ComboFix 08-05-21.3 - Stano 2008-05-23 14:02:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2263 [GMT 2:00]
Running from: F:\Dokumenty\Z internetu\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\regedit.com
D:\WINDOWS\system32\Cfx32.lic
D:\WINDOWS\system32\cfx32.ocx
D:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-23 13:51 . 2008-05-23 13:52 5,262,012 --a------ D:\WINDOWS\REGBK01.ZIP
2008-05-19 10:39 . 2008-05-19 10:39 <DIR> d-------- D:\Program Files\Microsoft IntelliPoint
2008-05-16 15:50 . 2008-05-16 15:50 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\GrabCaptureScreen
2008-05-16 14:16 . 2008-05-16 14:16 0 --a------ D:\23990098.$$$
2008-05-16 13:34 . 2008-05-16 13:34 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\iolo
2008-05-16 11:46 . 2008-05-16 13:59 <DIR> d-------- D:\Documents and Settings\Administrator
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\zts2.exe
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\system32\vcmgcd32.dll
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\system32\iifgfgf.dll
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\rundll16.exe
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\rundl132.dll
2008-05-16 11:33 . 2008-05-16 11:33 <DIR> d-a------ D:\WINDOWS\logo1_.exe
2008-05-16 11:33 . 2008-05-16 11:33 5,257,959 --a------ D:\WINDOWS\REGBK00.ZIP
2008-05-16 11:31 . 2004-08-04 02:56 146,432 --a------ D:\WINDOWS\R.COM
2008-05-16 11:31 . 2004-08-04 02:56 135,680 --a------ D:\WINDOWS\system32\T.COM
2008-05-16 11:31 . 2008-05-23 13:50 26 --a------ D:\WINDOWS\Lic.xxx
2008-05-09 13:28 . 2008-05-19 17:10 14,400 --a------ D:\WINDOWS\SLEX99.BMS
2008-05-09 13:28 . 2008-05-09 13:28 4 --a------ D:\WINDOWS\SLEX99.ANS
2008-05-08 14:18 . 2008-05-08 14:18 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2008-05-08 13:36 . 2008-05-08 13:36 25 --a------ D:\WINDOWS\mixerdef.ini
2008-05-05 17:33 . 2000-04-24 19:24 39,519 -ra------ D:\WINDOWS\system32\drivers\sf256pcr.sys
2008-05-05 17:24 . 2008-05-14 11:51 <DIR> d-------- D:\PCIRADIO
2008-05-05 17:20 . 2000-05-29 12:01 7,766 -ra------ D:\WINDOWS\system32\drivers\sf64pcr.sys
2008-05-05 17:19 . 2008-05-19 10:40 <DIR> d-------- D:\WINDOWS\LastGood
2008-05-05 11:13 . 2008-05-05 11:13 <DIR> d-------- D:\WINDOWS\LastGood.Tmp
2008-05-02 10:54 . 2003-02-28 18:26 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2008-05-02 10:54 . 2003-02-28 18:26 46,352 --a------ D:\WINDOWS\setdebug.exe
2008-05-02 10:54 . 2003-02-28 16:54 7,315 --a------ D:\WINDOWS\system32\javasup.vxd
2008-05-02 10:54 . 2003-02-28 16:35 6,550 --a------ D:\WINDOWS\jautoexp.dat
2008-05-02 10:53 . 2003-02-28 16:38 113 --a------ D:\WINDOWS\system32\zonedon.reg
2008-05-02 10:53 . 2003-02-28 16:38 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2008-05-01 15:56 . 2008-05-01 15:56 1,246,752 --a------ D:\WINDOWS\system32\AutoPartNt.exe
2008-05-01 15:56 . 2008-05-01 15:57 1,024 --a------ D:\WINDOWS\system32\AutoPartNt.let
2008-05-01 15:46 . 2008-05-01 15:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Acronis
2008-05-01 15:43 . 2008-05-01 15:43 <DIR> d-------- D:\Program Files\Common Files\Acronis
2008-05-01 15:43 . 2008-05-01 15:43 <DIR> d-------- D:\Program Files\Acronis
2008-05-01 15:43 . 2008-05-01 15:43 392,320 --a------ D:\WINDOWS\system32\drivers\timntr.sys
2008-05-01 15:43 . 2008-05-01 15:43 114,048 --a------ D:\WINDOWS\system32\drivers\snapman.sys
