“Maniek” - 2007-09-20 20:12:55 - ComboFix 07-07-04.4 - Dodatek Service Pack. 2 FAT32 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\DANEAP~1.\TEMP C:\DOCUME~1\ALLUSE~1\DANEAP~1.\TEMP\DFC5A2B2.TMP ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 ))))))))))))))))))))))))))))))) 2007-09-20 19:15 73,728 --a------ C:\WINDOWS\SYSTEM32\CavEmLSP.dll 2007-09-20 19:15 434,252 --a------ C:\WINDOWS\SYSTEM32\MSVCRTD.DLL 2007-09-20 19:15 216,576 --a------ C:\WINDOWS\SYSTEM32\monln.dll 2007-09-20 19:15 102,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cavasm.sys 2007-09-20 19:15 1,060,864 --a------ C:\WINDOWS\SYSTEM32\MFC71.dll 2007-09-19 08:15 2007-09-19 08:15 2007-09-19 08:12 2007-09-18 20:29 2007-09-18 20:21 3,352 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-09-17 16:42 2007-09-17 07:47 2007-09-17 07:39 2007-09-17 07:37 20,480 --a------ C:\WINDOWS\SYSTEM32\sprecovr.exe 2007-09-17 07:35 97,792 --a------ C:\WINDOWS\SYSTEM32\mqtgsvc.exe 2007-09-17 07:35 95,232 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll 2007-09-17 07:35 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll 2007-09-17 07:35 88,576 --a------ C:\WINDOWS\SYSTEM32\mqsec.dll 2007-09-17 07:35 753,664 --a------ C:\WINDOWS\SYSTEM32\ir50_32.dll 2007-09-17 07:35 75,776 --a------ C:\WINDOWS\SYSTEM32\tlntsess.exe 2007-09-17 07:35 7,680 --a------ C:\WINDOWS\SYSTEM32\bitsprx2.dll 2007-09-17 07:35 7,168 --a------ C:\WINDOWS\SYSTEM32\tlntsvrp.dll 2007-09-17 07:35 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx3.dll 2007-09-17 07:35 69,632 --a------ C:\WINDOWS\SYSTEM32\tlntsvr.exe 2007-09-17 07:35 68,608 --a------ C:\WINDOWS\SYSTEM32\fdeploy.dll 2007-09-17 07:35 67,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys 2007-09-17 07:35 64,000 --a------ C:\WINDOWS\SYSTEM32\openfiles.exe 2007-09-17 07:35 608,768 --a------ C:\WINDOWS\SYSTEM32\mqqm.dll 2007-09-17 07:35 606,720 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll 2007-09-17 07:35 59,904 --a------ C:\WINDOWS\SYSTEM32\tlntadmn.exe 2007-09-17 07:35 57,856 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll 2007-09-17 07:35 56,832 --a------ C:\WINDOWS\SYSTEM32\logman.exe 2007-09-17 07:35 555,520 --a------ C:\WINDOWS\SYSTEM32\wsecedit.dll 2007-09-17 07:35 55,808 --a------ C:\WINDOWS\SYSTEM32\mqlogmgr.dll 2007-09-17 07:35 507,904 --a------ C:\WINDOWS\SYSTEM32\mqutil.dll 2007-09-17 07:35 5,120 --a------ C:\WINDOWS\SYSTEM32\hccoin.dll 2007-09-17 07:35 492,032 --a------ C:\WINDOWS\SYSTEM32\gpedit.dll 2007-09-17 07:35 49,664 --a------ C:\WINDOWS\SYSTEM32\eventcreate.exe 2007-09-17 07:35 478,720 --a------ C:\WINDOWS\SYSTEM32\mqsnap.dll 2007-09-17 07:35 46,592 --a------ C:\WINDOWS\twain_32.dll 2007-09-17 07:35 45,056 --a------ C:\WINDOWS\SYSTEM32\cipher.exe 2007-09-17 07:35 44,544 --a------ C:\WINDOWS\SYSTEM32\mqupgrd.dll 2007-09-17 07:35 44,032 --a------ C:\WINDOWS\SYSTEM32\mqdscli.dll 2007-09-17 07:35 403,456 --a------ C:\WINDOWS\SYSTEM32\winbrand.dll 2007-09-17 07:35 4,608 --a------ C:\WINDOWS\SYSTEM32\mqsvc.exe 2007-09-17 07:35 384,512 --a------ C:\WINDOWS\SYSTEM32\mp4sdmod.dll 2007-09-17 07:35 360,448 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll 2007-09-17 07:35 352,256 --a------ C:\WINDOWS\SYSTEM32\ir41_qcx.dll 2007-09-17 07:35 35,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys 2007-09-17 07:35 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll 2007-09-17 07:35 316,040 --a------ C:\WINDOWS\SYSTEM32\mp43dmod.dll 2007-09-17 07:35 3,584 --a------ C:\WINDOWS\SYSTEM32\dsprpres.dll 2007-09-17 07:35 29,696 --a------ C:\WINDOWS\SYSTEM32\asr_pfu.exe 2007-09-17 07:35 280,576 --a------ C:\WINDOWS\SYSTEM32\appmgr.dll 2007-09-17 07:35 27,648 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll 2007-09-17 07:35 27,136 --a------ C:\WINDOWS\SYSTEM32\asr_fmt.exe 2007-09-17 07:35 268,800 --a------ C:\WINDOWS\winhlp32.exe 2007-09-17 07:35 24,576 --a------ C:\WINDOWS\SYSTEM32\efsadu.dll 2007-09-17 07:35 232,448 --a------ C:\WINDOWS\SYSTEM32\tracerpt.exe 2007-09-17 07:35 23,040 --a------ C:\WINDOWS\SYSTEM32\proxycfg.exe 2007-09-17 07:35 218,112 --a------ C:\WINDOWS\SYSTEM32\sbe.dll 2007-09-17 07:35 214,016 --a------ C:\WINDOWS\SYSTEM32\mqoa.dll 2007-09-17 07:35 212,992 --a------ C:\WINDOWS\SYSTEM32\ir50_qc.dll 2007-09-17 07:35 196,608 --a------ C:\WINDOWS\SYSTEM32\ir50_qcx.dll 2007-09-17 07:35 195,072 --a------ C:\WINDOWS\SYSTEM32\xpsp1res.dll 2007-09-17 07:35 19,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys 2007-09-17 07:35 184,832 --a------ C:\WINDOWS\SYSTEM32\gptext.dll 2007-09-17 07:35 183,296 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe 2007-09-17 07:35 181,760 --a------ C:\WINDOWS\SYSTEM32\activeds.dll 2007-09-17 07:35 18,944 --a------ C:\WINDOWS\SYSTEM32\encapi.dll 2007-09-17 07:35 176,128 --a------ C:\WINDOWS\SYSTEM32\xpob2res.dll 2007-09-17 07:35 17,408 --a------ C:\WINDOWS\SYSTEM32\secedit.exe 2007-09-17 07:35 17,408 --a------ C:\WINDOWS\SYSTEM32\mqbkup.exe 2007-09-17 07:35 165,888 --a------ C:\WINDOWS\SYSTEM32\mqrt.dll 2007-09-17 07:35 164,352 --a------ C:\WINDOWS\SYSTEM32\mqtrig.dll 2007-09-17 07:35 160,768 --a------ C:\WINDOWS\SYSTEM32\appmgmts.dll 2007-09-17 07:35 156,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys 2007-09-17 07:35 155,648 --a------ C:\WINDOWS\SYSTEM32\encdec.dll 2007-09-17 07:35 14,848 --a------ C:\WINDOWS\SYSTEM32\mqise.dll 2007-09-17 07:35 137,216 --a------ C:\WINDOWS\regedit.exe 2007-09-17 07:35 135,168 --a------ C:\WINDOWS\SYSTEM32\ir41_qc.dll 2007-09-17 07:35 134,144 --a------ C:\WINDOWS\SYSTEM32\Mssap.dll 2007-09-17 07:35 130,048 --a------ C:\WINDOWS\SYSTEM32\mqad.dll 2007-09-17 07:35 119,808 --a------ C:\WINDOWS\SYSTEM32\schtasks.exe 2007-09-17 07:35 116,224 --a------ C:\WINDOWS\SYSTEM32\gpresult.exe 2007-09-17 07:35 115,712 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll 2007-09-17 07:35 115,200 --a------ C:\WINDOWS\SYSTEM32\mqrtdep.dll 2007-09-17 07:35 110,080 --a------ C:\WINDOWS\SYSTEM32\sbeio.dll 2007-09-17 07:35 110,080 --a------ C:\WINDOWS\SYSTEM32\aclui.dll 2007-09-17 07:35 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tunmp.sys 2007-09-17 07:35 103,936 --a------ C:\WINDOWS\SYSTEM32\rsnotify.exe 2007-09-17 07:35 10,752 --a------ C:\WINDOWS\SYSTEM32\spiisupd.exe 2007-09-17 07:35 10,752 --a------ C:\WINDOWS\hh.exe 2007-09-17 07:35 1,769,472 --a------ C:\WINDOWS\SYSTEM32\dxdiagn.dll 2007-09-17 07:35 1,703,936 --a------ C:\WINDOWS\SYSTEM32\d3d9.dll 2007-09-17 07:35 1,157,120 --a------ C:\WINDOWS\SYSTEM32\ntbackup.exe 2007-09-17 07:35 1,006,592 --a------ C:\WINDOWS\explorer.exe 2007-09-17 07:34 995,384 --a------ C:\WINDOWS\SYSTEM32\mfc42u.dll 2007-09-17 07:34 995,383 --a------ C:\WINDOWS\SYSTEM32\mfc42.dll 2007-09-17 07:34 99,840 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-20 17:15:10 499,712 ----a-w C:\WINDOWS\system32\MSVCP71.dll 2007-09-20 17:15:10 348,160 ----a-w C:\WINDOWS\system32\MSVCR71.dll 2007-09-17 17:49:30 64,342 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-09-17 