ComboFix 08-08-28.06 - Admin 2008-08-29 13:57:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.858 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\db32.txt
C:\WINDOWS\explore.exe
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\ws386.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASPIMGR
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-29 13:56 . 2008-08-29 13:57 <DIR> d-------- C:\327882R2FWJFW
2008-08-29 13:46 . 2008-08-29 13:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-29 13:37 . 2008-08-29 13:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-29 13:37 . 2008-08-29 13:37 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-29 13:37 . 2008-08-29 13:37 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-29 13:37 . 2008-08-29 13:37 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-29 13:37 . 2008-08-29 13:37 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-29 13:36 . 2008-08-29 13:36 <DIR> d-------- C:\Program Files\AVG
2008-08-29 13:36 . 2008-08-29 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-08-29 13:32 . 2008-08-29 13:32 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-08-29 13:32 . 2008-08-29 13:32 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-08-29 12:06 . 2008-08-29 12:06 <DIR> d-------- C:\Program Files\Keylogger Hunter
2008-08-29 10:46 . 2008-08-29 11:41 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-08-29 10:41 . 2008-08-29 12:55 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-29 10:41 . 2008-08-29 10:42 <DIR> d-------- C:\Program Files\Crawler
2008-08-29 10:41 . 2008-08-29 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-08-29 10:41 . 2008-08-29 11:29 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\Spyware Terminator
2008-08-29 10:41 . 2008-08-29 10:41 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-29 10:35 . 2008-08-29 10:40 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-29 10:32 . 2008-08-29 11:29 <DIR> d-------- C:\Program Files\TotalSecure2009
2008-08-29 09:53 . 2008-08-29 12:33 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2008-08-28 22:00 . 2008-08-28 22:00 <DIR> d-------- C:\Program Files\Cheat Engine
2008-08-28 22:00 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-08-28 22:00 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-08-26 21:32 . 2008-08-26 21:32 <DIR> d-------- C:\Program Files\Real
2008-08-26 21:32 . 2008-08-26 21:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-26 21:32 . 2008-08-26 21:32 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-24 22:11 . 2008-08-24 22:11 <DIR> d-------- C:\Program Files\Damian Pasternak
2008-08-16 13:40 . 2008-08-16 13:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-16 11:14 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 11:10 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-09 13:45 . 2008-08-09 13:45 34 --a------ C:\WINDOWS\system32\oeminfo.ini
2008-08-09 13:42 . 2008-08-09 13:42 <DIR> d-------- C:\Program Files\Ashampoo
2008-08-09 12:12 . 2008-04-14 22:00 2,190,336 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-08-09 12:12 . 2008-04-14 21:59 2,067,200 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-08-09 11:20 . 2008-08-09 11:20 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\Styler
2008-08-08 17:19 . 2008-08-08 17:19 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-08 17:19 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-08 17:02 . 2008-08-08 17:02 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-08-08 17:01 . 2008-08-08 17:07 <DIR> d-------- C:\Program Files\ESET
2008-08-08 16:11 . 2008-08-08 16:32 <DIR> d-------- C:\Program Files\NOD32view
2008-08-08 12:42 . 2008-08-08 12:42 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-08 09:35 . 2008-08-08 09:35 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information
2008-08-05 18:43 . 2008-08-05 18:43 343,612 --a------ C:\WINDOWS\system32\kdayz.exe.vir
2008-08-05 18:42 . 2008-08-29 12:59 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-05 18:42 . 2008-08-05 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-08-05 18:42 . 2008-08-05 18:42 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\Simply Super Software
2008-08-05 18:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-05 18:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-05 18:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-05 18:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-05 18:13 . 2008-08-05 18:29 <DIR> d-------- C:\Program Files\SkanerOnline
2008-08-05 17:53 . 2008-08-05 17:53 <DIR> d-------- C:\Logs
2008-08-04 10:53 . 2008-08-04 11:55 172 --a------ C:\WINDOWS\wowCP.ini
2008-08-04 09:08 . 2008-08-04 09:08 <DIR> d-------- C:\Program Files\D-Tools
2008-08-04 08:48 . 2008-08-04 08:48 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 10:57 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-29 10:35 --------- d-----w C:\Program Files\English Translator 3
2008-08-28 20:25 --------- d-----w C:\Program Files\Metin2_PL
2008-08-28 18:24 --------- d-----w C:\Program Files\Cossacks - Back To War
2008-08-20 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 19:00 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Tlen.pl
2008-08-19 13:08 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-08-19 11:19 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-08-19 11:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\skypePM
2008-08-09 11:47 --------- d-----w C:\Program Files\RegDoctor
2008-07-30 16:56 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-30 16:56 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-26 20:40 --------- d-----w C:\Program Files\Project Zoo
2008-07-26 10:45 --------- d-----w C:\Program Files\Valve
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 17:45 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Winamp
2008-07-01 20:37 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Xfire
2008-07-01 20:32 --------- d-----w C:\Program Files\Xfire
2008-07-01 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-01 20:18 --------- d-----w C:\Program Files\MyPortal
2008-06-30 12:26 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\IrfanView
2008-06-26 20:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-26 16:02 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-26 16:02 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-21 08:51 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 09:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-30 16:32 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
- Kod: Zaznacz wszystko
<pre>
----a-w 1,560,576 2008-03-19 11:22:53 C:\Program Files\Metin2_PL\M2 MULTIHACK 1.83 (beta) .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-06-03 14:11 2127296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592]
"Octoshape Streaming Services"="C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 15:59 156944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-29 12:44 916560]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 21:32 185896]
"ISS_SIP"="C:\Program Files\Anti Keylogger Elite\AKE.exe" [2006-03-07 22:04 1140224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-29 10:41 1783808]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 13:36 1235736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]
C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\
Keylogger Hunter.lnk - C:\Program Files\Keylogger Hunter\KeyloggerHunter.exe [2007-09-01 15:47:46 299520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-06-03 14:11 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"NCLaunch"=C:\WINDOWS\NCLAUNCH.EXe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"D:\\Wszyskie Gry\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\Wszyskie Gry\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Admin\\Ustawienia lokalne\\Dane aplikacji\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"C:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\Metin2_PL\\zoom.nebel.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-29 13:37]
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 13:37]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 10:41]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\
000.fcl [2008-02-01 17:24]
R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 13:36]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-29 13:36]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-29 13:37]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-29 13:32]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 19:30]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-29 13:32]
.
Contents of the 'Scheduled Tasks' folder
2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wtg2iag7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.google.pl
FF -: plugin - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\plugins\npoctoshape.dll
FF -: plugin - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0808180_SUA_900\npoctoshape.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 13:59:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\
000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Keylogger Hunter\kh00lib.dll
.
Completion time: 2008-08-29 13:59:50
ComboFix-quarantined-files.txt 2008-08-29 11:59:39
ComboFix2.txt 2008-06-22 14:31:42
ComboFix3.txt 2008-04-29 19:10:51
Pre-Run: 1,080,823,808 bajtów wolnych
Post-Run: 1,066,516,480 bajtów wolnych
226 --- E O F --- 2008-08-27 09:20:08
