ComboFix 08-05-24.1 - Sebastian 2008-05-25 15:40:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.458 [GMT 2:00]
Running from: C:\Documents and Settings\Sebastian\Moje dokumenty\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir
.
---- Previous Run -------
.
C:\Documents and Settings\Sebastian\Dane aplikacji\inst.exe
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Sebastian\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Zumie
C:\Program Files\Zumie\home.js
C:\Program Files\Zumie\uninstall.exe
C:\Program Files\Zumie\zopt.exe
C:\Program Files\Zumie\zumie.dll
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\systeminfo3.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZUMIE_SEARCH_SERVICE
-------\Service_Zumie Search Service
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
2008-05-23 23:36 . 2008-05-24 00:31 254 --a------ C:\WINDOWS\7THLEVEL.INI
2008-05-23 23:33 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-05-23 21:57 . 2006-08-17 02:46 139,264 --a------ C:\WINDOWS\NeoUninstall.exe
2008-05-23 21:57 . 2008-05-23 21:58 26 --a------ C:\WINDOWS\neosetup.INI
2008-05-23 14:20 . 2008-05-23 14:21
2008-05-18 20:51 . 2008-05-18 20:51
2008-05-16 10:15 . 2008-05-16 10:15 427 --a------ C:\WINDOWS\ODBC.INI
2008-05-16 10:13 . 2008-05-16 10:14
2008-05-16 00:01 . 2008-05-16 00:36
2008-05-14 02:33 . 2008-01-25 18:00 9,270 --a------ C:\WINDOWS\desktop_icon_generic.bmp
2008-05-13 22:38 . 2008-05-13 22:38
2008-05-13 22:38 . 2008-05-13 22:38
2008-05-13 22:38 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-12 12:04 . 2008-05-12 12:04
2008-05-11 00:58 . 2008-05-11 00:58
2008-05-11 00:53 . 2008-05-11 21:14
2008-05-11 00:36 . 2008-05-11 00:36 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-11 00:36 . 2008-05-11 00:36 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-05-11 00:36 . 2008-05-11 00:36 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-08 15:36 . 2008-05-08 15:36
2008-05-08 15:36 . 2008-05-08 15:36
2008-05-08 15:36 . 2008-05-08 15:36
2008-05-08 15:36 . 2008-05-08 15:41
2008-05-08 15:36 . 2008-05-08 15:36
2008-05-08 15:36 . 2008-05-08 15:36
2008-05-05 01:15 . 2008-05-05 01:24
2008-05-05 01:15 . 2008-05-05 01:15 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe
2008-05-05 01:15 . 2008-05-05 01:15 232,784 --a------ C:\WINDOWS\Matrix Code.scr
2008-05-05 01:15 . 2008-05-05 01:15 29,696 --a------ C:\WINDOWS\mickey32.dll
2008-05-05 01:10 . 2008-05-05 01:10
2008-05-05 00:59 . 2001-03-26 05:43 167,936 --a------ C:\WINDOWS\fishMaus99.scr
2008-05-05 00:59 . 2008-05-05 00:59 49,152 --a------ C:\WINDOWS\fLoSaftRemov1_04.exe
2008-05-05 00:28 . 2008-05-05 00:28 1,515,520 --a------ C:\WINDOWS\Dancing Baby.scr
2008-05-05 00:28 . 2008-05-05 00:28 1,202,738 --a------ C:\WINDOWS\baby.avi
2008-05-05 00:28 . 2008-05-05 00:28 266,846 --a------ C:\WINDOWS\baby.wav
2008-05-05 00:28 . 2008-05-05 00:29 30 --a------ C:\WINDOWS\avibaby.ini
2008-05-05 00:21 . 2004-05-26 00:06 1,294,336 --a------ C:\WINDOWS\FanFish25.scr
2008-05-04 23:53 . 2008-05-05 10:46 236,800 --a------ C:\lma_log.html
2008-05-04 23:46 . 2008-05-04 23:46
2008-05-04 23:46 . 2005-09-14 12:46 475,136 --a------ C:\WINDOWS\Living Marine Aquarium 2.scr
2008-05-04 23:46 . 2005-09-29 14:55 69,632 --a------ C:\WINDOWS\system32\FreezeScreenSaver.exe
2008-05-04 23:46 . 2008-05-25 15:19 12,376 --a------ C:\log.html
2008-05-04 23:45 . 2006-07-24 08:56 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-04 23:44 . 2008-05-04 23:51
2008-05-04 23:44 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL
2008-05-04 23:26 . 2008-05-04 23:26 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2008-05-01 21:32 . 2008-05-13 11:37
2008-05-01 21:20 . 2008-05-16 10:40
2008-05-01 20:59 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-01 20:49 . 2008-05-01 20:49
2008-05-01 20:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002729_.tmp
2008-05-01 20:41 . 2008-05-01 20:41
2008-05-01 09:05 . 2008-05-01 20:36
2008-04-30 11:55 . 2008-04-30 11:55
2008-04-30 11:51 . 2008-04-30 11:51
2008-04-30 11:49 . 2008-04-30 11:49
2008-04-30 11:39 . 2008-04-30 11:39
2008-04-29 19:39 . 2008-04-29 19:39
2008-04-29 19:39 . 2008-04-29 19:39
2008-04-29 14:21 . 2008-05-18 10:12 19 --a------ C:\WINDOWS\cie12.ini
2008-04-29 13:40 . 2008-05-16 01:33
2008-04-28 20:35 . 2008-04-28 20:35
2008-04-28 20:04 . 2008-04-28 20:04 94,208 --------- C:\WINDOWS\system32\drivers\ezplay.sys
