ComboFix 07-02-06.3 - Running from: "F:\Robert1\potrzebne" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-08 19:30 41,476 --ahs---- C:\WINDOWS\system32\smsc.exe 2007-05-08 14:12 41,476 -r-hs---- C:\WINDOWS\system\msnmsgr32.exe 2007-05-07 20:28 d-------- C:\Program Files\BearShare 2007-05-07 20:28 d-------- C:\My Downloads 2007-05-03 18:38 58,548 --ahs---- C:\WINDOWS\system32\host.exe 2007-05-03 13:39 d-------- C:\Program Files\Ager Web Edytor 2007-05-03 10:37 392 --a------ C:\zzc.exe 2007-05-02 19:06 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-02 19:06 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe 2007-05-02 19:06 175,616 --a------ C:\WINDOWS\system32\strings.exe 2007-05-02 19:06 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-05-02 19:06 126,976 --a------ C:\WINDOWS\system32\zip.exe 2007-05-02 19:06 11,254 --a------ C:\WINDOWS\system32\locate.com 2007-05-02 18:53 d-------- C:\VundoFix Backups 2007-05-02 18:05 60,416 --a------ C:\WINDOWS\system32\drivers\jwedvcwc.sys 2007-05-02 18:05 336 --a------ C:\reboot.bat 2007-05-02 18:05 19,814 --a------ C:\reboot.exe 2007-05-02 18:05 126,976 --a------ C:\zip.exe 2007-05-02 18:05 1,342 --a------ C:\avexport.bat 2007-05-02 18:05 1,080 --a------ C:\gdalsciy.bat 2007-05-02 16:37 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-05-02 10:34 64,315 --a------ C:\adsok.exe 2007-04-27 19:44 d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\CyberLink 2007-04-27 19:42 d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\CyberLink 2007-04-27 19:39 d-------- C:\Program Files\CyberLink 2007-04-25 20:18 d-------- C:\Program Files\illiminable 2007-04-21 20:27 d-------- C:\WINDOWS\ShellNew 2007-04-21 20:26 d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\Microsoft Web Folders 2007-04-21 16:08 d-------- C:\Program Files\Yahoo! 2007-04-21 16:07 d-------- C:\Program Files\CCleaner 2007-04-21 16:01 d-------- C:\Program Files\RegCleaner 2007-04-20 12:32 488,835 ---hs---- C:\WINDOWS\system32\ststv.bak2 2007-04-19 22:23 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2007-04-19 22:23 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll 2007-04-19 22:23 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2007-04-19 22:23 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll 2007-04-19 22:23 73,216 --a------ C:\WINDOWS\system32\uniime.dll 2007-04-19 22:23 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2007-04-19 22:23 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll 2007-04-19 22:23 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll 2007-04-19 22:23 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll 2007-04-19 22:23 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll 2007-04-19 22:23 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll 2007-04-19 22:23 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll 2007-04-19 22:23 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll 2007-04-19 22:23 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll 2007-04-19 22:23 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll 2007-04-19 22:23 6,144 --a------ C:\WINDOWS\system32\kbd101.dll 2007-04-19 22:23 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll 2007-04-19 22:23 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2007-04-19 22:22 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll 2007-04-19 10:02 204,800 --a------ C:\WINDOWS\system32\clcl4.exe 2007-04-19 09:54 49,204 --a------ C:\WINDOWS\system32\jgtiqivu.dll 2007-04-19 09:54 462,859 ---hs---- C:\WINDOWS\system32\ststv.bak1 2007-04-18 21:48 11,063 --a------ C:\WINDOWS\system32\awvtq.dll 2007-04-18 19:03 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-04-18 19:03 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-04-18 19:03 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-04-18 19:03 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-04-18 19:03 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-04-18 19:03 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-04-18 16:49 d-------- C:\avenger 2007-04-18 15:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 15:07 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-18 15:07 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 15:07 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 15:07 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-18 15:07 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 15:07 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 14:46 d-------- C:\WINDOWS\CSC 2007-04-18 14:42 185,856 --a------ C:\WINDOWS\system32\Bmp2Jpeg.dll 2007-04-18 14:42 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-04-17 18:04 d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\FRISK Software 2007-04-17 17:06 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-04-15 21:08 787,456 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-15 21:08 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2007-04-15 21:08 151,552 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll 2007-04-15 20:59 d-------- C:\WINDOWS\LastGood 