“Tomasz” - 2007-05-13 21:35:35 Dodatek Service Pack 2 ComboFix 07-05.13.V - Running from: “C:\Documents and Settings\Tomasz\Pulpit” (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\pmnno.dll C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\onnmp.bak1 C:\WINDOWS\system32\onnmp.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\retadpu2000373.exe C:\WINDOWS\system32\ldinfo.ldr ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 )))))))))))))))))))))))))))))))))) 2007-05-13 03:05 2007-05-13 02:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-13 02:27 2007-05-13 02:27 2007-05-12 20:21 262,708 —hs---- C:\WINDOWS\system32\awtqp.dll 2007-05-12 17:21 262,708 —hs---- C:\WINDOWS\system32\ddccy.dll 2007-05-12 16:44 262,708 --ahs---- C:\WINDOWS\system32\pmkhg.dll.vir 2007-05-12 02:08 743 —hs---- C:\WINDOWS\system32\efhkj.ini2 2007-05-11 15:22 2007-05-10 22:47 850,481 --a------ C:\WINDOWS\ePLUS 3.1.1 Gadu-Gadu Uninstaller.exe 2007-05-10 18:54 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-05-10 18:54 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-05-10 18:54 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-05-10 18:54 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-05-10 18:54 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-05-10 18:54 2007-05-10 18:54 2007-05-10 18:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-09 02:47 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2007-05-09 00:48 2007-05-07 19:28 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-05-07 19:28 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-05-07 19:27 45,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-05-07 19:27 2,422,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-05-07 19:27 2007-05-07 19:27 2007-05-07 19:21 2007-05-02 15:46 2007-04-28 20:58 2007-04-23 01:47 2007-04-22 22:45 2007-04-22 20:10 2007-04-22 20:10 2007-04-22 16:41 2007-04-22 16:40 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2007-04-22 03:51 2007-04-21 16:26 2007-04-20 23:11 2007-04-20 17:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2007-04-20 17:37 2007-04-20 17:27 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-20 17:23 2007-04-20 17:22 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-04-20 17:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-20 17:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-20 15:02 2007-04-20 14:46 94,208 --a------ C:\WINDOWS\system32\W32n50.dll 2007-04-20 14:46 16,128 --a------ C:\WINDOWS\system32\PCANDIS5.SYS 2007-04-20 05:22 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-20 05:22 2007-04-20 05:22 2007-04-20 05:22 2007-04-20 05:22 2007-04-20 05:22 2007-04-20 05:22 2007-04-20 05:22 2007-04-19 22:37 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-04-19 14:07 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-04-19 14:07 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-04-19 14:07 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll 2007-04-19 14:07 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-04-19 14:07 5,033,984 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-04-19 14:07 413,696 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-04-19 14:07 41,984 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-04-19 14:07 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-04-19 14:07 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-04-19 14:07 286,720 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2007-04-19 14:07 282,624 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-04-19 14:07 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-04-19 14:07 258,048 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-04-19 14:07 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll 2007-04-19 14:07 2,693,280 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-04-19 14:07 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-04-19 14:07 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-04-19 14:07 127,614 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-04-19 14:07 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-04-19 14:07 1,540,608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-19 14:07 1,408,000 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-04-19 13:55 2007-04-19 02:06 2007-04-19 00:55 2007-04-19 00:52 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-19 00:52 2007-04-19 00:52 2007-04-19 00:51 2007-04-19 00:34 2007-04-19 00:28 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-04-19 00:28 2007-04-18 23:38 2007-04-18 22:38 2007-04-18 22:27 2007-04-18 22:17 2007-04-18 22:16 2007-04-18 20:54 2007-04-18 20:54 2007-04-18 20:54 2007-04-18 19:58 2007-04-18 19:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-18 19:16 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-18 19:16 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-18 19:16 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-04-18 19:16 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-04-18 19:16 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-04-15 15:34 2007-04-13 14:16 2007-04-13 01:16 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-11 17:26:15 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-11 00:17:31 -------- d-----w C:\Program Files\eMule 2007-05-10 20:47:22 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-06 23:58:25 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-05-02 13:44:14 -------- d-----w C:\Program Files\Fallout 2 2007-04-30 22:48:01 -------- d-----w C:\DOCUME~1\Tomasz\DANEAP~1\MegauploadToolbar 2007-04-28 18:55:46 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-28 