ComboFix 07-12-02.7 - Adi 2007-12-05 12:07:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.749 [GMT 1:00] Running from: C:\Documents and Settings\Adi\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\002D75B2.nfLiA C:\Program Files\myglobalsearch\bar\Cache\002D80BE C:\Program Files\myglobalsearch\bar\Cache\002D84D5.bin C:\Program Files\myglobalsearch\bar\Cache\002D8ADF.bin C:\Program Files\myglobalsearch\bar\Cache\002D8DED.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))) . 2007-12-05 12:11 . 2007-12-05 12:11 2007-12-05 12:11 . 2007-12-05 12:11 2007-12-05 12:11 . 2007-12-05 12:11 2007-12-04 12:18 . 2007-12-04 12:18 2007-12-04 12:15 . 2007-12-04 12:15 2007-12-04 12:09 . 2007-12-04 12:09 2007-12-04 12:01 . 2007-12-04 12:01 2007-12-04 12:01 . 2007-12-04 12:23 2007-12-04 11:50 . 2007-12-04 11:51 2007-12-04 11:50 . 2007-12-05 11:32 2007-11-28 17:54 . 2007-11-28 17:55 2007-11-23 10:55 . 2007-11-23 10:55 2007-11-19 08:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-19 08:19 . 2007-11-19 08:20 2007-11-19 08:17 . 2007-11-19 08:17 2007-11-18 13:15 . 2007-11-19 08:22 1,408 --a------ C:\WINDOWS\mozver.dat 2007-11-15 15:02 . 2007-11-15 15:02 2007-11-15 15:02 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2007-11-15 12:01 . 2007-11-15 12:01 2007-11-14 16:25 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-11-14 16:25 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-14 16:25 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-11-14 16:19 . 2007-11-14 16:19 2007-11-14 16:19 . 2007-11-14 16:19 2007-11-14 16:19 . 2007-11-14 16:36 2007-11-14 16:19 . 2007-12-04 12:11 2007-11-14 11:50 . 2007-11-14 11:50 2007-11-14 11:50 . 2007-11-14 12:25 2007-11-14 11:50 . 2007-11-14 11:50 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2007-11-14 11:50 . 2007-11-14 11:50 584 --a------ C:\WINDOWS\system32\settings.sfm 2007-11-14 11:47 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2007-11-14 11:47 . 2006-10-06 07:17 53,248 --------- C:\WINDOWS\Ctregrun.exe 2007-11-14 11:47 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2007-11-14 11:45 . 2007-11-14 11:45 2007-11-14 11:45 . 2007-11-14 11:45 2007-11-14 11:45 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-11-14 11:45 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-11-14 11:44 . 2007-11-14 11:44 2007-11-14 11:44 . 2005-06-27 11:37 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll 2007-11-14 11:44 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-11-14 11:44 . 2005-06-15 04:07 11,264 --a------ C:\WINDOWS\INRES.DLL 2007-11-14 11:44 . 2005-07-07 10:26 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini 2007-11-14 11:44 . 2005-03-08 07:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini 2007-11-14 11:43 . 2000-12-13 03:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2 2007-11-14 11:43 . 2000-12-05 02:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2 2007-11-14 11:43 . 1999-09-22 08:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2 2007-11-14 11:41 . 2007-11-14 11:41 2007-11-14 11:41 . 2007-11-28 17:54 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2007-11-14 11:40 . 2007-11-14 11:47 2007-11-13 15:59 . 2007-11-13 15:59 991,744 --a------ C:\WINDOWS\system32\syssetup.dll 2007-11-13 15:59 . 2007-11-13 15:59 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-13 15:59 . 2007-11-13 15:59 219,648 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-11-13 15:59 . 2007-11-13 17:59 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-11-13 15:59 . 2007-11-13 15:59 140,800 --a------ C:\WINDOWS\system32\sfc_os.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 16:53 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-14 10:47 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-13 23:13 --------- d-----w C:\Program Files\SAGEM WiFi manager 2007-11-13 23:12 --------- d-----w C:\Program Files\SAGEM 2007-11-13 22:47 --------- d-----w C:\Program Files\Usługi online 2007-11-13 15:06 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2007-11-13 15:06 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys 2007-11-13 15:06 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2007-11-13 15:06 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2007-11-13 15:06 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2007-11-13 15:06 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2007-11-13 15:06 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2007-11-13 15:06 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2007-11-13 15:06 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys 2007-11-13 15:06 39,552 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2007-11-13 15:06 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2007-11-13 15:06 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2007-11-13 15:06 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2007-11-13 15:06 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys 2007-11-13 15:06 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys 2007-11-13 15:06 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2007-11-13 15:06 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2007-11-13 15:05 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys 2007-11-13 15:05 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys 2007-11-13 15:05 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys 2007-11-13 15:05 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys 2007-11-13 15:05 12,288 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys 2007-11-13 15:05 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys 2007-11-13 15:05 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys 2007-11-13 15:05 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys 2007-11-13 15:05 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTSysVol”=“C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” [2005-10-31 10:51] “P17Helper”=“Rundll32 P17.dll” [] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2004-08-03 23:43 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-11-14 00:13:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoInternetIcon”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\system32\ZDCndis5.SYS S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\ZDPNDIS5.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ WebClient LmHosts RemoteRegistry upnphost SSDPSRV . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 12:11:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 12:12:51 - machine was rebooted . — E O F —