2007-04-15 20:52 d-------- C:\WINDOWS\LastGood.Tmp 2007-04-15 20:51 d-------- C:\ATI 2007-04-12 13:03 d-------- C:\Program Files\PuTTY 2007-04-12 07:17 d-------- C:\Program Files\BearShare Applications 2007-04-11 15:00 d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\FileZilla 2007-04-11 14:59 d-------- C:\Program Files\FileZilla Client 2007-04-10 17:55 d-------- C:\!KillBox (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-09 14:07 -------- d-------- C:\Program Files\mozilla firefox 2007-05-09 12:51 -------- d-------- C:\Program Files\wanadoo 2007-05-08 18:58 -------- d-------- C:\Program Files\flashget 2007-05-08 14:53 -------- d-------- C:\Program Files\gadu-gadu 2007-05-05 20:50 -------- d-------- C:\Program Files\polo 2007-05-03 21:51 -------- d---s---- C:\DOCUME~1\Rodzina\Dane aplikacji\microsoft 2007-05-02 23:47 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\skype 2007-05-02 16:47 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-28 10:43 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\identities 2007-04-27 19:39 -------- d--h----- C:\Program Files\installshield installation information 2007-04-26 20:42 -------- d-------- C:\Program Files\maiet 2007-04-23 14:22 -------- d-------- C:\Program Files\ea sports 2007-04-21 20:25 -------- d-------- C:\Program Files\microsoft frontpage 2007-04-18 17:48 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\adobe 2007-04-15 20:50 -------- d-------- C:\Program Files\ati technologies 2007-04-07 18:52 -------- d-------- C:\Program Files\pwn 2007-04-07 10:52 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\help 2007-04-05 21:56 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\divx 2007-04-05 21:09 3805 --a------ C:\WINDOWS\mozver.dat 2007-04-04 20:50 49492 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-04 20:50 355486 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-04 18:27 -------- d-------- C:\Program Files\stardock 2007-04-04 16:29 -------- d-------- C:\Program Files\divx 2007-04-04 16:28 -------- d-------- C:\Program Files\google 2007-04-01 21:33 -------- d-------- C:\Program Files\microsoft.net 2007-03-31 13:01 -------- d-------- C:\Program Files\robster productions 2007-03-29 21:28 -------- d--h----- C:\Program Files\windowsupdate 2007-03-29 12:48 -------- d-------- C:\Program Files\marbit 2007-03-27 15:13 -------- d-------- C:\Program Files\Common Files\adobe 2007-03-27 09:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe 2007-03-27 09:55 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-03-27 09:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-03-27 09:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-03-27 09:55 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-03-27 09:55 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-03-27 09:55 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-03-27 09:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-03-27 09:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-03-27 09:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll 2007-03-27 09:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-03-27 09:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll 2007-03-27 09:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-03-27 09:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-03-27 09:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-03-27 09:48 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-03-25 16:10 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-03-25 16:10 -------- d-------- C:\Program Files\hewlett-packard 2007-03-23 15:41 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\ganymedenet 2007-03-23 14:58 -------- d-------- C:\Program Files\winamp 2007-03-21 20:08 -------- d-------- C:\Program Files\ahead 2007-03-21 20:07 -------- d-------- C:\Program Files\Common Files\ahead 2007-03-21 17:24 -------- d-------- C:\Program Files\skype 2007-03-21 16:54 -------- d-------- C:\Program Files\messenger 2007-03-21 16:46 -------- d-------- C:\Program Files\windows nt 2007-03-21 16:46 -------- d-------- C:\Program Files\movie maker 2007-03-21 16:26 -------- d-------- C:\Program Files\lavalys 2007-03-21 11:55 -------- d-------- C:\Program Files\valve 2007-03-21 11:22 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\macromedia 2007-03-21 11:21 107134 --a------ C:\WINDOWS\uninstallfirefox.exe 2007-03-21 11:21 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-21 11:21 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\mozilla 2007-03-21 11:14 -------- d-------- C:\Program Files\sagem 2007-03-21 11:14 -------- d-------- C:\Program Files\javasoft 2007-03-21 10:36 -------- d-------- C:\Program Files\alwil software 2007-03-21 10:35 -------- d-------- C:\DOCUME~1\Rodzina\Dane aplikacji\ati 2007-03-21 10:19 -------- d-------- C:\Program Files\Common Files\installshield 2007-03-21 10:12 -------- d-------- C:\Program Files\c-media 3d audio 2007-03-21 10:03 0 -rahs---- C:\MSDOS.SYS 2007-03-21 10:03 0 -rahs---- C:\IO.SYS 2007-03-21 10:03 0 --a------ C:\CONFIG.SYS 2007-03-21 10:03 0 --a------ C:\AUTOEXEC.BAT 2007-03-21 10:01 -------- d-------- C:\Program Files\usˆugi online 2007-03-21 10:00 -------- d-------- C:\Program Files\Common Files\mssoap 2007-03-21 09:59 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-21 09:58 -------- d-------- C:\Program Files\msn gaming zone 2007-03-21 09:50 62 --ahs---- C:\DOCUME~1\Rodzina\Dane aplikacji\desktop.ini 2007-03-21 09:50 -------- d-------- C:\Program Files\Common Files\speechengines 2007-03-21 09:50 -------- d-------- C:\Program Files\Common Files\odbc 2007-03-02 22:54 307200 --a------ C:\WINDOWS\system32\atidemgx.dll 2007-03-02 22:29 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-03-02 22:17 258048 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-02-26 17:44 147685 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe" "HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDll32 cmicnfg" "hkey"="HKLM" "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="flashget" "hkey"="HKLM" "command"="C:\\Program Files\\FlashGet\\flashget.exe /min" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ADILOADER ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070502-190256-980 O2 - BHO: (no name) - {2BFA6DC1-E90C-4CC1-B826-3ABF1645ED9B} - (no file) backup-20070502-190245-534 O4 - HKLM\..\Run: [egcnimwk] C:\gdalsciy.bat backup-20070430-140052-515 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070430-140052-378 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070430-140052-111 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe backup-20070430-140052-288 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe backup-20070430-140052-474 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070430-140052-299 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background backup-20070430-140051-240 O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\fhsiowtt.dll",realset backup-20070428-111129-945 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070428-111129-678 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070428-111129-856 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070428-111129-646 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe (file missing) backup-20070428-111129-929 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070428-105622-683 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070428-105622-860 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070428-105622-651 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe backup-20070428-105622-871 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070428-105622-954 O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\efpcajce.dll",realset backup-20070428-105622-950 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070426-202730-443 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070426-202730-620 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070426-202730-806 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070426-202730-411 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe backup-20070426-202730-631 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070426-202730-245 O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\jherkqyk.dll",realset backup-20070425-204634-246 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070425-204634-979 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070425-204634-156 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070425-204634-342 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe (file missing) backup-20070425-204512-337 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070425-204444-762 O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent backup-20070425-204444-679 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070425-202606-955 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab backup-20070425-202606-560 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20070425-202606-780 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20070425-202549-141 O23 - Service: Microsoft Host Service (MSHOST) - Unknown owner - C:\WINDOWS\system\host.exe backup-20070423-145821-899 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070423-145821-679 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070423-145703-319 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070420-223015-795 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC backup-20070420-223000-370 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070420-223000-171 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 backup-20070420-223000-904 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName backup-20070420-223000-267 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC backup-20070420-223000-872 O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 backup-20070420-223000-440 O4 - HKLM\..