18:55:46 -------- d-----w C:\Program Files\1C 2007-04-22 22:33:57 -------- d-----w C:\Program Files\FlashGet 2007-04-22 15:23:42 -------- d-----w C:\Program Files\eSkiMoS R2 2007-04-22 01:51:21 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-04-20 15:51:35 79,188 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-20 15:51:35 457,678 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-20 15:25:54 23,608 -c–a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-20 15:25:20 -------- d-----w C:\Program Files\Messenger 2007-04-19 14:19:09 4,348 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-04-18 21:53:16 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-04-18 17:16:53 -------- d-----w C:\Program Files\Movie Maker 2007-04-18 17:14:00 -------- d-----w C:\Program Files\Windows NT 2007-04-16 01:48:05 -------- d-----w C:\Program Files\Zoom Player 2007-04-12 19:49:31 -------- d-----w C:\Program Files\Warcraft III 2007-04-12 18:11:11 -------- d-----w C:\Program Files\kill.switch 2007-04-12 17:59:39 -------- d-----w C:\Program Files\Atari 2007-04-12 17:07:01 -------- d-----w C:\Program Files\UBISOFT 2007-04-10 11:55:39 1,282,560 --sha-r C:\WINDOWS\system32\clockz.exe 2007-04-09 16:10:26 1 ----a-w C:\WINDOWS\system32\SI.bin 2007-04-04 22:24:52 16,683 ----a-w C:\WINDOWS\War3Unin.dat 2007-04-04 22:24:37 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2007-04-04 22:24:37 126,976 ----a-w C:\WINDOWS\War3Unin.exe 2007-04-04 11:42:04 720,896 ----a-w C:\WINDOWS\iun6002ev.exe 2007-04-03 11:32:04 -------- d-----w C:\Program Files\Apple Software Update 2007-04-03 11:17:08 -------- d-----w C:\Program Files\Winamp 2007-04-03 11:17:03 -------- d-----w C:\Program Files\QuickTime 2007-04-03 11:17:01 -------- d-----w C:\Program Files\DAEMON Tools 2007-03-31 20:54:09 -------- d-----w C:\Program Files\FMA 2 2007-03-27 20:02:16 -------- d-----w C:\Program Files\Enclave 2007-03-21 13:55:20 -------- d-----w C:\Program Files\Psygnosis 2007-03-21 13:06:38 -------- d-----w C:\Program Files\Mplayer 2007-03-21 11:32:22 -------- d-----w C:\Program Files\From Dusk Till Down 2007-03-19 20:54:31 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-03-19 20:54:31 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-03-19 20:54:30 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-03-18 19:13:18 -------- d-----w C:\Program Files\Alcohol Soft 2007-03-18 19:13:09 -------- d-----w C:\Program Files\Rockstar Games 2007-03-18 19:02:51 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-03-18 12:25:23 -------- d-----w C:\Program Files\MegauploadToolbar 2007-03-12 14:01:49 98,304 -c–a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-03-11 16:13:51 149,622 ----a-w C:\WINDOWS\NGOUN.exe 2007-03-11 13:34:31 -------- d-----w C:\Program Files\iNTERNET Turbo 2001 2007-03-10 19:37:47 -------- d-----w C:\Program Files\GDivX Zenith Player 2007-03-09 18:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll 2007-03-05 17:53:16 145 ----a-w C:\WINDOWS\system32\qwesada.exe 2007-03-05 14:35:08 -------- d-----w C:\Program Files\AVIcodec 2007-03-03 13:10:49 0 ----a-w C:\WINDOWS\system32\winslog.exe 2007-03-03 12:32:03 4,096 ----a-w C:\WINDOWS\system32\hguard.dll 2007-03-03 12:32:03 126,464 ----a-w C:\WINDOWS\system32\upx-adtp.exe 2007-02-23 22:43:18 2,058 ----a-w C:\WINDOWS\system32\sdbackup.reg 2007-02-23 14:13:14 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-02-23 13:48:46 0 ----a-w C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 09:50] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 05:40] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “ATIPTA”="“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”" “AVP”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “SDTray”="“C:\Program Files\Spyware Doctor\SDTrayApp.exe”" “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-11-22 21:05] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2007-03-09 20:50] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-04-19 11:07] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2006-10-07 14:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-11-22 21:05] “Uniblue Registry Booster2”=“C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe” [2007-04-24 08:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” “Uniblue Registry Booster2”=“C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Iexplore Data1 Center”=“C:\WINDOWS\system32\clockz.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “Symantec Antivirus professional”=“regedit.exe” “tscuninstall”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Microsoft Directx push”=“directxpushup.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Symantec Antivirus professional”=“regedit.exe” “Microsoft Directx push”=“directxpushup.exe” “Internet Security Service”=“msq32.exe” “Live Messanger”=“livemsgr.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableLUA”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=dword:00000000 “NoResolveSearch”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\setup.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070513-205956-767 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-13 21:44:17 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-13 21:44:35 C:\ComboFix-quarantined-files.txt … 2007-05-13 21:44 (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\pmnno.dll C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\onnmp.bak1 C:\WINDOWS\system32\onnmp.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\retadpu2000373.exe C:\WINDOWS\system32\ldinfo.ldr ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))