Scan saved at 20:08:22, on 2008-06-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\a413808Zc755000991%2C0Zs63Zi0Zt8158\strpmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\games\games-frm.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\mlJAtRLF.dll (file missing)
O2 - BHO: (no name) - {17EA714E-28C7-4BAC-B444-94B877482DFA} - C:\WINDOWS\system32\nnnkHaYR.dll (file missing)
O2 - BHO: (no name) - {3A542F0F-C5F8-45CC-BEAF-EFADD3368261} - C:\WINDOWS\system32\fcccayYr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\a413808Zc755000991%2C0Zs63Zi0Zt8158\strpmon.exe" dm=http://zedo.com ad=http://zedo.com sd=http://inspaid.zedo.com
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] J:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: games.lnk = C:\Program Files\games\games-frm.exe
O4 - Global Startup: scvhost.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
======================================================
ComboFix 08-06-20.4 - Andrzej 2008-06-25 20:09:51.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.558 [GMT 2:00]
Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-25 19:41 . 2008-06-25 19:41 <DIR> d-------- C:\Program Files\Ashampoo
2008-06-25 15:38 . 2008-06-25 15:39 <DIR> d-------- C:\Program Files\QuickTime
2008-06-24 20:23 . 2008-06-25 19:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-24 06:31 . 2008-06-24 06:31 <DIR> d-------- C:\Program Files\Nero
2008-06-24 06:31 . 2008-06-24 06:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-22 12:58 . 2008-06-24 20:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 12:58 . 2008-06-22 12:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 21:41 . 2008-06-18 18:22 <DIR> d-------- C:\Program Files\Bifrost
2008-06-16 19:14 . 2008-06-16 19:14 386,194 --a------ C:\Documents and Settings\Andrzej\Dane aplikacji\serial2.zip
2008-06-16 19:14 . 2008-06-16 19:14 386,194 --a------ C:\Documents and Settings\Andrzej\Dane aplikacji\serial2.dat
2008-06-16 19:14 . 2008-06-16 19:14 54 --a------ C:\Program Files\inc1.bat
2008-06-16 19:14 . 2008-06-16 19:14 41 --a------ C:\Program Files\sleep.bat
2008-06-16 19:14 . 2008-06-16 19:14 39 --a------ C:\Program Files\Turning Point Fall of Liberty lekarstwo.exe
2008-06-16 19:14 . 2008-06-16 19:14 5 --a------ C:\Program Files\Win.All Turning Point Fall of Liberty lekarstwo.exe
2008-06-16 19:13 . 2007-05-18 13:23 <DIR> d-------- C:\WINDOWS\Drivers
2008-06-16 05:22 . 2008-06-16 19:16 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-06-10 21:20 . 2008-06-10 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 19:50 . 2004-08-04 01:44 395,776 --a------ C:\WINDOWS\system32\CF0.exe
2008-06-09 16:34 . 2008-06-09 16:34 <DIR> d-------- C:\Documents and Settings\Andrzej\Wapster
2008-06-08 19:30 . 2008-06-08 20:29 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-08 19:30 . 2008-06-08 20:29 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-08 19:28 . 2008-06-08 19:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-08 19:28 . 2008-06-24 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-08 19:28 . 2008-06-25 20:13 16,936,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-08 19:28 . 2008-06-25 20:13 230,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-08 19:28 . 2008-06-24 07:24 219,812 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-08 19:28 . 2008-06-24 07:24 23,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-08 19:09 . 2008-06-08 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-08 18:46 . 2008-06-08 18:46 <DIR> d-------- C:\Program Files\Common Files\a413808Zc755000991%2C0Zs63Zi0Zt8158
2008-06-06 20:38 . 2008-06-06 20:38 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-06-06 18:00 . 2008-06-06 18:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-05 22:58 . 2008-06-05 22:58 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\CD-LabelPrint
2008-06-04 06:13 . 2008-06-09 12:31 117 --a------ C:\WINDOWS\BMaf80e97f.xml
2008-06-03 18:05 . 2007-02-09 19:34 420,816 --a------ C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
2008-06-03 18:05 . 2008-03-15 17:57 199,445 --a------ C:\Documents and Settings\Andrzej\Dane aplikacji\toolbar.dll
2008-06-03 18:05 . 2008-03-15 15:24 82,937 --a------ C:\Documents and Settings\Andrzej\Dane aplikacji\space1.exe
2008-06-02 22:05 . 2008-06-05 23:28 <DIR> d-------- C:\Program Files\MultiMedia Spain Toolbar
2008-06-02 22:05 . 2008-06-02 22:05 <DIR> d-------- C:\Program Files\Multi_Media_Spain
2008-06-01 22:41 . 2008-06-02 17:17 <DIR> d-------- C:\Program Files\GoD
2008-05-31 08:51 . 2008-05-31 08:51 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-31 08:14 . 2008-05-31 15:14 <DIR> d-------- C:\Program Files\Zylom Games
2008-05-31 08:14 . 2008-05-31 08:14 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Zylom
2008-05-31 08:14 . 2008-05-31 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-05-29 07:25 . 2008-05-29 07:25 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-29 07:03 . 2008-05-29 07:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IM
2008-05-29 07:02 . 2008-05-29 07:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-26 07:38 . 2008-05-27 13:31 <DIR> d-------- C:\Program Files\TransDeu2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:42 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Ashampoo
2008-06-24 04:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-24 04:13 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-20 03:20 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-20 03:20 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-20 03:20 --------- d-----w C:\Program Files\OpenAL