2008-05-01 15:43 . 2008-05-01 15:43 32,768 --a------ D:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-01 15:32 . 2008-05-01 15:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-01 13:23 . 2008-05-01 13:23 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\ABBYY
2008-05-01 10:16 . 2008-05-08 12:17 273 --a------ D:\WINDOWS\SysMech7.INI
2008-05-01 09:49 . 2008-05-01 09:55 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 09:30 . 2008-05-01 09:30 <DIR> d-------- D:\Program Files\DIFX
2008-05-01 09:30 . 2006-07-01 22:39 36,864 --a------ D:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-01 08:53 . 2008-05-01 09:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 08:35 . 2008-05-01 08:35 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\ESET
2008-05-01 08:34 . 2008-05-01 08:34 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-04-30 16:17 . 2008-04-30 16:17 <DIR> d-------- D:\Program Files\MSXML 4.0
2008-04-30 14:03 . 2008-04-30 14:03 <DIR> d-------- D:\Program Files\MiraScan
2008-04-30 14:03 . 2002-02-26 14:34 172,032 --------- D:\WINDOWS\scanusdX.dll
2008-04-30 14:03 . 2000-05-22 18:46 151,552 -r------- D:\WINDOWS\UnUSBDrv.exe
2008-04-30 14:03 . 2000-03-03 16:18 147,456 -r------- D:\WINDOWS\CHECKING.DLL
2008-04-30 14:03 . 1999-08-24 21:55 66,560 --------- D:\WINDOWS\system32\WNASPI32.DLL
2008-04-30 14:03 . 2001-09-27 11:04 53,248 --------- D:\WINDOWS\stiaspi.dll
2008-04-30 14:03 . 1998-09-30 19:00 5,741 --------- D:\WINDOWS\gulp.vxd
2008-04-30 12:27 . 2008-04-30 12:27 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\AdobeUM
2008-04-30 08:17 . 2008-05-01 15:45 386 --a------ D:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-29 16:34 . 2008-04-29 16:34 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\Logitech
2008-04-29 16:32 . 2008-05-01 09:30 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE
2008-04-29 16:32 . 2008-04-29 16:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-04-29 16:32 . 2007-04-11 15:33 1,419,024 --a------ D:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-04-29 16:32 . 2007-04-11 15:32 34,832 --a------ D:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-04-29 16:32 . 2008-04-29 16:32 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-04-29 16:32 . 2008-04-29 16:32 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2008-04-29 16:31 . 2008-04-29 16:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-29 16:27 . 2008-04-29 16:27 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\iolo
2008-04-29 16:27 . 2008-05-06 16:36 428,904 --a------ D:\WINDOWS\system32\Incinerator.dll
2008-04-29 16:27 . 2008-03-24 08:53 34,304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
2008-04-29 16:27 . 2008-03-24 08:53 22,528 --a------ D:\WINDOWS\system32\smrgdf.exe
2008-04-29 16:26 . 2008-04-29 16:26 <DIR> d-------- D:\Program Files\iolo
2008-04-29 16:00 . 2008-04-29 16:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 15:59 . 2008-05-02 09:48 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 15:19 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-04-29 15:19 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-04-29 15:19 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-04-29 15:06 . 2008-04-29 15:06 <DIR> d---s---- D:\Documents and Settings\Stano\UserData
2008-04-29 14:44 . 2002-07-23 06:17 225,280 -ra------ D:\WINDOWS\USBCX65phmgunin.exe
2008-04-29 14:43 . 2008-04-29 14:44 <DIR> d-------- D:\Program Files\CX65-M65 USB-Handset Manager
2008-04-29 14:43 . 2008-04-29 14:43 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\MobileAction