\Run: [clcl4] C:\WINDOWS\System32\clcl4.exe backup-20070419-174130-950 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070419-174020-142 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070418-162316-585 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070418-162231-612 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070418-162148-540 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070418-162046-977 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070418-161935-977 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070418-141505-891 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe (file missing) backup-20070417-174928-551 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070414-105801-504 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070414-105801-421 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe (file missing) backup-20070414-095615-900 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe backup-20070414-095546-947 O23 - Service: msn msgr 32-bit client process (msnmsgr32) - Unknown owner - C:\WINDOWS\system\msnmsgr32.exe backup-20070413-212702-663 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070412-172411-816 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070412-172403-987 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070412-172403-766 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070410-175810-683 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070410-175759-442 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070409-221107-279 O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) backup-20070409-221107-549 R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) backup-20070409-221107-454 O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) backup-20070408-201550-655 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070408-201550-435 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070408-201541-748 O23 - Service: System Manger Service 32 (SMSC) - Unknown owner - C:\WINDOWS\system\smsc.exe backup-20070408-162059-336 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx backup-20070404-205038-222 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070404-184635-236 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070404-184635-421 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb backup-20070404-184635-246 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb backup-20070404-184635-329 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070404-184635-732 O4 - HKLM\..\Run: [Ms M1crofost System updt] C:\WINDOWS\System32\ehuytq.exe backup-20070404-184635-930 O4 - HKLM\..\RunServices: [Ms M1crofost System updt] C:\WINDOWS\System32\ehuytq.exe backup-20070403-223633-133 O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) backup-20070403-144339-628 O4 - HKLM\..\RunServices: [Ms M1crofost System updt] C:\WINDOWS\System32\ehuytq.exe backup-20070403-144339-233 O4 - HKLM\..\Run: [Ms M1crofost System updt] C:\WINDOWS\System32\ehuytq.exe backup-20070403-144307-505 O4 - HKCU\..\Run: [Ms M1crofost System updt] C:\WINDOWS\System32\ehuytq.exe backup-20070403-144249-372 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab backup-20070330-225825-944 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070330-225825-129 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ backup-20070330-225825-734 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb backup-20070330-225825-954 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb backup-20070330-225825-444 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070327-212059-577 O23 - Service: msnntlp - Unknown owner - C:\WINDOWS\system\msnntlp.exe backup-20070327-212034-969 R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll backup-20070327-212025-746 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza backup-20070327-212025-547 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070327-212025-280 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ backup-20070327-212025-458 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb backup-20070327-212025-644 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb backup-20070327-212025-780 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb backup-20070321-080910-920 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070320-205500-175 O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe backup-20070320-205500-258 O4 - HKLM\..\Run: [msvccc66] svcchosst.exe backup-20070320-205500-955 O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) backup-20070320-155507-758 O4 - HKCU\..\Run: [Live Messanger] livemsgr.exe backup-20070320-155507-944 O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe backup-20070320-155507-548 O4 - HKLM\..\RunServices: [Live Messanger] livemsgr.exe backup-20070320-155507-831 O4 - HKLM\..\Run: [msvccc66] svcchosst.exe backup-20070320-155507-914 O4 - HKLM\..\Run: [Live Messanger] livemsgr.exe backup-20070319-143954-788 O4 - HKLM\..\Run: [msvccc66] svcchosst.exe backup-20070319-143954-933 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza backup-20070319-143954-567 O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe backup-20070317-170043-413 O4 - HKLM\..\Run: [msvccc66] svcchosst.exe backup-20070314-215802-389 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-09 14:31:36