ComboFix 08-06-04.1 - Administrator 2008-06-05 0:03:01.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1792 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Moje dokumenty\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Radek\Dane aplikacji\addon.dat
C:\Documents and Settings\Radek\Ulubione\Online Security Test.url
.
---- Previous Run -------
.
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\ts.ico
----- BITS: Possible infected sites -----
hxxp://sync.broadband.o2.co.uk
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-06-04 23:55 . 2008-06-04 23:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 23:55 . 2008-06-04 23:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 19:38 . 2008-06-04 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avg8
2008-06-04 19:22 . 2008-06-04 19:26 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-04 19:19 . 2008-06-04 19:19 <DIR> d-------- C:\Program Files\AVG
2008-06-04 18:51 . 2008-06-04 19:26 <DIR> d-------- C:\Program Files\SkanerOnline
2008-06-04 04:56 . 2008-06-04 04:56 2 --a------ C:\WINDOWS\msoffice.ini
2008-06-04 00:37 . 2008-06-04 19:06 <DIR> d--h----- C:\WINDOWS\d2
2008-06-03 06:18 . 2008-06-03 06:18 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-03 06:18 . 2008-06-03 06:25 35,251 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-03 06:18 . 2008-06-03 06:18 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-03 06:12 . 2008-06-04 21:28 <DIR> d-------- C:\Program Files\Diablo II
2008-06-02 22:34 . 2008-03-09 23:20 528,384 --a------ C:\WINDOWS\system32\js32.dll
2008-06-01 11:07 . 2008-06-01 11:07 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-01 11:07 . 2008-06-04 04:59 <DIR> d-------- C:\WINDOWS\occache
2008-06-01 11:07 . 2008-06-01 11:07 <DIR> d-------- C:\Program Files\QuickTime
2008-06-01 11:07 . 2008-06-01 11:07 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-06-01 11:07 . 2008-06-01 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
2008-06-01 11:07 . 2008-06-01 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-06-01 11:07 . 2008-06-04 04:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AOL
2008-06-01 11:07 . 2003-05-30 13:46 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-01 11:07 . 2007-10-11 07:11 1,498,112 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-06-01 11:07 . 2003-08-15 15:17 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2008-06-01 11:07 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-06-01 11:07 . 2003-08-15 15:17 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-06-01 11:06 . 2008-06-01 11:24 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-01 11:06 . 2008-06-01 11:06 30 --a------ C:\WINDOWS\atid.ini
2008-05-31 16:51 . 2008-05-31 16:51 <DIR> d-------- C:\Program Files\VMware
2008-05-31 16:51 . 2008-05-31 16:51 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-05-31 16:51 . 2008-03-03 20:11 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-05-31 16:51 . 2008-03-03 20:12 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
2008-05-31 16:51 . 2008-03-03 20:13 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-05-31 16:51 . 2008-03-03 20:10 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2008-05-31 16:51 . 2008-03-03 20:10 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-31 16:51 . 2008-03-03 20:14 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-05-31 16:51 . 2008-03-03 20:13 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2008-05-31 16:51 . 2008-03-03 20:10 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-05-31 16:51 . 2008-03-03 20:10 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-05-31 16:51 . 2008-03-03 20:10 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-05-30 01:23 . 2008-06-04 23:56 <DIR> d-------- C:\Documents and Settings\Radek\Dane aplikacji\VMware
2008-05-30 01:21 . 2008-06-04 23:56 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\VMware
2008-05-30 01:20 . 2008-06-04 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\VMware
2008-05-30 00:45 . 2008-05-30 00:58 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-30 00:45 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-30 00:45 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-30 00:45 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\Documents and Settings\Radek\Dane aplikacji\TVU Networks
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-05-25 18:14 . 2008-05-25 18:14 <DIR> d-------- C:\Documents and Settings\Radek\LocalLow
2008-05-17 10:17 . 2008-06-04 19:25 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-17 10:17 . 2008-05-17 13:57 <DIR> d-------- C:\Documents and Settings\Radek\Dane aplikacji\IDM
