“Administrator” - 07-03-25 18:09:29 Dodatek Service Pack 2 ComboFix 07.02.03 - Running from: “D:\NAGRYWANIE\zabezpieczenia” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1162OinAdmin.exe C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\WINDOWS\ASEMBL~1 C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly C:\qoobox\purity\WINDOWS\ASEMBL~1\winlogon.exe~ C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly\ctxad-552.0000 ((((((((((((((((((((((((((((((( Files Created from 2007-02-25 to 2007-03-25 )))))))))))))))))))))))))))))))))) 2007-03-25 17:43 73,728 --a------ C:\KillBox.exe 2007-03-25 17:43 2007-03-25 17:19 7,200 --a------ C:\ogwrs.exe 2007-03-25 17:19 42,560 --a------ C:\WINDOWS\system32\msvcrl.dll 2007-03-25 17:19 23,552 --a------ C:\nkpcmfac.exe 2007-03-25 17:19 13,824 --a------ C:\WINDOWS\system32\max1d1641.exe 2007-03-25 17:19 2007-03-25 17:02 545 --a------ C:\WINDOWS\UC.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\RAR.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\LHA.PIF 2007-03-25 17:02 545 --a------ C:\WINDOWS\ARJ.PIF 2007-03-25 17:02 2007-03-25 16:38 2007-03-25 16:28 2007-03-25 15:17 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-03-25 15:17 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-03-25 15:17 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-03-25 15:17 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-03-25 15:17 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-03-25 15:17 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll 2007-03-25 15:17 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll 2007-03-25 15:17 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll 2007-03-25 15:17 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-03-25 14:39 2007-03-25 11:27 2007-03-25 11:27 2007-03-25 01:54 2007-03-25 00:15 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-03-25 00:13 2007-03-25 00:07 2007-03-25 00:05 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-03-24 23:54 2007-03-24 10:37 2007-03-24 10:37 2007-03-23 22:27 2007-03-23 10:54 2007-03-22 22:34 2007-03-22 14:18 2007-03-22 14:11 2007-03-22 13:36 2007-03-22 12:38 2007-03-22 12:36 2007-03-22 12:19 2007-03-22 11:57 2007-03-22 11:40 2007-03-22 11:24 2007-03-22 11:24 2007-03-22 11:06 49,152 --a------ C:\WINDOWS\rebuild.exe 2007-03-22 10:56 1,611 --a------ C:\WINDOWS\system32\uninstall_pack.bat 2007-03-22 10:56 2007-03-22 10:56 2007-03-22 10:52 2007-03-22 10:44 2007-03-22 10:37 2007-03-22 01:58 2007-03-22 01:44 2007-03-22 01:26 2007-03-22 01:26 2007-03-22 01:26 2007-03-22 01:26 2007-03-22 01:26 2007-03-22 01:26 2007-03-22 01:26 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 17:54 -------- d-------- C:\DOCUME~1\ADMINI~1\Dane aplikacji\mozilla 2007-03-25 17:32 -------- d-------- C:\DOCUME~1\ADMINI~1\Dane aplikacji\macromedia 2007-03-25 17:12 -------- d-------- C:\Program Files\winamp 2007-03-25 15:18 -------- d-------- C:\Program Files\nero 2007-03-25 15:17 -------- d-------- C:\Program Files\Common Files\ahead 2007-03-25 09:38 -------- d–h----- C:\Program Files\installshield installation information 2007-03-25 01:55 -------- d-------- C:\Program Files\creative 2007-03-24 23:52 -------- d-------- C:\Program Files\Common Files\installshield 2007-03-23 21:50 -------- d-------- C:\Program Files\aqq 2007-03-22 11:04 -------- d-------- C:\Program Files\windows nt 2007-03-22 01:27 -------- d-------- C:\Program Files\megauploadtoolbar 2007-03-22 01:26 -------- d—s---- C:\DOCUME~1\ADMINI~1\Dane aplikacji\microsoft 2007-01-30 00:04 200768 --a------ C:\WINDOWS\system32\klogon.dll 2007-01-29 01:42 -------- d-------- C:\Program Files\odkurzacz 2007-01-29 01:42 -------- d-------- C:\Program Files\movie maker 2007-01-29 01:28 -------- d-------- C:\Program Files\norton ghost 2003 2007-01-29 01:28 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-01-29 01:15 -------- d-------- C:\Program Files\symantec 2007-01-29 00:58 -------- d-------- C:\Program Files\alcohol soft 2007-01-29 00:33 434176 --a------ C:\WINDOWS\system32\udfimporter.dll 2007-01-28 21:14 147456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-01-27 21:21 -------- d-------- C:\Program Files\microsoft activesync 2007-01-27 21:15 -------- d-------- C:\Program Files\ivt corporation 2007-01-27 17:30 -------- d-------- C:\Program Files\allplayer 2007-01-27 17:27 -------- d-------- C:\Program Files\screamer radio 2007-01-27 17:13 -------- d-------- C:\Program Files\opera 2007-01-27 16:01 -------- d-------- C:\Program Files\planet wl-8314 2007-01-27 14:52 -------- d-------- C:\Program Files\messenger 2007-01-27 14:06 -------- d-------- C:\Program Files\microsoft frontpage 2007-01-27 14:05 0 -rahs---- C:\MSDOS.SYS 2007-01-27 14:05 0 -rahs---- C:\IO.SYS 2007-01-27 14:05 0 --a------ C:\CONFIG.SYS 2007-01-27 14:05 0 --a------ C:\AUTOEXEC.BAT 2007-01-27 14:02 -------- d-------- C:\Program Files\usugi online 2007-01-27 14:00 -------- d-------- C:\Program Files\Common Files\mssoap 2007-01-27 13:58 -------- d-------- C:\Program Files\msn gaming zone 2007-01-27 13:50 -------- d-------- C:\Program Files\Common Files\speechengines 2007-01-27 13:50 -------- d-------- C:\Program Files\Common Files\odbc 2007-01-27 13:49 62 --ahs---- C:\DOCUME~1\ADMINI~1\Dane aplikacji\desktop.ini 2007-01-25 20:27 109848 --a------ C:\WINDOWS\system32\drivers\kl1.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “GhostStartTrayApp”=“C:\Program Files\Norton Ghost 2003\GhostStartTrayApp.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “AVP”="“C:\Program Files\Kaspersky Internet Security 6.0\avp.exe”" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “UserFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “appinit_dlls”=“C:\PROGRA~1\KASPER~1.0\adialhk.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{10DD84BA-C55C-4A61-94F0-1E56AD21750B}”="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070325-174948-829 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll backup-20070325-174856-959 O20 - Winlogon Notify: qommmll - C:\WINDOWS\ backup-20070325-174856-867 O2 - BHO: (no name) - {10DD84BA-C55C-4A61-94F0-1E56AD21750B} - C:\WINDOWS\system32\qommmll.dll (file missing) backup-20070325-174856-784 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) backup-20070325-174856-563 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-25 18:11:27