ComboFix 10-09-04.06 - kuba 2010-09-06 1:33.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1687 [GMT 2:00] Running from: f:\documents and settings\kuba\My Documents\Pobieranie\hjh.exe AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 ))))))))))))))))))))))))))))))) . 2010-09-05 20:52 . 2010-09-05 21:31 -------- d-----w- f:\documents and settings\ppp\Application Data\Winamp 2010-09-05 20:38 . 2010-09-05 20:38 -------- d-----w- f:\program files\ESET 2010-09-05 20:38 . 2010-09-05 20:38 -------- d-----w- f:\documents and settings\All Users\Application Data\ESET 2010-09-05 20:34 . 2008-04-13 22:15 26368 -c--a-w- f:\windows\system32\dllcache\usbstor.sys 2010-09-05 19:46 . 2010-09-05 19:46 61440 ----a-w- f:\documents and settings\kuba\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-37a44347-n\decora-sse.dll 2010-09-05 19:46 . 2010-09-05 19:46 503808 ----a-w- f:\documents and settings\kuba\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c1b0cba-n\msvcp71.dll 2010-09-05 19:46 . 2010-09-05 19:46 499712 ----a-w- f:\documents and settings\kuba\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c1b0cba-n\jmc.dll 2010-09-05 19:46 . 2010-09-05 19:46 348160 ----a-w- f:\documents and settings\kuba\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c1b0cba-n\msvcr71.dll 2010-09-05 19:46 . 2010-09-05 19:46 12800 ----a-w- f:\documents and settings\kuba\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-37a44347-n\decora-d3d.dll 2010-09-05 16:59 . 2010-09-05 17:01 -------- d-----w- f:\program files\Tibia 2010-09-05 16:53 . 2010-09-05 16:53 -------- d-----w- f:\program files\Winamp Detect 2010-09-05 16:53 . 2010-09-05 20:33 -------- d-----w- f:\documents and settings\kuba\Application Data\Winamp 2010-09-05 16:53 . 2010-09-05 16:53 -------- d-----w- f:\program files\Winamp 2010-09-05 16:35 . 2010-09-05 16:35 -------- d-----w- f:\program files\Gadu-Gadu 2010-09-05 16:31 . 2010-09-05 16:31 -------- d-----w- f:\documents and settings\kuba\Application Data\Tibia 2010-09-05 16:22 . 2010-09-05 16:28 -------- d-----w- f:\documents and settings\ppp\Local Settings\Application Data\Adobe 2010-09-05 16:21 . 2010-09-05 16:21 -------- d-----w- f:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-05 16:32 . 2010-09-05 16:32 -------- d-----w- f:\documents and settings\kuba\Application Data\Gadu-Gadu 2010-09-05 16:32 . 2010-09-05 16:32 -------- d-----w- f:\documents and settings\kuba\Application Data\Sports Interactive 2010-09-05 16:30 . 2010-09-05 16:30 13104 ----a-w- f:\documents and settings\kuba\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-05 15:48 . 2010-09-05 14:19 -------- d--h--w- f:\program files\InstallShield Installation Information 2010-09-05 15:48 . 2010-09-05 15:48 -------- d-----w- f:\documents and settings\ppp\Application Data\InstallShield 2010-09-05 15:14 . 2010-09-05 15:14 -------- d-----w- f:\program files\Common Files\Blizzard Entertainment 2010-09-05 15:05 . 2010-09-05 15:05 61440 ----a-w- f:\documents and settings\ppp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26a71e34-n\decora-sse.dll 2010-09-05 15:05 . 2010-09-05 15:05 503808 ----a-w- f:\documents and settings\ppp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5beeed89-n\msvcp71.dll 2010-09-05 15:05 . 2010-09-05 15:05 499712 ----a-w- f:\documents and settings\ppp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5beeed89-n\jmc.dll 2010-09-05 15:05 . 2010-09-05 15:05 348160 ----a-w- f:\documents and settings\ppp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5beeed89-n\msvcr71.dll 2010-09-05 15:05 . 2010-09-05 15:05 12800 ----a-w- f:\documents and settings\ppp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26a71e34-n\decora-d3d.dll 2010-09-05 15:05 . 2010-09-05 15:05 -------- d-----w- f:\program files\Common Files\Java 2010-09-05 15:04 . 2010-09-05 15:04 423656 ----a-w- f:\windows\system32\deployJava1.dll 2010-09-05 15:04 . 2010-09-05 15:04 -------- d-----w- f:\program files\Java 2010-09-05 15:02 . 2010-09-05 15:02 0 ----a-w- f:\windows\nsreg.dat 2010-09-05 14:57 . 2010-09-05 13:32 86327 ----a-w- f:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-09-05 14:38 . 2010-09-05 14:37 -------- d-----w- f:\program files\NVIDIA Corporation 2010-09-05 14:37 . 2010-09-05 14:37 -------- d-----w- f:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-09-05 14:37 . 2010-09-05 14:37 232968 ----a-w- f:\windows\system32\nvdrsdb0.bin 2010-07-09 22:38 . 2010-09-05 13:52 10604128 ----a-w- f:\windows\system32\drivers\nv4_mini.sys 2010-07-09 22:38 . 2010-09-05 13:52 6343040 ----a-w- f:\windows\system32\nv4_disp.dll 2010-07-07 11:46 . 2010-09-05 14:18 604776 ----a-w- f:\windows\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="f:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-06-20 577536] "nwiz"="f:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1831016] "NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 322280] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 113584] "Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 1054656] "WinampAgent"="f:\program files\Winamp\winampa.exe" [2010-07-12 74752] "egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Steam\\Steam.exe"= "d:\\Program Files\\Steam\\SteamApps\\krabarz\\counter-strike source\\hl2.exe"= "f:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"= "f:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\gry\\heros\\Heroes3\\Heroes33.exe"= "f:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "f:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "f:\\Program Files\\Gadu-Gadu\\gg.exe"= R?2 ekrn;ESET Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/12/2010 2:16 PM 810144] R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR . . ------- Supplementary Scan ------- . FF - ProfilePath - f:\documents and settings\kuba\Application Data\Mozilla\Firefox\Profiles\d40c47r1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: f:\documents and settings\kuba\Application Data\Mozilla\Firefox\Profiles\d40c47r1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: f:\documents and settings\kuba\Application Data\Mozilla\Firefox\Profiles\d40c47r1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: f:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: f:\program files\Mozilla Firefox\plugins\npwachk.dll ---- FIREFOX POLICIES ---- f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-06 01:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . f:\windows\system32\nvsvc32.exe f:\windows\SOUNDMAN.EXE f:\windows\system32\RUNDLL32.EXE f:\program files\Java\jre6\bin\jqs.exe f:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-09-06 01:39:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-05 23:39 Pre-Run: 12 763 521 024 bytes free Post-Run: 12 763 553 792 bytes free - - End Of File - - 66A5902F6BAF9FD72284076023F172FD