2008-05-14 04:08 . 2005-11-09 08:28 5,341,184 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-05-14 04:08 . 2002-04-29 09:04 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-05-14 04:08 . 2001-11-23 06:08 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-05-14 04:08 . 2004-02-13 09:39 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-05-14 04:08 . 2005-01-19 03:52 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-05-14 04:08 . 2004-02-18 08:19 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-05-14 04:08 . 2004-08-27 05:09 2,563 -r------- C:\WINDOWS\Cmudau.ini
2008-05-14 04:08 . 2005-04-06 02:53 482 -ra------ C:\WINDOWS\system\CmcnfgU.ini
2008-05-14 04:07 . 2008-05-14 04:08 <DIR> d-------- C:\Program Files\Steel Sound 5H USB
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-13 09:21 . 2008-05-13 09:21 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-13 09:21 . 2008-05-13 09:21 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-13 04:14 . 2008-05-13 11:15 <DIR> d-------- C:\Program Files\Creative
2008-05-07 07:13 . 2008-05-07 07:36 <DIR> d-------- C:\Program Files\Hero Editor
2008-05-06 22:58 . 2008-05-06 23:21 <DIR> d-------- C:\Documents and Settings\Radek\Dane aplikacji\Sony
2008-05-06 22:58 . 2008-05-06 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-05-06 22:43 . 2008-05-06 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-06 22:42 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-06 22:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-06 22:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-06 22:42 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-05 06:54 . 2008-05-05 06:54 691 --a------ C:\WINDOWS\ST6UNST.001
2008-05-05 05:55 . 2008-05-07 07:13 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-05 05:55 . 2008-05-07 07:13 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 05:52 . 2008-05-05 05:52 691 --a------ C:\WINDOWS\ST6UNST.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 22:57 --------- d-----w C:\Documents and Settings\Radek\Dane aplikacji\DMCache
2008-06-04 22:55 --------- d-----w C:\Program Files\Steam
2008-06-04 22:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 20:28 43,520 ----a-w C:\windows\system32\CmdLineExt03.dll
2008-06-03 20:24 --------- d-----w C:\Program Files\mIRC
2008-06-03 05:25 21,840 ----atw C:\windows\system32\SIntfNT.dll
2008-06-03 05:25 17,212 ----atw C:\windows\system32\SIntf32.dll
2008-06-03 05:25 12,067 ----atw C:\windows\system32\SIntf16.dll
2008-06-02 03:06 --------- d-----w C:\Documents and Settings\Radek\Dane aplikacji\uTorrent
2008-05-29 21:01 --------- d-----w C:\Documents and Settings\Radek\Dane aplikacji\teamspeak2
2008-05-28 01:32 --------- d-----w C:\Program Files\HLSW
2008-05-26 01:56 --------- d-----w C:\Program Files\World of Warcraft
2008-05-02 21:46 768,544 ----a-w C:\windows\system32\nvcplui.exe
2008-05-02 21:46 442,368 ----a-w C:\windows\system32\nvudisp.exe
2008-05-02 21:46 313,888 ----a-w C:\windows\system32\nvexpbar.dll
2008-04-30 16:27 442,368 ----a-w C:\windows\system32\NVUNINST.EXE
2008-04-23 18:09 --------- d-----w C:\Documents and Settings\Radek\Dane aplikacji\dvdcss
2008-04-12 20:15 --------- d-----w C:\Program Files\O2
2008-04-12 20:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SupportSoft
2008-04-12 20:13 81,920 ----a-w C:\windows\system32\W32N50.DLL
2008-04-12 20:13 17,134 ----a-w C:\windows\system32\PCANDIS5.SYS
2008-04-06 17:53 --------- d-----w C:\Documents and Settings\Radek\Dane aplikacji\Skype
2008-03-25 04:52 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\windows\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-09-21 16:40 137216]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-31 04:19 185896]
"O2"="C:\Program Files\O2\bin\sprtcmd.exe" [2008-03-28 22:47 198184]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 18:04 3313664]
"CmUsbSound"="cmcnfgu.cpl" []
"nwiz"="nwiz.exe" [2007-05-11 05:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10 55856]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-01 11:07 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 08:23 221568 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 18:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\IDM\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2006-07-08 00:15 600896 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2006-09-13 11:12 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-22 16:23 25368104 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);"C:\Program Files\O2\bin\sprtsvc.exe" /service /p O2 []
S3 cmudaxu;C-Media USB Sound Interface;C:\windows\system32\drivers\cmudaxu.sys [2005-11-03 07:50]
S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys []
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-07-27 05:39]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{87405AA0-8D02-5D2C-0359-D9EFA22B2B02}]
C:\windows\d2\winxp.exe s
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 00:04:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 0:05:19
ComboFix-quarantined-files.txt 2008-06-04 23:05:14
Pre-Run: 113,565,937,664 bajtów wolnych
Post-Run: 113,788,928,000 bajtów wolnych
215 --- E O F --- 2008-05-27 18:53:30
