"Lis" - 07-04-14 10:24:03 Dodatek Service Pack 2 ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Lis\Pulpit" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\MS32DLL.dll.vbs c:\MS32DLL.dll.vbs c:\autorun.inf d:\MS32DLL.dll.vbs d:\autorun.inf ((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 )))))))))))))))))))))))))))))))))) 2007-04-13 19:14 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-13 19:14 d-------- C:\Program Files\Tweak-XP Pro 4 2007-04-12 10:32 d-------- C:\Program Files\GameSpy Arcade 2007-04-12 10:26 d-------- C:\Program Files\EA GAMES 2007-04-07 12:01 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll 2007-04-07 12:01 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe 2007-04-07 12:01 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll 2007-04-07 12:01 d-------- C:\Program Files\Samsung 2007-04-02 17:04 d-------- C:\DOCUME~1\Lis\DANEAP~1\FreeCall 2007-04-01 22:37 d-------- C:\DOCUME~1\Lis\DANEAP~1\Apple Computer 2007-04-01 22:34 d-------- C:\Program Files\QuickTime 2007-04-01 22:34 d-------- C:\DOCUME~1\ALLUSE~1.WIN\DANEAP~1\Apple Computer 2007-03-21 18:49 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-03-21 18:49 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-03-21 17:59 d-------- C:\Program Files\Google 2007-03-21 17:59 d-------- C:\DOCUME~1\Lis\DANEAP~1\Google 2007-03-20 20:22 d-------- C:\Program Files\Stalker in the rain 2007-03-20 16:43 d-------- C:\Program Files\THQ 2007-03-20 09:41 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-03-20 09:41 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-03-19 12:49 d-------- C:\Program Files\SFT Loader 2007-03-18 21:12 d-------- C:\Program Files\Stick Figures 2007-03-18 12:33 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-03-18 12:33 315,392 --a------ C:\WINDOWS\HideWin.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-14 10:08 -------- d-------- C:\Program Files\flashget 2007-04-13 21:10 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\xfire 2007-04-13 20:41 -------- d---s---- C:\Program Files\xfire 2007-04-12 16:36 -------- d--h----- C:\Program Files\installshield installation information 2007-04-11 19:49 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\tlen.pl 2007-04-07 13:40 -------- d-------- C:\Program Files\winamp 2007-04-04 19:20 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\skype 2007-04-02 18:24 82326 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-02 18:24 485766 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-20 09:42 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-03-19 11:48 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\bittorrent 2007-03-18 12:33 -------- d-------- C:\Program Files\realtek 2007-03-12 23:48 -------- d-------- C:\Program Files\subedit-player 2007-03-08 22:06 -------- d-------- C:\Program Files\gadu-gadu 2007-03-05 22:56 -------- d-------- C:\Program Files\vaioxp 2007-03-05 22:27 -------- d-------- C:\Program Files\reference assemblies 2007-03-01 21:01 -------- d-------- C:\Program Files\far 2007-03-01 20:13 -------- d-------- C:\Program Files\odkurzacz 2007-03-01 18:27 4484608 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-02-26 16:03 16125440 --a------ C:\WINDOWS\rthdcpl.exe 2007-02-24 21:11 -------- d-------- C:\Program Files\sony ericsson 2007-02-24 13:26 -------- d-------- C:\Program Files\teamspeak2_rc2 2007-02-24 13:26 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\teamspeak2 2007-02-16 17:39 -------- d-------- C:\DOCUME~1\Lis\DANEAP~1\myphoneexplorer 2007-01-30 17:47 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-01-16 11:39 1191936 --a------ C:\WINDOWS\rtlupd.exe 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr 2007-01-06 19:23 174 --a------ C:\DOCUME~1\Lis\DANEAP~1\dm.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Gainward"="C:\\Program Files\\XpertVision\\TBPanel.exe /A" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe" "Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lis^Menu Start^Programy^Autostart^Total Commander.lnk] "path"="C:\\Documents and Settings\\Lis\\Menu Start\\Programy\\Autostart\\Total Commander.lnk" "backup"="C:\\WINDOWS\\pss\\Total Commander.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\TOTALC~1\\Totalcmd.exe " "item"="Total Commander" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bittorrent" "hkey"="HKCU" "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_FATI9BE" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O6 \"USB002\" /M \"Stylus CX3600\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tlen" "hkey"="HKCU" "command"="C:\\Program Files\\Tlen.pl\\tlen.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AcBtnMgr_X73" "hkey"="HKLM" "command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ACMonitor_X73" "hkey"="HKLM" "command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="odk_mcd" "hkey"="HKCU" "command"="C:\\Program Files\\Odkurzacz\\odk_mcd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odk_mcd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyTel" "hkey"="HKLM" "command"="SkyTel.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979c9331-e9cd-11db-9b3c-4d6564696130}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bac4e13d-9848-11db-bb8e-806d6172696f}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bac4e13e-9848-11db-bb8e-806d6172696f}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-14 10:25:27 C:\ComboFix-quarantined-files.txt ... 07-04-14 10:25