"Lis" - 07-04-14 10:24:03 Dodatek Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Lis\Pulpit"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\MS32DLL.dll.vbs
c:\MS32DLL.dll.vbs
c:\autorun.inf
d:\MS32DLL.dll.vbs
d:\autorun.inf
((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))
2007-04-13 19:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-13 19:14
d-------- C:\Program Files\Tweak-XP Pro 4
2007-04-12 10:32 d-------- C:\Program Files\GameSpy Arcade
2007-04-12 10:26 d-------- C:\Program Files\EA GAMES
2007-04-07 12:01 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-04-07 12:01 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2007-04-07 12:01 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-04-07 12:01 d-------- C:\Program Files\Samsung
2007-04-02 17:04 d-------- C:\DOCUME~1\Lis\DANEAP~1\FreeCall
2007-04-01 22:37 d-------- C:\DOCUME~1\Lis\DANEAP~1\Apple Computer
2007-04-01 22:34 d-------- C:\Program Files\QuickTime
2007-04-01 22:34 d-------- C:\DOCUME~1\ALLUSE~1.WIN\DANEAP~1\Apple Computer
2007-03-21 18:49 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-03-21 18:49 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-03-21 17:59 d-------- C:\Program Files\Google
2007-03-21 17:59 d-------- C:\DOCUME~1\Lis\DANEAP~1\Google
2007-03-20 20:22 d-------- C:\Program Files\Stalker in the rain
2007-03-20 16:43 d-------- C:\Program Files\THQ
2007-03-20 09:41 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-20 09:41 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-03-19 12:49 d-------- C:\Program Files\SFT Loader
2007-03-18 21:12 d-------- C:\Program Files\Stick Figures
2007-03-18 12:33 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-03-18 12:33 315,392 --a------ C:\WINDOWS\HideWin.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-14 10:08 -------- d-------- C:\Program Files\flashget
2007-04-13 21:10 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\xfire
2007-04-13 20:41 -------- d---s---- C:\Program Files\xfire
2007-04-12 16:36 -------- d--h----- C:\Program Files\installshield installation information
2007-04-11 19:49 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\tlen.pl
2007-04-07 13:40 -------- d-------- C:\Program Files\winamp
2007-04-04 19:20 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\skype
2007-04-02 18:24 82326 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-02 18:24 485766 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-20 09:42 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-03-19 11:48 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\bittorrent
2007-03-18 12:33 -------- d-------- C:\Program Files\realtek
2007-03-12 23:48 -------- d-------- C:\Program Files\subedit-player
2007-03-08 22:06 -------- d-------- C:\Program Files\gadu-gadu
2007-03-05 22:56 -------- d-------- C:\Program Files\vaioxp
2007-03-05 22:27 -------- d-------- C:\Program Files\reference assemblies
2007-03-01 21:01 -------- d-------- C:\Program Files\far
2007-03-01 20:13 -------- d-------- C:\Program Files\odkurzacz
2007-03-01 18:27 4484608 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-02-26 16:03 16125440 --a------ C:\WINDOWS\rthdcpl.exe
2007-02-24 21:11 -------- d-------- C:\Program Files\sony ericsson
2007-02-24 13:26 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-02-24 13:26 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\teamspeak2
2007-02-16 17:39 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\myphoneexplorer
2007-01-30 17:47 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-16 11:39 1191936 --a------ C:\WINDOWS\rtlupd.exe
2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-06 19:23 174 --a------ C:\DOCUME~1\Lis\DANEAP~1\dm.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Gainward"="C:\\Program Files\\XpertVision\\TBPanel.exe /A"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
"Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lis^Menu Start^Programy^Autostart^Total Commander.lnk]
"path"="C:\\Documents and Settings\\Lis\\Menu Start\\Programy\\Autostart\\Total Commander.lnk"
"backup"="C:\\WINDOWS\\pss\\Total Commander.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\TOTALC~1\\Totalcmd.exe "
"item"="Total Commander"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATI9BE"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O6 \"USB002\" /M \"Stylus CX3600\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlen"
"hkey"="HKCU"
"command"="C:\\Program Files\\Tlen.pl\\tlen.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcBtnMgr_X73"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACMonitor_X73"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="odk_mcd"
"hkey"="HKCU"
"command"="C:\\Program Files\\Odkurzacz\\odk_mcd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odk_mcd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SkyTel"
"hkey"="HKLM"
"command"="SkyTel.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979c9331-e9cd-11db-9b3c-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bac4e13d-9848-11db-bb8e-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bac4e13e-9848-11db-bb8e-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-14 10:25:27
C:\ComboFix-quarantined-files.txt ... 07-04-14 10:25