17:49:30 429,946 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-09-12 18:52:50 21,464 ----a-w C:\DOCUME~1\Maniek\DANEAP~1\GDIPFONTCACHEV1.DAT 2007-07-31 18:45:30 69,632 ----a-w C:\WINDOWS\system32\wshext.dll 2007-07-31 18:45:30 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll 2007-07-31 18:45:28 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-07-31 18:45:28 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll 2007-07-31 18:45:28 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll 2007-07-31 18:45:24 32,768 ----a-w C:\WINDOWS\system32\dispex.dll 2007-07-31 18:45:22 135,168 ----a-w C:\WINDOWS\system32\wscript.exe 2007-07-31 18:45:06 114,688 ----a-w C:\WINDOWS\system32\cscript.exe 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-23 19:50:56 -------- d-----w C:\Program Files\Spyware Doctor ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-09-12 05:34 2415680 -ra------ c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LanzarP2006”=“C:\DOCUME~1\Maniek\USTAWI~1\Temp{EFECE691-E414-4024-8979-4BB358E2DC7D}{EEBA9416-3207-47E0-9022-116440599DBC}…\P2006tmp\Install.exe” [] “RTHDCPL”=“RTHDCPL.EXE” [2006-03-14 11:01 C:\WINDOWS\RTHDCPL.exe] “internat.exe”=“internat.exe” [] “AT-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “Anti-Trojan-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “PCSuiteTrayApplication”=“D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2005-03-22 09:39] “DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [2005-03-31 09:30] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-08-05 21:05] “COMODO Firewall Pro”=“C:\Program Files\Comodo\Firewall\CPF.exe” [2007-09-19 08:12] “cnfgCav”=“C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe” [2007-09-20 19:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-07 10:32] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 18:05] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06] “Spyware Doctor”=“C:\Program Files\Spyware Doctor\swdoctor.exe” [2007-07-23 21:53] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-09-12 05:34] “PcSync”=“D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2005-04-20 09:57] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”=“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSharedDocuments”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoLowDiskSpaceChecks”=1 (0x1) “ForceClassicControlPanel”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=“C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln] monln.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages :\WINDOW [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] “IrMon”=irmon.exe “LoadPowerProfile”=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *Newly Created Service* - CAVASM *Newly Created Service* - COMODO_ANTI-VIRUS_AND_ANTI-SPYWARE_SERVICE HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{CA0A4247-44BE-11d1-A005-00805F8ABE06} RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf Contents of the ‘Scheduled Tasks’ folder 2007-09-05 07:00:02 C:\WINDOWS\tasks\Rozpoczęcie aplikacji dostrajania.job 2007-09-20 17:55:18 C:\WINDOWS\tasks\Harmonogram programu PCHealth dla zbierania danych.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 20:15:36 Windows 5.1.2600 Dodatek Service Pack. 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-20 20:16:42 C:\ComboFix-quarantined-files.txt … 2007-09-20 20:16 C:\ComboFix3.txt … 2007-09-17 21:06 C:\ComboFix2.txt … 2007-09-18 23:03 — E O F —