ComboFix 08-02-19.2 - Basior 2008-02-19 9:24:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.1112 [GMT 1:00]
Running from: C:\Users\Basior\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00EAE29.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00EB099.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00EB338.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]07AC6F8
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-16 21:33 . 2008-02-16 21:33 <DIR> d-------- C:\Users\Basior\AppData\Roaming\DivX
2008-02-16 14:08 . 2008-02-19 08:06 <DIR> d-------- C:\Users\Basior\AppData\Roaming\skypePM
2008-02-16 14:08 . 2008-02-16 14:08 32 --a------ C:\Users\All Users\ezsid.dat
2008-02-16 14:08 . 2008-02-16 14:08 32 --a------ C:\ProgramData\ezsid.dat
2008-02-16 14:07 . 2008-02-16 14:30 <DIR> d-------- C:\Program Files\Skype
2008-02-16 14:07 . 2008-02-16 14:07 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-14 17:12 . 2008-02-14 17:12 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-02-14 17:12 . 2008-02-14 17:12 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-02-14 17:07 . 2008-02-14 17:07 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-02-14 17:07 . 2008-02-14 17:07 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-02-14 17:07 . 2008-02-14 17:07 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-02-14 17:07 . 2008-02-14 17:07 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-02-14 17:07 . 2008-02-14 17:07 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-02-09 17:42 . 2008-02-09 17:42 <DIR> d-------- C:\Users\Basior\AppData\Roaming\Bluefive software
2008-02-09 17:39 . 2008-02-09 17:39 <DIR> d-------- C:\Program Files\PIXresizer
2008-02-09 17:39 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\System32\gdiplus.dll
2008-02-09 17:39 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\System32\imageviewer2.ocx
2008-02-09 17:39 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\System32\tabctl32.ocx
2008-02-09 17:39 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\System32\threed32.ocx
2008-02-09 17:39 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\System32\ccrpfd6.ocx
2008-02-09 17:39 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\System32\ccrpbds6.dll
2008-02-09 17:39 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\System32\mbprgbar.ocx
2008-01-30 18:55 . 2008-01-30 18:55 <DIR> d-------- C:\Program Files\Java
2008-01-30 18:55 . 2008-01-30 18:55 410,976 --a------ C:\WINDOWS\System32\deploytk.dll
2008-01-29 15:09 . 2008-01-29 15:09 <DIR> d-------- C:\Users\Basior\AppData\Roaming\Uniblue
2008-01-29 15:09 . 2008-01-29 15:09 <DIR> d-------- C:\Program Files\Uniblue
2008-01-29 14:01 . 2008-01-29 14:01 <DIR> d-------- C:\Program Files\WinPcap
2008-01-29 14:01 . 2008-01-29 14:04 <DIR> d-------- C:\Program Files\Nmap
2008-01-29 13:13 . 2008-02-01 15:51 <DIR> d-------- C:\Users\Basior\AppData\Roaming\Winamp
2008-01-29 01:29 . 2008-01-29 01:29 <DIR> d-------- C:\Program Files\SkanerOnline
2008-01-28 22:30 . 2008-01-28 22:39 <DIR> d-------- C:\Program Files\[url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url]
2008-01-28 18:04 . 2008-01-28 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 18:04 . 2008-01-28 18:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 14:14 . 2008-01-28 14:14 <DIR> d-------- C:\Program Files\MozBackup
2008-01-19 15:53 . 2008-01-19 15:53 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-01-19 15:53 . 2008-01-19 15:53 45 ---h----- C:\WINDOWS\dsez8433.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 08:29 55,125,536 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-02-19 08:16 --------- d-----w C:\Users\Basior\AppData\Roaming\Skype
2008-02-19 06:49 --------- d-----w C:\Program Files\NetPanel
2008-02-19 06:47 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-02-18 20:22 740,492 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-02-16 17:24 --------- d-----w C:\Program Files\Picasa2
2008-02-16 13:07 --------- d-----w C:\ProgramData\Skype
2008-02-16 11:32 --------- d-----w C:\Program Files\FlashGet
2008-02-14 16:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 16:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 16:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 16:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 16:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 22:26 --------- d-----w C:\ProgramData\Roxio
2008-02-01 18:09 --------- d-----w C:\Program Files\Asystent Plusfon 401i
2008-02-01 14:33 --------- d-----w C:\Program Files\Winamp
2008-01-31 18:51 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
2008-01-28 17:06 --------- d-----w C:\ProgramData\Apple Computer
2008-01-28 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 13:55 --------- d-----w C:\Program Files\Playboy - The Mansion
2008-01-11 15:05 --------- d-----w C:\Users\Basior\AppData\Roaming\VoipDiscount
2008-01-11 15:04 --------- d-----w C:\Program Files\VoipDiscount.com
2008-01-10 16:56 --------- d-----w C:\Program Files\Google
2008-01-09 21:24 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 21:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-05 13:17 --------- d---a-w C:\ProgramData\TEMP
2008-01-03 20:42 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-01 22:19 --------- d-----w C:\Program Files\Wirtualny Projektor
2007-12-30 11:35 --------- d-----w C:\ProgramData\PassMark
2007-12-23 23:51 --------- d-----w C:\Program Files\WapSter
2007-12-23 10:46 --------- d-----w C:\Program Files\Lavalys
2007-12-22 02:35 88,704 ----a-w C:\Windows\System32\Packet.dll
2007-12-13 05:43 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 05:43 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 05:43 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 05:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 05:40 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-19 03:31 240,248 ----a-w C:\Windows\System32\wpcap.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-07-27 15:22 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-01-30 18:55 31744 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-01-30 18:55 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18 2351864]
"WinClicker.exe"="C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:24 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 10:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 10:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 10:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-29 00:42 46704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 00:30 517768]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
"NWEReboot"="" []
"Fast3202"="E:\Setup\livebox_tp.exe" [ ]
"NetPanel"="C:\Program Files\NetPanel\Starter.exe" [2007-11-21 18:16 100032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-01-30 18:55 148888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2001-07-21 21:30 55568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-17 01:16:50 113664]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 07:02:11 34520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk]
backup=C:\Windows\pss\DSLMON.lnk.CommonStartup
backupExtension=.CommonStartup
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 18:33]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 18:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 11:29]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\hmumdm.sys [2007-03-27 09:26]
S3 NPF;WinPcap Packet Driver (NPF);C:\Windows\system32\drivers\NPF.sys [2007-11-19 04:31]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 10:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 10:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 10:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 10:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 10:33]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 18:30:10 C:\Windows\Tasks\HPCeeScheduleForBasior.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 09:29:30
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-19 9:30:53
ComboFix-quarantined-files.txt 2008-02-19 08:30:50
.
2008-02-16 09:59:01 --- E O F ---
Temat jest zamknięty