2008-06-20 03:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 16:18 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-08 18:29 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-08 12:02 --------- d-----w C:\Program Files\IncrediMail
2008-06-08 11:23 --------- d-----w C:\Program Files\Bonjour
2008-06-02 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 15:37 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-29 20:42 --------- d-----w C:\Program Files\games
2008-05-24 06:40 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-23 16:55 --------- d-----w C:\Program Files\MarBit
2008-05-19 19:09 --------- d-----w C:\Program Files\NiemPol
2008-05-15 21:09 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Carnival Software
2008-05-14 20:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-14 19:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WildTangent
2008-05-13 18:16 --------- d-----w C:\Program Files\AskTBar
2008-05-10 04:47 --------- d-----w C:\Program Files\Sierra On-Line
2008-05-08 20:00 --------- d-----w C:\Program Files\Common Files\DirectX
2008-05-08 19:59 --------- d-----w C:\Program Files\Mpeg2Decoder
2008-05-08 13:48 --------- d-----w C:\Program Files\TransDeu2(2)
2008-05-08 13:48 --------- d-----w C:\Program Files\Deutsch Translator 2(2)
2008-05-01 13:50 --------- d-----w C:\Program Files\Jasc Software Inc
2008-05-01 13:50 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Jasc Software Inc
2008-05-01 13:42 --------- d-----w C:\Program Files\Java
2008-04-29 13:43 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-28 18:12 --------- d-----w C:\Program Files\Zeallsoft
2008-04-15 19:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-15 19:08 286,720 ------w C:\WINDOWS\Setup1.exe
2008-03-29 15:20 9 ----a-w C:\Documents and Settings\Andrzej\Dane aplikacji\mdb.bin
2008-03-27 11:38 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-24 11:49 22,328 ----a-w C:\Documents and Settings\Andrzej\Dane aplikacji\PnkBstrK.sys
2008-01-07 13:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-28 17:59 8 --sh--r C:\WINDOWS\system32\D0AA7CCB03.sys
2008-01-28 18:00 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_18.43.44,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 16:12:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 13:57:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-22 16:09:54 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-23 13:34:34 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-22 16:09:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-06-23 13:34:34 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-06-22 16:09:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 13:34:34 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2005-02-16 13:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2007-09-20 07:55:18 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
C:\WINDOWS\system32\mlJAtRLF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17EA714E-28C7-4BAC-B444-94B877482DFA}]
C:\WINDOWS\system32\nnnkHaYR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A542F0F-C5F8-45CC-BEAF-EFADD3368261}]
C:\WINDOWS\system32\fcccayYr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-06-03 17:25 243072]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"eMuleAutoStart"="J:\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 10:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 10:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 10:35 86016]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 02:17 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"games-frm.exe"="" []
"BMN"="C:\Program Files\Common Files\a413808Zc755000991%2C0Zs63Zi0Zt8158\strpmon.exe dm=http://zedo.com ad=http://zedo.com" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
games.lnk - C:\Program Files\games\games-frm.exe [2008-04-26 08:43:15 40960]
scvhost.exe [2008-03-24 13:59:57 503808]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\WINDOWS\system32\mlJAtRLF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtRLF]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= diomidi.dll
"wave1"= Digi32.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Andrzej\\Pulpit\\Skype.exe"=
"J:\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2006-12-08 23:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b49d6a-e46c-11dc-bc54-0004619f9561}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 11:02:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 16:06:07 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
"2008-06-03 16:06:07 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
"2008-06-03 18:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
"2008-06-05 20:38:13 C:\WINDOWS\Tasks\At4.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
"2008-06-05 20:38:13 C:\WINDOWS\Tasks\At5.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
"2008-06-05 20:38:13 C:\WINDOWS\Tasks\At6.job"
- C:\Documents and Settings\Andrzej\Dane aplikacji\wunauclt.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 20:13:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-25 20:15:08
ComboFix-quarantined-files.txt 2008-06-25 18:15:00
ComboFix2.txt 2008-06-22 16:44:22
ComboFix3.txt 2008-06-18 16:37:16
Pre-Run: 9,354,182,656 bajtów wolnych
Post-Run: 9,400,360,960 bajtów wolnych
217 --- E O F --- 2008-01-13 18:02:45