2008-04-28 20:04 . 2008-05-13 22:58 94,208 --a------ C:\Documents and Settings\Sebastian\Dane aplikacji\ezplay.sys
2008-04-28 19:37 . 2008-05-13 22:58
2008-04-28 19:37 . 2008-05-12 12:04 81,920 --a------ C:\Documents and Settings\Sebastian\Dane aplikacji\ezpinst.exe
2008-04-28 19:37 . 2008-04-28 20:04 47,360 --------- C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-28 19:37 . 2008-05-12 12:04 47,360 --a------ C:\Documents and Settings\Sebastian\Dane aplikacji\pcouffin.sys
2008-04-28 18:52 . 2008-05-12 11:38 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 10:12 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-19 21:22 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-18 18:41 --------- d-----w C:\Program Files\CyberLink
2008-05-01 19:20 --------- d-----w C:\Program Files\Java
2008-04-30 09:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 18:19 --------- d-----w C:\Program Files\Winamp
2008-04-29 17:36 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\Winamp
2008-04-29 16:48 --------- d-----w C:\Program Files\Google
2008-04-28 17:53 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\Ahead
2008-04-27 19:18 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\HPAppData
2008-04-24 19:59 968,021 ------w C:\WINDOWS\system32\1.scr
2008-04-23 07:43 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\AdobeUM
2008-04-20 17:44 10,944 ------w C:\WINDOWS\BYEFISH.EXE
2008-04-19 11:54 --------- d-----w C:\Program Files\ESET
2008-04-19 11:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-18 18:04 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\Gadu-Gadu
2008-04-18 18:01 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-17 16:47 --------- d-----w C:\Program Files\Common Files\Java
2008-04-17 12:44 --------- d-----w C:\Program Files\Motorola
2008-04-15 18:46 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 10:35 --------- d-----w C:\Documents and Settings\Sebastian\Dane aplikacji\InstallShield
2008-04-15 10:26 --------- d-----w C:\Program Files\Atheros
2008-04-14 21:16 1,804 ------w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:00 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 18:53 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-14 18:53 --------- d-----w C:\Program Files\AVSMedia
2008-04-14 15:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --------- C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 13:35 90112]
“TV Watcher”=“D:\Użytki\Akcesoria\TV Watcher\TV Watcher.exe” [2007-10-14 16:21 1210368]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2007-11-06 11:50 16855552 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2007-10-11 12:04 1826816 C:\WINDOWS\SkyTel.exe]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 21:02 786521]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 21:34 49152]
“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 17:31 630784]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-03-13 16:48 1443072]
“HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 17:37 110592]
“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 16:40 260096]
“MyWebSearch Plugin”=“C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL” []
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]
C:\Documents and Settings\Sebastian\Menu Start\Programy\Autostart\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2006-09-16 15:01:16 1666048]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 15:16:14 49152]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= msaud32_divx.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Bonjour\mDNSResponder.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“D:\Gry\MW4TRIAL\MW4.EXE”=
“D:\Gry\MW4\MW4.exe”=
“D:\Użytki\Internetowe\BeerShare\BearShare.exe”=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{efca3896-cc17-11dc-bd2e-001d606a8bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Contents of the ‘Scheduled Tasks’ folder
“2008-05-25 13:19:26 C:\WINDOWS\Tasks\PCConfidential.job”
- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
“2008-05-04 21:44:09 C:\WINDOWS\Tasks\rpc.job”
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 15:42:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-25 15:43:47
ComboFix-quarantined-files.txt 2008-05-25 13:43:38
Pre-Run: 20,409,081,856 bajtów wolnych
Post-Run: 20,399,972,352 bajtów wolnych
308 — E O F — 2008-05-16 08:10:00