ComboFix 07-06-13 - C:\Documents and Settings\sss\Pulpit\apteczka dla kompa\ComboFix.exe “sss” - 2007-06-12 20:52:40 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\LOCALS~1\DANEAP~1\Install.dat C:\DOCUME~1\NETWOR~1\DANEAP~1\Install.dat C:\DOCUME~1\sss\DANEAP~1…rdr.ini C:\Program Files\MyGlobalSearch C:\Program Files\MyGlobalSearch\bar\3.bin\M9FFXTBR.JAR C:\Program Files\MyGlobalSearch\bar\3.bin\M9FFXTBR.MANIFEST C:\Program Files\MyGlobalSearch\bar\3.bin\M9NTSTBR.JAR C:\Program Files\MyGlobalSearch\bar\3.bin\M9NTSTBR.MANIFEST C:\Program Files\MyGlobalSearch\bar\3.bin\M9PLUGIN.DLL C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL C:\Program Files\MyGlobalSearch\bar\3.bin\NPMYGLSH.DLL C:\Program Files\MyGlobalSearch\bar\Cache\007483C2 C:\Program Files\MyGlobalSearch\bar\Cache\00748A1B.bin C:\Program Files\MyGlobalSearch\bar\Cache\007499EA.bin C:\Program Files\MyGlobalSearch\bar\Cache\00749C8A.bin C:\Program Files\MyGlobalSearch\bar\Cache\files.ini C:\Program Files\MyGlobalSearch\bar\History\search C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm C:\svchost.exe C:\WINDOWS\764.exe C:\WINDOWS\avp.exe C:\WINDOWS\smgr.exe C:\WINDOWS\system32\0_exception.nls C:\WINDOWS\system32\alt.exe.exe C:\WINDOWS\system32\driver.exe C:\WINDOWS\system32\drivers\secdrv.sys C:\WINDOWS\system32\KB18561603.exe C:\WINDOWS\system32\KB66507128.exe C:\WINDOWS\system32\ldinfo.ldr C:\WINDOWS\system32\max1d1641.exe C:\WINDOWS\system32\RunOnce2.t__ C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\wmvds32.dll C:\WINDOWS\system32\xjwsgqo.dll C:\WINDOWS\system32RunOnce2.t__ C:\WINDOWS\system32RunOnce2.tm_ ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NDNET1 -------\LEGACY_RUNTIME -------\NDnet1 -------\ntio256 -------\Runtime ((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 ))))))))))))))))))))))))))))))) 2007-06-12 20:42 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-11 21:02 7,200 --a------ C:\yuvncha.exe 2007-06-11 21:02 48,128 --a------ C:\jwvbsck.exe 2007-06-11 21:02 1,536 --a------ C:\ptfhcti.exe 2007-06-11 20:51 7,200 --a------ C:\eeca.exe 2007-06-11 20:51 48,128 --a------ C:\kxxqqwg(3).exe 2007-06-11 20:51 48,128 --a------ C:\kxxqqwg(2).exe 2007-06-11 20:51 48,128 --------- C:\kxxqqwg.exe 2007-06-11 20:51 30,720 --a------ C:\WINDOWS\system32\ipmon.exe 2007-06-11 20:51 13,824 --a------ C:\WINDOWS\system32\max1d1641(3).exe 2007-06-11 20:51 13,824 --a------ C:\WINDOWS\system32\max1d1641(2).exe 2007-06-11 20:51 1,536 --a------ C:\mnfltoc(3).exe 2007-06-11 20:51 1,536 --a------ C:\mnfltoc(2).exe 2007-06-11 20:51 1,536 --------- C:\mnfltoc.exe 2007-06-11 16:38 1,536 --a------ C:\nhibp.exe 2007-06-11 14:49 2,560 --------- C:\imyhftn.exe 2007-06-05 22:49 2007-06-05 17:32 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-06-05 17:29 12 --a------ C:\WINDOWS\system32\sl.bin 2007-06-05 17:28 9,216 --a------ C:\WINDOWS\bjam.dll 2007-06-05 17:28 32,256 --a------ C:\WINDOWS\bokja.exe 2007-06-05 17:28 31,744 --a------ C:\WINDOWS\system32\wml.exe 2007-06-05 17:28 31,744 --a------ C:\WINDOWS\system32\vxddsk.exe 2007-06-05 17:28 31,488 --a------ C:\WINDOWS\cdsm32.dll 2007-06-05 17:28 30,976 --a------ C:\WINDOWS\system32\updatetc.exe 2007-06-05 17:28 28,160 --a------ C:\WINDOWS\system32\Biprep.exe 2007-06-05 17:28 27,648 --a------ C:\WINDOWS\system32\MSIXU.DLL 2007-06-05 17:28 27,648 --a------ C:\WINDOWS\flt.dll 2007-06-05 17:28 26,880 --a------ C:\WINDOWS\system32\180ax.exe 2007-06-05 17:28 26,112 --a------ C:\WINDOWS\bi.dll 2007-06-05 17:28 25,088 --a------ C:\WINDOWS\system32\msdn_lib.dll 2007-06-05 17:28 25,088 --a------ C:\WINDOWS\saiemod.dll 2007-06-05 17:28 24,832 --a------ C:\WINDOWS\pbar.dll 2007-06-05 17:28 24,832 --a------ C:\WINDOWS\2020search.dll 2007-06-05 17:28 24,320 --a------ C:\WINDOWS\7search.dll 2007-06-05 17:28 23,040 --a------ C:\WINDOWS\system32\salm.exe 2007-06-05 17:28 22,784 --a------ C:\WINDOWS\system32\WER8274.DLL 2007-06-05 17:28 21,760 --a------ C:\WINDOWS\voiceip.dll 2007-06-05 