2008-04-29 14:36 . 2003-07-16 08:27 43,264 -ra------ D:\WINDOWS\system32\drivers\ser2pl.sys
2008-04-29 14:31 . 2008-04-29 14:31 <DIR> d--h----- D:\Program Files\Zenographics
2008-04-29 14:31 . 2008-04-30 08:00 <DIR> d-------- D:\Program Files\Hewlett-Packard
2008-04-29 14:31 . 2006-07-30 19:00 442,368 -ra------ D:\WINDOWS\system32\zshp1018.exe
2008-04-29 14:31 . 2006-07-30 19:00 143,360 -ra------ D:\WINDOWS\apptune1018.exe
2008-04-29 14:31 . 2006-07-30 19:00 129,092 -ra------ D:\WINDOWS\system32\hp1018.img
2008-04-29 14:31 . 2006-07-30 19:00 106,496 -ra------ D:\WINDOWS\system32\vshp1018.dll
2008-04-29 14:31 . 2006-07-30 19:00 102,400 -ra------ D:\WINDOWS\system32\zlhp1018.dll
2008-04-29 14:31 . 2006-07-30 19:00 86,016 -ra------ D:\WINDOWS\system32\ZSPOOL.DLL
2008-04-29 14:31 . 2006-07-30 19:00 28,672 -ra------ D:\WINDOWS\system32\zlm.dll
2008-04-29 14:31 . 2006-07-30 19:00 28,672 -ra------ D:\WINDOWS\system32\IMF32.DLL
2008-04-29 14:31 . 2006-07-30 19:00 24,576 -ra------ D:\WINDOWS\system32\ZTAG32.DLL
2008-04-29 14:31 . 2006-07-30 19:00 7,410 -ra------ D:\WINDOWS\system32\ZSHP1018.HLP
2008-04-25 17:29 . 2008-04-25 17:29 <DIR> d-------- D:\Documents and Settings\Stano\Application Data\DelphiSpeedUp
2008-04-25 17:17 . 2008-04-25 17:17 <DIR> d-------- D:\Program Files\Borland
2008-04-25 07:31 . 2008-04-25 07:31 <DIR> d-------- D:\Documents and Settings\Stano\SmartSketch
2008-04-25 07:30 . 2008-04-25 07:30 <DIR> d-------- D:\Program Files\Common Files\Intergraph
2008-04-25 07:30 . 2006-05-14 14:14 1,046,288 --a------ D:\WINDOWS\system32\msjet35.dll
2008-04-25 07:30 . 2006-11-05 21:50 684,896 --a------ D:\WINDOWS\system32\pvdt80.ocx
2008-04-25 07:30 . 2006-05-14 14:14 368,912 --a------ D:\WINDOWS\system32\vbar332.dll
2008-04-25 07:30 . 2006-05-14 14:14 252,176 --a------ D:\WINDOWS\system32\msrd2x35.dll
2008-04-25 07:30 . 2006-05-14 14:14 250,128 --a------ D:\WINDOWS\system32\MSEXCL35.DLL
2008-04-25 07:30 . 2006-05-14 14:14 244,232 --a------ D:\WINDOWS\system32\MSFLXGRD.OCX
2008-04-25 07:30 . 2006-05-14 14:14 198,640 --a------ D:\WINDOWS\system32\MCI32.OCX
2008-04-25 07:30 . 2006-05-14 14:15 165,648 --a------ D:\WINDOWS\system32\MSTEXT35.DLL
2008-04-25 07:30 . 2006-05-14 14:13 123,664 --a------ D:\WINDOWS\system32\msjint35.dll
2008-04-25 07:30 . 2006-05-14 14:13 24,848 --a------ D:\WINDOWS\system32\msjter35.dll
2008-04-24 15:40 . 2008-04-25 17:24 1,103,360 --a------ D:\WINDOWS\system32\Rave50VCLBEX70.bpl
2008-04-24 15:40 . 2004-06-03 05:13 973,824 --a------ D:\WINDOWS\system32\Rave50CLXBEX70.bpl
2008-04-24 15:34 . 2004-12-05 02:47 295,424 --a------ D:\WINDOWS\system32\lmd03util.exe
2008-04-24 15:34 . 2004-12-28 15:18 2,048 --a------ D:\WINDOWS\system32\LMDSTD2003.lic
2008-04-24 15:34 . 2001-12-27 11:51 1,024 --a------ D:\WINDOWS\system32\lmdtool6.lic
2008-04-24 15:34 . 2000-05-04 16:20 1,024 --a------ D:\WINDOWS\system32\lmdtool5.lic
2008-04-24 15:34 . 1997-12-18 04:02 1,024 --a------ D:\WINDOWS\system32\lmdtool3.lic
2008-04-24 15:28 . 2008-04-24 15:33 <DIR> d-------- D:\Documents and Settings\Stano\.borland
2008-04-24 15:05 . 2008-04-24 15:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-24 14:46 . 2008-01-30 14:25 239,760 --a------ D:\WINDOWS\system32\ECRComm.dll
2008-04-24 14:46 . 2008-01-30 14:25 73,728 --a------ D:\WINDOWS\system32\ECRCOMTX.DLL
2008-04-24 14:29 . 2008-04-25 17:19 <DIR> d-------- D:\Program Files\Common Files\Borland Shared
2008-04-24 14:24 . 2001-11-12 10:07 327,168 --a------ D:\WINDOWS\IsUn0405.exe
2008-04-24 14:23 . 2008-04-24 14:23 <DIR> d-------- D:\Program Files\Crystal Decisions
