log z combofixa:
ComboFix 08-06-16.5 - admin 2008-06-19 21:40:28.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.818 [GMT 2:00]
Running from: C:\Documents and Settings\admin\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\admin\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\admin\Pulpit\Error Cleaner.url
C:\Documents and Settings\admin\Pulpit\Privacy Protector.url
C:\Documents and Settings\admin\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\admin\Ulubione\Error Cleaner.url
C:\Documents and Settings\admin\Ulubione\Privacy Protector.url
C:\Documents and Settings\admin\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\system32\itlykucq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mlJYSkLd.dll
C:\WINDOWS\system32\mtvohoqc.ini
C:\WINDOWS\system32\ofwdjwbs.dll
C:\WINDOWS\system32\opnlMdEX.dll
C:\WINDOWS\system32\rddifklr.ini
C:\WINDOWS\system32\rqmltdni.ini
C:\WINDOWS\system32\sbwjdwfo.ini
C:\WINDOWS\system32\uqgtlyoy.ini
C:\WINDOWS\system32\XEdMlnpo.ini
C:\WINDOWS\system32\XEdMlnpo.ini2
C:\WINDOWS\system32\yoyltgqu.dll
K:\MS32DLL.dll.vbs
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-19 21:04 . 2008-06-19 21:04 91,392 --a------ C:\WINDOWS\system32\rlkfiddr.dll
2008-06-18 17:04 . 2008-06-18 17:07 <DIR> d-------- C:\Program Files\Opera
2008-06-17 18:48 . 2008-06-17 18:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-17 18:48 . 2008-06-17 18:48 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-17 18:46 . 2008-06-18 22:54 2,981,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 18:46 . 2008-06-19 21:09 335,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-17 18:46 . 2008-06-18 22:54 27,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-17 18:46 . 2008-06-19 21:09 4,324 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-17 18:35 . 2008-06-17 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-17 18:28 . 2008-06-17 18:28 <DIR> d-------- C:\Program Files\3D Fish School 3
2008-06-17 18:28 . 2007-07-27 17:37 3,403,776 --a------ C:\WINDOWS\3D Fish School 3.scr
2008-06-17 18:28 . 2007-05-24 15:41 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2008-06-16 19:54 . 2008-06-16 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-16 19:52 . 2008-06-16 19:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 19:10 . 2008-06-19 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-16 19:07 . 2008-06-17 08:24 <DIR> dr-h----- C:\$VAULT$.AVG
2008-06-16 19:00 . 2008-06-16 19:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-15 19:55 . 2008-06-15 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-15 19:49 . 2008-06-15 19:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2008-06-15 19:49 . 2008-06-17 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-06-15 19:49 . 2008-06-17 18:09 <DIR> d-------- C:\Documents and Settings\admin\Dane aplikacji\AVG7
2008-06-14 19:33 . 2008-06-14 19:33 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-06-11 18:41 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 23:19 . 2008-06-05 23:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-05 09:35 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-05 09:12 . 2008-06-14 19:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-03 21:12 . 2008-06-03 21:12 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-06-03 20:51 . 2008-06-03 20:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 20:46 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002386_.tmp
2008-06-03 20:45 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-03 20:42 . 2008-06-03 20:42 <DIR> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:05 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Skype
2008-06-19 19:03 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\skypePM
2008-06-10 08:24 --------- d-----w C:\Program Files\Lx_cats
2008-05-30 07:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 16:24 --------- d-----w C:\Program Files\PITy
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 15:56 8,105 ----a-w C:\WINDOWS\system32\drivers\bDriver.sys
2008-05-06 15:56 13,312 ----a-w C:\WINDOWS\buninst.exe
2008-05-06 15:56 --------- d-----w C:\Program Files\Borg Software
2008-04-29 20:40 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu
2008-04-29 18:17 --------- d-----w C:\Program Files\Skype
2008-04-29 18:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-29 18:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-29 14:05 --------- d-----w C:\Program Files\Sunbelt Software
2008-04-29 13:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-23 20:10 --------- d-----w C:\Program Files\PCFriendly
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1542806F-9435-4B72-875D-845A86725465}]
C:\WINDOWS\kvsdpfeaqnm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E1F6C9A-86C0-4811-B45A-278E754B457F}"= "C:\WINDOWS\rtsplgob.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{8e1f6c9a-86c0-4811-b45a-278e754b457f}]
[HKEY_CLASSES_ROOT\rtsplgob.1]
[HKEY_CLASSES_ROOT\TypeLib\{2858B7C6-04ED-47DD-88EA-7B488F260762}]
[HKEY_CLASSES_ROOT\rtsplgob]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [ ]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-04 17:21 2089808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-03-26 21:28 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-03-26 21:20 106496]
"PROMon.exe"="PROMon.exe" [2002-04-18 18:32 73728 C:\WINDOWS\system32\PROMon.exe]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-07 14:54 90112]
"UC_SMB"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-01-10 10:47 4239360]
"nwiz"="nwiz.exe" [2003-01-10 10:47 315392 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 22:03 69632]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 16:03 352256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 21:03 180269]
"KMCONFIG"="C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 15:51 212992]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-22 18:10 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 16:39 196608]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 19:24 61440]
"24ad6d4b"="C:\WINDOWS\system32\indtlmqr.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {3876CBCA-D6C5-4552-8118-F80B70C1DCB0} - C:\WINDOWS\xkefqtgs.dll [ ]
"rnopbfgt"= {AB6B9914-1FC0-4913-AFEF-1E28CEEADD83} - C:\WINDOWS\rnopbfgt.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
S2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 16:03]
S2 bDriver;bDriver;C:\WINDOWS\system32\drivers\bDriver.sys [2008-05-06 17:56]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 11:29]
S2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 16:03]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-22 10:06]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contents of the 'Scheduled Tasks' folder
"2006-04-18 10:43:15 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2006-04-18 10:43:16 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2006-04-18 10:43:16 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 21:47:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-19 21:54:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 19:53:58
Pre-Run: 4,792,598,528 bajtów wolnych
Post-Run: 7,130,607,616 bajt˘w wolnych
176 --- E O F --- 2008-06-14 17:34:20
