-05-16 17:52 . 2002-05-16 13:41 94,208 --------- C:\WINDOWS\Dit.DLL
2008-05-16 17:52 . 2002-07-12 10:29 69,632 --a------ C:\WINDOWS\Dit.exe
2008-05-16 17:52 . 2002-07-12 10:29 65,536 --a------ C:\WINDOWS\DitExp.exe
2008-05-16 17:52 . 2002-06-21 09:55 208 --------- C:\WINDOWS\Dit.INI
2008-05-16 17:52 . 2002-06-05 15:21 94 --------- C:\WINDOWS\ICCLR.INF
2008-05-16 17:50 . 2003-04-30 11:22 28,928 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-05-16 17:47 . 2008-05-16 17:47
2008-05-16 17:47 . 2003-03-05 13:17 107,247 --------- C:\WINDOWS\system32\drivers\ALiEHCI.SYS
2008-05-16 17:47 . 2001-11-13 21:24 35,587 --------- C:\WINDOWS\system32\rmusb20.EXE
2008-05-16 17:47 . 2003-01-11 17:20 28,672 --------- C:\WINDOWS\system32\Unusb20.exe
2008-05-16 17:47 . 2003-02-27 15:27 17,829 --------- C:\WINDOWS\system32\drivers\ALiHUB.SYS
2008-05-16 17:47 . 2003-02-27 15:26 12,622 --------- C:\WINDOWS\system32\drivers\ALiGP.SYS
2008-05-16 17:47 . 2000-01-07 15:20 12,288 --------- C:\WINDOWS\system32\PCIVP.SYS
2008-05-16 17:47 . 2003-02-27 15:27 5,331 --------- C:\WINDOWS\system32\drivers\ALiRTHUB.SYS
2008-05-16 17:47 . 2003-02-27 10:50 635 --a------ C:\WINDOWS\system32\setup.iss
2008-05-16 15:02 . 2008-05-16 15:02
2008-05-16 08:23 . 2008-05-18 19:04 61 --a------ C:\WINDOWS\system32\o
2008-05-16 08:21 . 2008-05-16 08:21 50,110 —hs---- C:\WINDOWS\system32\mdm.exe
2008-05-15 20:40 . 2008-05-15 20:40 163,840 --a------ C:\WINDOWS\system32\MysWorkstation.exe
2008-05-15 13:33 . 2008-05-15 13:34 526,336 -r-hs---- C:\WINDOWS\system32\aglddd23.exe
2008-05-14 20:05 . 2008-05-17 19:46
2008-05-14 20:05 . 2008-05-14 20:05
2008-05-14 20:01 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-14 20:01 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-14 20:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-14 20:00 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-14 19:42 . 2008-05-14 19:42 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-14 19:35 . 2008-05-14 19:35 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-14 19:22 . 2008-05-14 19:22 444,928 -r-hsc— C:\WINDOWS\system32\dllcache\mravsc32.exe
2008-05-14 19:16 . 2008-05-14 19:16
2008-05-14 19:16 . 2008-05-14 19:16
2008-05-14 19:10 . 2008-05-14 19:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-14 19:06 . 2008-05-14 19:06
2008-05-14 19:05 . 2008-05-14 19:06
2008-05-14 19:01 . 2008-05-14 19:01
2008-05-14 18:57 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-05-14 18:57 . 2003-04-30 11:24 67,568 -ra------ C:\WINDOWS\system32\drivers\usbhub20.sys
2008-05-14 18:57 . 2003-09-05 06:58 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-05-14 18:57 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-05-14 18:57 . 2003-09-05 06:58 5,607 --a------ C:\WINDOWS\system32\stci.dll
2008-05-14 18:57 . 2003-09-05 06:58 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-05-14 18:57 . 2003-09-05 06:58 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-05-14 18:56 . 2008-05-14 18:56
2008-05-14 18:56 . 2008-05-14 18:56
2008-05-14 18:56 . 2008-05-16 17:52
2008-05-14 18:56 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-05-14 18:56 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-05-14 18:54 . 2008-05-14 18:54
2008-05-14 18:54 . 2008-05-14 19:41
2008-05-14 18:50 . 2003-02-21 13:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-14 18:50 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-05-14 18:49 . 2008-05-14 18:50
2008-05-14 18:48 . 2008-05-14 18:48
2008-05-14 18:47 . 2008-05-14 18:47
2008-05-14 18:47 . 2008-05-14 18:47
2008-05-14 18:47 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-14 18:47 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-14 18:47 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-14 18:47 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-14 18:47 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-14 18:47 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-14 18:47 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-14 18:43 . 2008-05-14 18:45
2008-05-14 18:43 . 2008-05-14 18:47
2008-05-14 18:33 . 2001-08-17 22:03 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-14 00:02 . 2008-05-13 22:13 261 --a------ C:\WINDOWS\system32$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 18:05 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-13 20:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-13 20:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-13 20:10 --------- d-----w C:\Program Files\Usługi online
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2001-10-26 17:29 163,840 --sh–r C:\WINDOWS\system32\ezanxiijvfselh.exe
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-05-26 05:18 49152]
“Microsoft Winedows Updateing”=“NinKey.exe” []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-05-26 05:18 4640768]
“nwiz”=“nwiz.exe” [2003-05-26 05:18 323584 C:\WINDOWS\system32\nwiz.exe]
“SoundMan”=“SOUNDMAN.EXE” [2003-01-10 05:39 46592 C:\WINDOWS\SOUNDMAN.EXE]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [2002-12-09 18:24 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [2002-12-09 18:24 45056]
“adiras”=“adiras.exe” []
“Dit”=“Dit.exe” [2002-07-12 10:29 69632 C:\WINDOWS\Dit.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]
“Microsoft Winedows Updateing”=“NinKey.exe” []
“Winddows Service Agent”=“aglddd23.exe” [2008-05-15 13:34 526336 C:\WINDOWS\system32\aglddd23.exe]
“Windows Networking Monitoring”=“C:\WINDOWS\System32\mdm.exe” [2008-05-16 08:21 50110]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-14 20:05:33 962661]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.avrn”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
“vidc.advj”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
“vidc.mszh”= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
“vidc.zlib”= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
“vidc.cscd”= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
“vidc.cvid”= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
“msacm.trspch”= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
“vidc.em2v”= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
“vidc.mkvc”= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
“vidc.hfyu”= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
“msacm.lameacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
“msacm.lhacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
“msacm.l3acm”= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
“vidc.sjpg”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
“vidc.dmb2”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
“vidc.gepj”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
“vidc.qpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
“vidc.q1.0”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.tscc”= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
“vidc.vifp”= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
“vidc.wrpr”= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
“vidc.wnv1”= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
“vidc.advs”= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
“vidc.aflc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
“vidc.afli”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
“vidc.aasc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
“vidc.aas4”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