2008-04-24 14:23 . 2008-04-24 14:23 <DIR> d-------- D:\Program Files\Common Files\Crystal Decisions
2008-04-24 14:23 . 2008-05-01 15:14 51,072 --a------ D:\WINDOWS\system32\drivers\ANGELNT.SYS
2008-04-24 14:23 . 2008-05-01 15:14 20,480 --a------ D:\WINDOWS\system32\ANGELVDD.DLL
2008-04-24 14:23 . 2008-05-01 15:14 11,520 --a------ D:\WINDOWS\system32\drivers\angelusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-08 12:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-08 12:07 --------- d-----w D:\Program Files\Realtek
2008-04-30 06:17 --------- d-----w D:\Documents and Settings\Stano\Application Data\iolo
2008-04-30 06:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\iolo
2008-04-24 12:22 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-04-24 11:52 16,608 ----a-w D:\WINDOWS\gdrv.sys
2008-04-24 10:49 3,316 ----a-w D:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore. bin
2008-04-24 10:48 8,972 ----a-w D:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-04-24 07:29 --------- d-----w D:\Documents and Settings\Stano\Application Data\InstallShield
2008-04-24 07:17 315,392 ----a-w D:\WINDOWS\HideWin.exe
2008-04-24 07:17 --------- d-----w D:\Documents and Settings\Stano\Application Data\ATI
2008-04-24 07:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\ATI
2008-04-24 07:15 --------- d-----w D:\Program Files\ATI Technologies
2008-04-24 07:06 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-24 07:05 558,142 ----a-w D:\WINDOWS\java\Packages\VB3D753B.ZIP
2008-04-24 07:05 155,995 ----a-w D:\WINDOWS\java\Packages\ZZXRVZ9N.ZIP
.
------- Sigcheck -------
2002-08-29 14:00 101376 e3df4a0252d287c44606ee55355e1623 D:\WINDOWS\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RadioTray"="D:\PCIRADIO\Radiotray.exe" [2000-05-11 23:09 32256]
"ClocX"="E:\Program Files\ClocX\ClocX.exe" [2007-07-26 17:43 270336]
"IntelliPoint"="D:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 17:09 842584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
D:\Documents and Settings\Stano\Start Menu\Programs\Startup\
ATnotes.exe.lnk - E:\Program Files\ATnotes\ATnotes.exe [2008-04-24 12:30:34 1015808]
OUTLOOK.lnk - D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2006-10-27 15:16:48 12813096]
workpace.exe.lnk - E:\Program Files\WorkPace 3.0\workpace.exe [2008-04-24 12:31:53 988160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 Angelnt;Angelnt;D:\WINDOWS\system32\Drivers\ANGELN T.SYS [2008-05-01 15:14]
R2 ioloFileInfoList;iolo FileInfoList Service;D:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 ioloSystemService;iolo System Service;D:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 RadPciNT;RadPciNT;D:\WINDOWS\system32\Drivers\RadP cint.sys [2000-04-24 17:26]
R3 PSched;QoS Packet Scheduler;D:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 sf256pcr;sf256pcr;D:\WINDOWS\system32\DRIVERS\sf25 6pcr.sys [2000-04-24 19:24]
S3 gdrv;gdrv;D:\WINDOWS\gdrv.sys [2008-04-24 13:52]
S3 RTHDMIAzAudService;Service for HDMI;D:\WINDOWS\system32\drivers\RtHDMI.sys []
S3 sf64pcr;sf64pcr;D:\WINDOWS\system32\DRIVERS\sf64pc r.sys [2000-05-29 12:01]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-23 14:05:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\oodag.exe
.
************************************************** ************************
.
Completion time: 2008-05-23 14:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 12:06:00
Pre-Run: 2,675,236,864 bytes free
Post-Run: 2,669,707,264 bytes free