"user" - 07-05-04 20:09:16 Dodatek Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\user\Pulpit\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 )))))))))))))))))))))))))))))))))) 2007-05-04 19:48 d-------- C:\avenger 2007-05-04 19:03 65,536 --a------ C:\WINDOWS\system32\camlib.dll 2007-05-04 19:03 28,672 --a------ C:\WINDOWS\tpsti.exe 2007-05-04 19:03 221,184 --a------ C:\WINDOWS\ToproUI.exe 2007-05-04 19:03 198,672 --a------ C:\WINDOWS\system32\drivers\TP6800.sys 2007-05-04 19:03 1,523,712 --a------ C:\WINDOWS\system32\ToproVC.dll 2007-05-04 18:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-05-04 18:10 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-05-04 18:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-05-04 18:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-05-04 18:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-05-04 18:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-05-04 18:09 54,784 --a------ C:\WINDOWS\vfwwdm32.dll 2007-05-04 18:09 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-05-04 18:09 d-------- C:\Program Files\Topro 2007-05-04 12:54 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-02 11:16 d-------- C:\Program Files\3D GIF Designer 2007-04-29 20:04 d-------- C:\dvbdream 2007-04-29 18:36 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe 2007-04-29 18:25 d-------- C:\Program Files\Nero6 2007-04-29 15:41 d-------- C:\DOCUME~1\user\DANEAP~1\Media Player Classic 2007-04-28 21:05 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-04-28 21:05 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-04-28 21:04 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-28 21:04 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-28 21:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-28 21:04 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-28 21:04 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-28 21:04 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-28 21:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-28 21:04 d-------- C:\Program Files\K-Lite Codec Pack 2007-04-28 19:37 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-04-28 19:37 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-04-28 19:37 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-04-28 19:32 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-04-28 17:33 d-------- C:\WINDOWS\Cache 2007-04-22 11:48 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-04-21 18:05 d-------- C:\Program Files\CCleaner 2007-04-21 15:17 d-------- C:\DOCUME~1\user\DANEAP~1\Gadu-Gadu 2007-04-12 11:39 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-12 11:39 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-12 11:39 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-12 11:39 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-12 11:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-12 11:39 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-12 11:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-10 18:16 d-------- C:\Program Files\Alcohol Toolbar 2007-04-05 13:42 d-------- C:\Bluzgator 1.4 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-04 20:09 -------- d-------- C:\DOCUME~1\user\DANEAP~1\skype 2007-05-04 19:54 -------- d-------- C:\Program Files\neostrada tp 2007-05-04 19:03 -------- d--h----- C:\Program Files\installshield installation information 2007-05-04 13:15 -------- d-------- C:\DOCUME~1\user\DANEAP~1\limewire 2007-05-04 11:09 -------- d-------- C:\Program Files\skaneronline 2007-05-02 17:08 -------- d-------- C:\Program Files\ahead 2007-04-29 18:09 -------- d-------- C:\Program Files\cyberlink 2007-04-29 17:58 -------- d-------- C:\Program Files\skype 2007-04-28 12:01 -------- d-------- C:\Program Files\av vcs 3.0 2007-04-13 16:14 -------- d-------- C:\Program Files\city interactive 2007-04-13 16:13 -------- d-------- C:\Program Files\sprawdziany szostoklasisty 2006 2007-04-10 18:16 -------- d-------- C:\Program Files\alcohol soft 2007-04-10 18:12 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-10 12:26 -------- d-------- C:\Program Files\rockstar games 2007-04-02 20:03 -------- d-------- C:\Program Files\windows media connect 2 2007-04-02 19:25 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-04-02 18:21 1407 --a------ C:\WINDOWS\mozver.dat 2007-04-02 18:05 -------- d-------- C:\Program Files\emule 2007-03-25 13:42 72134 --a--c--- C:\WINDOWS\system32\perfc015.dat 2007-03-25 13:42 438502 --a--c--- C:\WINDOWS\system32\perfh015.dat 2007-03-17 16:06 -------- d-------- C:\Program Files\bearshare 2007-03-17 15:46 -------- d-------- C:\Program Files\tooncar 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-12 16:10 -------- d-------- C:\Program Files\kaspersky lab 2007-03-10 12:20 -------- d-------- C:\Program Files\e-net 2007-03-09 22:12 -------- d-------- C:\Program Files\regcleaner 2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-07 21:08 -------- d-------- C:\Program Files\avery dennison 2007-03-07 20:55 -------- d-------- C:\Program Files\easycalendarmakerspecial 2007-03-07 20:53 -------- d-------- C:\Program Files\softland 2007-03-06 16:40 -------- d-------- C:\Program Files\bearshare acceleration patch 2007-03-05 18:09 -------- d-------- C:\Program Files\dj mix master 2007-03-05 18:05 -------- d-------- C:\Program Files\pity 2007-03-04 13:18 -------- d-------- C:\Program Files\google 2007-02-17 12:04 41 --a------ C:\WINDOWS\system32\cfeadb2_s.dll 2007-02-08 20:58 16 --a------ C:\WINDOWS\system32\datarnvx.dat 2007-02-05 22:19 185856 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe" "Realtime Audio Engine"="mmrtkrnl.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "nwiz"="nwiz.exe /install" "tppoll"="C:\\Program Files\\Topro\\tppoll.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Gadu-Gadu"="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk] "path"="C:\\Documents and Settings\\user\\Menu Start\\Programy\\Autostart\\Stardock ObjectDock.lnk" "backup"="C:\\WINDOWS\\pss\\Stardock ObjectDock.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\OBJECT~1\\OBJECT~1.EXE " "item"="Stardock ObjectDock" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Y'z ToolBar.lnk] "path"="C:\\Documents and Settings\\user\\Menu Start\\Programy\\Autostart\\Y'z ToolBar.lnk" "backup"="C:\\WINDOWS\\pss\\Y'z ToolBar.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\YZTOOL~1\\YZTOOL~1.EXE " "item"="Y'z ToolBar" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare Acceleration Patch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare Acceleration Patch" "hkey"="HKCU" "command"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\BearShare Acceleration Patch\\BearShare Acceleration Patch.lnk" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EdHTML" "hkey"="HKCU" "command"="E:\\Program Files\\Binboy\\EdHTMLv5.0\\EdHTML.exe /none" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="emule" "hkey"="HKCU" "command"="C:\\Program Files\\eMule\\emule.exe -AutoStart" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="gg" "hkey"="HKCU" "command"="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBJ" "hkey"="HKCU" "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AutoUpdate" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Onet.pl\\AutoUpdate.exe /tsr" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="E:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="rem -- Anulowane uruchamianie programu WITaj! 2000" "hkey"="HKCU" "command"="rem -- Anulowane uruchamianie programu WITaj! 2000" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-04 20:12:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-04 20:12:18 C:\ComboFix-quarantined-files.txt ... 07-05-04 20:12 C:\ComboFix2.txt ... 07-05-04 13:07 C:\ComboFix3.txt ... 07-05-04 12:54