17:28 20,992 --a------ C:\WINDOWS\system32\SUSP.exe 2007-06-05 17:28 20,480 --a------ C:\WINDOWS\2020search2.dll 2007-06-05 17:28 18,176 --a------ C:\WINDOWS\system32\satmat.exe 2007-06-05 17:28 17,152 --a------ C:\WINDOWS\system32\Bi.dll 2007-06-05 17:28 16,640 --a------ C:\WINDOWS\mspphe.dll 2007-06-05 17:28 14,848 --a------ C:\WINDOWS\swin32.dll 2007-06-05 17:28 14,848 --a------ C:\WINDOWS\stcloader.exe 2007-06-05 17:28 14,336 --a------ C:\WINDOWS\mssvr.exe 2007-06-05 17:28 12 --a------ C:\WINDOWS\system32\gtv_sd.bin 2007-06-05 17:17 35,840 --------- C:\WINDOWS\system32\msvcrtd.exe 2007-06-05 17:16 4,096 --a------ C:\WINDOWS\system32\schtasks.dll 2007-06-05 17:16 15,872 --a------ C:\WINDOWS\vmmreg32.exe 2007-06-05 15:39 7,168 --a------ C:\svchost2.exe 2007-06-05 15:39 35,328 --a------ C:\WINDOWS\mssadv.dll 2007-06-05 15:39 10,752 --a------ C:\WINDOWS\msscan.dll 2007-06-05 15:39 10,752 --a------ C:\WINDOWS\msiemon.dll 2007-06-05 15:39 10,752 --a------ C:\WINDOWS\msfw.dll 2007-06-05 15:39 10,752 --a------ C:\WINDOWS\msctrl.dll 2007-06-05 15:39 10,752 --a------ C:\WINDOWS\msavsc.dll 2007-06-05 15:39 2007-05-30 20:12 4,980,736 --a------ C:\DOCUME~1\sss\ntuser.dat 2007-05-30 20:12 233,472 --a------ C:\DOCUME~1\NETWOR~1\ntuser.dat 2007-05-30 20:12 229,376 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat 2007-05-27 22:45 2007-05-27 22:45 2007-05-13 13:32 16,224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-08 22:45:34 -------- d-----w C:\Program Files\Tibia 2007-05-13 11:46:16 -------- d-----w C:\Program Files\Hamachi 2007-05-13 11:37:48 -------- d-----w C:\DOCUME~1\sss\DANEAP~1\Hamachi 2007-05-12 07:20:43 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-11 21:25:55 -------- d-----w C:\DOCUME~1\sss\DANEAP~1\Gadu-Gadu 2007-05-09 14:08:12 -------- d-----w C:\Program Files\JoWood 2007-05-09 13:36:24 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-09 09:37:48 -------- d-----w C:\Program Files\Damian Pasternak 2007-05-07 17:35:07 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-05-04 10:34:26 -------- d-----w C:\Program Files\Google 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-17 11:12:43 -------- d-----w C:\Program Files\Zajaczek 4.1 2007-03-25 08:37:34 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 08:37:34 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “Cmaudio”=“cmicnfg.cpl” [] “Microsoft security adviser”=“C:\Program Files\Microsoft Security Adviser\mssadv.exe” [2007-06-11 14:20] “msctrl.exe”=“C:\Program Files\Microsoft Security Adviser\msctrl.exe” [2007-06-11 14:20] “msavsc.exe”=“C:\Program Files\Microsoft Security Adviser\msavsc.exe” [2007-06-11 14:20] “msscan.exe”=“C:\Program Files\Microsoft Security Adviser\msscan.exe” [2007-06-11 14:20] “msiemon.exe”=“C:\Program Files\Microsoft Security Adviser\msiemon.exe” [2007-06-11 14:20] “msfw.exe”=“C:\Program Files\Microsoft Security Adviser\msfw.exe” [2007-06-11 14:20] “mssadv.exe”="" [] “ipmon”=“ipmon.exe” [2007-06-11 21:02 C:\WINDOWS\system32\ipmon.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Microsoft security adviser”=“C:\Program Files\Microsoft Security Adviser\mssadv.exe” [2007-06-11 14:20] “msctrl.exe”=“C:\Program Files\Microsoft Security Adviser\msctrl.exe” [2007-06-11 14:20] “msavsc.exe”=“C:\Program Files\Microsoft Security Adviser\msavsc.exe” [2007-06-11 14:20] “msscan.exe”=“C:\Program Files\Microsoft Security Adviser\msscan.exe” [2007-06-11 14:20] “msiemon.exe”=“C:\Program Files\Microsoft Security Adviser\msiemon.exe” [2007-06-11 14:20] “msfw.exe”=“C:\Program Files\Microsoft Security Adviser\msfw.exe” [2007-06-11 14:20] “mssadv.exe”="" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sss^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=C:\Documents and Settings\sss\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-12 21:03:04 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** Completion time: 2007-06-12 21:04:57 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-12 21:04 — E O F —