Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.551 [GMT 1:00]
Running from: C:\Download\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM33339f25.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bjsmhcfr.ini
C:\WINDOWS\system32\cbxuusq.dll
C:\WINDOWS\system32\iwfpwgfn.dll
C:\WINDOWS\system32\ljggyaat.dll
C:\WINDOWS\system32\nudmhfvt.dll
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pryubgpm.dll
C:\WINDOWS\system32\rfchmsjb.dll
C:\WINDOWS\system32\simqhioa.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\tuxyhrou.dll
C:\WINDOWS\system32\xmlrgfrq.dll
C:\WINDOWS\system32\yefgtntc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.
2008-03-13 11:49 . 2008-03-13 12:02 <DIR> d-------- C:\Temp
2008-03-13 10:09 . 2008-03-13 10:09 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-13 10:09 . 2008-03-13 10:09 <DIR> d-------- C:\Documents and Settings\zoz\Dane aplikacji\skypePM
2008-03-13 10:09 . 2008-03-13 10:09 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-12 20:46 . 2008-03-12 20:46 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-11 02:20 . 2008-03-11 02:20 1,317,923 ---hs---- C:\WINDOWS\system32\xqirltxx.ini
2008-03-11 02:14 . 2008-03-11 02:14 89,152 --a------ C:\WINDOWS\system32\krevnumh.dll
2008-03-10 02:19 . 2008-03-10 07:37 1,307,741 ---hs---- C:\WINDOWS\system32\xvwqblbb.ini
2008-03-10 02:13 . 2008-03-10 02:13 89,664 --a------ C:\WINDOWS\system32\emetrqbt.dll
2008-03-09 02:19 . 2008-03-09 02:19 92,224 --a------ C:\WINDOWS\system32\ceiwfuiq.dll
2008-03-09 02:16 . 2008-03-10 02:17 1,307,621 ---hs---- C:\WINDOWS\system32\yfgfjiou.ini
2008-03-08 02:19 . 2008-03-08 02:19 90,688 --a------ C:\WINDOWS\system32\ydxfytsn.dll
2008-03-08 02:17 . 2008-03-09 02:17 1,307,561 ---hs---- C:\WINDOWS\system32\wsyxncvj.ini
2008-03-08 02:13 . 2008-03-08 02:13 88,640 --a------ C:\WINDOWS\system32\dfryyspp.dll
2008-03-07 13:55 . 2008-03-07 14:01 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 10:16 . 2008-03-05 10:16 <DIR> d-------- C:\Program Files\Morgan
2008-03-05 10:16 . 2002-01-16 14:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll
2008-03-05 10:16 . 2002-02-12 20:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax
2008-03-05 10:16 . 2001-11-09 01:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe
2008-03-05 10:16 . 2001-11-14 16:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax
2008-03-05 10:16 . 2008-03-05 10:20 705 --a------ C:\WINDOWS\M3JPEG.INI
2008-03-05 09:20 . 2008-03-05 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SlySoft
2008-03-05 09:12 . 2008-03-05 09:20 24 ---hs---- C:\WINDOWS\SBAF1F7D0.tmp
2008-02-13 13:25 . 2007-10-25 17:44 8,488,960 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 10:45 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\uTorrent
2008-03-13 10:45 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\Skype
2008-03-13 09:09 --------- d-----w C:\Program Files\Skype
2008-03-13 09:04 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\foobar2000
2008-03-13 08:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-13 08:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-29 07:17 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\XnView
2008-02-22 12:58 --------- d-----w C:\Program Files\Google
2008-02-19 13:25 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\Media Player Classic
2008-02-19 06:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 13:50 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-08 13:27 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\FileZilla
2008-02-07 21:55 --------- d-----w C:\Program Files\ESET
2008-02-05 18:50 --------- d-----w C:\Program Files\IZArc
2008-02-05 17:46 --------- d-----w C:\Program Files\KodyPocztowe
2008-01-29 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 14:26 --------- d-----w C:\Program Files\Intel
2008-01-29 14:26 --------- d-----w C:\Documents and Settings\zoz\Dane aplikacji\InstallShield
2008-01-23 14:41 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-06-13 13:12 22,040 ---h--w C:\Documents and Settings\zoz\Dane aplikacji\addon.dat
2006-03-20 14:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-07-26 07:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-07-25 10:46 504832 381221f69d1248864861889a64f100b6 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 07:28 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-27 22:21 1670080]
"AlcoholAutomount"="D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 12:30 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-26 07:12 949376]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 11:51 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 11:51 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 11:51 131072]
"NBKeyScan"="D:\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PWRISOVM.EXE"="d:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"MMTray"="MMTray.exe" [2001-11-09 01:19 53248 C:\WINDOWS\system32\MMTray.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2006-04-09 19:59 24674 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcywwv]
efcywwv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
D:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 D:\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 09:26 86016 D:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-06-14 17:32 132760 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 19:58]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 19:59]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2006-04-09 19:58]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 19:59]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 19:58]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-19 09:52]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;D:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 18:34]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S4 Centura SQLBase;Centura SQLBase;D:\Centura7\DBNT1SV.EXE [1999-08-13 07:06]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 12:02:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\oracle\ora92\bin\omtsreco.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
.
**************************************************************************
.
Completion time: 2008-03-13 12:04:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 11:04:11
.
2008-03-12 19:46:58 --- E O F ---