“vidc.asv1”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
“vidc.asv2”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
“vidc.asvx”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
“vidc.vcr1”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
“vidc.vcr2”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.mwv1”= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
“vidc.bt20”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
“vidc.y41p”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
“msacm.pcdv”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
“vidc.cdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
“vidc.ddvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
“vidc.png1”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
“msacm.CoreFLAC_ACM”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
“vidc.davc”= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
“vidc.div3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
“vidc.div5”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
“vidc.mpg3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
“vidc.div4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
“vidc.div6”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
“vidc.ap41”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
“vidc.dvx4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“msacm.divxa32”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
“vidc.frwd”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
“vidc.frwt”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
“vidc.frwa”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
“vidc.frwu”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
“vidc.glzw”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
“vidc.gpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
“vidc.i263”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
“vidc.iv30”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv31”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv32”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv33”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv34”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv35”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv36”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv37”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv38”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv39”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
“vidc.iv40”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv41”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv42”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv43”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv44”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv45”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv46”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv47”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv48”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv49”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
“vidc.iv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.ir21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
“vidc.rt21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
“msacm.imc”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
“vidc.lead”= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
“vidc.dvsd”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
“vidc.dvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
“vidc.dvcs”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
“vidc.dcmj”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
“vidc.avi1”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
“vidc.avi2”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
“msacm.msadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
“msacm.imaadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
“msacm.msg711”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
“msacm.msg723”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
“msacm.msgsm610”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
“vidc.m261”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
“vidc.m263”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
“vidc.i420”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
“vidc.mrle”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.msvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
“vidc.cram”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
“vidc.mpg4”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.mp41”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.mp42”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.mp43”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.mp4s”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.mp4v”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
“vidc.wmv3”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
“vidc.vixl”= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
“vidc.nt00”= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
“msacm.vorbis”= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
“vidc.vp30”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
“vidc.vp31”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
“vidc.vp60”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
“vidc.vp61”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
“vidc.pdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
“vidc.ipdv”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
“vidc.pvw2”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
“vidc.pimj”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
“vidc.mjpx”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
“vidc.miro”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
“vidc.dcap”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
“vidc.mjpa”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
“vidc.gpjm”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
“vidc.pim1”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
“msacm.qmpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
“vidc.rmp4”= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
“vidc.rud0”= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
“msacm.at3”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
“vidc.sony”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
“vidc.dvcp”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
“vidc.s422”= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
“vidc.t420”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
“vidc.y411”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
“vidc.vssv”= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
“msacm.voxacm160”= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
“vidc.xvid”= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
–a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
*Newly Created Service* - CATCHME
*Newly Created Service* - SRESCAN
*Newly Created Service* - VSMON
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 20:11:07
Windows 5.1.2600 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flys.q8pilots.net]
“ImagePath”="“C:\WINDOWS\System32\NinKey.exe” -netsvcs"
.
Completion time: 2008-05-18 20:11:29
ComboFix-quarantined-files.txt 2008-05-18 18:11:27
Pre-Run: 49,358,241,792 bajtów wolnych
Post-Run: 49,477,689,344 bajtów wolnych
330
W dniu 18.05.2008 , o godzinie 20:24 został dopisany post przez ocelotttt
prosze log czekam na odp