"O.o KoNrAd o.O" - 2007-06-03 19:01:50 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\O.o KoNrAd o.O\Pulpit\" ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-06-03 18:50 d-------- C:\avenger 2007-06-03 12:53 d-------- C:\VundoFix Backups 2007-06-02 12:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-06-02 12:19 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-06-02 12:19 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-06-02 12:19 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-06-02 12:19 d-------- C:\WINDOWS\system32\ZoneLabs 2007-06-02 12:19 d-------- C:\WINDOWS\Internet Logs 2007-06-02 12:11 206 --a------ C:\WINDOWS\g6417265.exe 2007-06-02 11:51 206 --a------ C:\WINDOWS\g5215968.exe 2007-06-02 10:15 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-06-02 10:15 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-02 10:15 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-02 10:15 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-02 10:15 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-02 10:15 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-02 10:15 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-02 10:15 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-06-02 10:15 d-------- C:\Program Files\Alwil Software 2007-06-02 10:14 2,580 --a------ C:\WINDOWS\system32\paousxmk.exe 2007-06-02 10:05 131,124 --a------ C:\WINDOWS\system32\qmsvdvbd.dll 2007-06-02 10:02 263,220 --a------ C:\WINDOWS\system32\jkhhg.dll.vir 2007-06-02 09:57 61,096 --a------ C:\WINDOWS\system32\xpdx.sys 2007-06-02 09:57 29,206 --a------ C:\WINDOWS\system32\khffedc.dll.vir 2007-06-02 09:57 1,536 --a------ C:\puqnymc.exe 2007-06-02 09:33 d-------- C:\Program Files\Firaxis Games 2007-05-30 21:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-30 20:00 d-------- C:\Program Files\WorldUnlock Codes Calculator 2007-05-29 16:10 d-------- C:\DOCUME~1\OOKONR~1.O\DANEAP~1\Lavasoft 2007-05-28 19:57 d-------- C:\tmp 2007-05-28 19:50 d-------- C:\Program Files\Blender Foundation 2007-05-27 12:48 d---s---- C:\DOCUME~1\Edyta\UserData 2007-05-25 11:41 d-------- C:\Moje Strony Web 2007-05-25 11:40 d-------- C:\Program Files\WinHTTrack 2007-05-24 13:35 d-------- C:\DOCUME~1\OOKONR~1.O\DANEAP~1\Help 2007-05-24 13:13 d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-05-24 13:13 d-------- C:\Program Files\TibiaBot NG 2007-05-22 19:18 d-------- C:\sims 2007-05-22 15:25 d-------- C:\Program Files\Tibia Auto 2007-05-22 15:20 d-------- C:\Python24 2007-05-21 19:35 d-------- C:\DOCUME~1\OOKONR~1.O\DANEAP~1\Hewlett-Packard 2007-05-20 19:01 d-------- C:\Program Files\EA SPORTS 2007-05-19 09:41 d-------- C:\Program Files\Konami 2007-05-16 20:46 d-------- C:\WINDOWS\system32\appmgmt 2007-05-16 20:45 18,628 --------- C:\WINDOWS\system32\drivers\AVIDUMSS.sys 2007-05-15 13:57 d-------- C:\Program Files\Techland 2007-05-10 18:39 17,144 --a------ C:\DOCUME~1\OOKONR~1.O\DANEAP~1\GDIPFONTCACHEV1.DAT 2007-05-10 15:15 d-------- C:\DOCUME~1\OOKONR~1.O\DANEAP~1\Skype 2007-05-06 09:02 262,144 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-05-06 09:02 dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji 2007-05-06 09:02 dr------- C:\DOCUME~1\ADMINI~1\Menu Start 2007-05-06 09:02 d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne 2007-05-06 09:02 d--h----- C:\DOCUME~1\ADMINI~1\Szablony 2007-05-06 09:02 d-------- C:\DOCUME~1\ADMINI~1\Ulubione 2007-05-06 09:02 d-------- C:\DOCUME~1\ADMINI~1\Pulpit 2007-05-06 09:02 d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty 2007-05-04 13:05 d-------- C:\Program Files\AC3Filter (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 16:50:42 -------- d-----w C:\Program Files\FlashGet 2007-06-02 07:38:00 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-02 07:25:37 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-28 11:19:44 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-28 11:19:44 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-01 18:12:53 1,277 ----a-w C:\WINDOWS\mozver.dat 2007-04-21 16:16:51 -------- d-----w C:\Program Files\Hewlett-Packard 2007-04-21 16:16:49 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-04-21 08:04:34 -------- d-----w C:\Program Files\GameJack 5 2007-04-21 08:01:06 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-04-21 07:37:54 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-20 19:12:44 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-20 19:10:35 -------- d-----w C:\Program Files\SlySoft 2007-04-20 18:56:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-04-19 16:30:02 -------- d-----w C:\Program Files\Common Files\ODBC 2007-04-19 16:29:59 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-04-19 15:56:01 -------- d-----w C:\DOCUME~1\OOKONR~1.O\DANEAP~1\FlashGet 2007-04-19 15:49:13 -------- d-----w C:\Program Files\WinPcap 2007-04-19 15:49:01 -------- d-----w C:\Program Files\netcut 2007-04-19 15:28:03 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-19 15:16:30 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-19 15:11:34 -------- d-----w C:\Program Files\Ahead 2007-04-19 14:56:50 -------- d-----w C:\Program Files\Trend Micro 2007-04-19 14:51:55 -------- d-----w C:\Program Files\Realtek Sound Manager 2007-04-19 14:51:55 -------- d-----w C:\Program Files\AvRack 2007-04-19 14:43:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-19 14:43:16 0 --sha-r C:\MSDOS.SYS 2007-04-19 14:43:16 0 --sha-r C:\IO.SYS 2007-04-19 14:43:16 0 ----a-w C:\CONFIG.SYS 2007-04-19 14:43:16 0 ----a-w C:\AUTOEXEC.BAT 2007-04-19 14:41:42 -------- d--h--w C:\Program Files\WindowsUpdate 2007-04-19 14:41:37 -------- d-----w C:\Program Files\Usługi online 2007-04-19 14:40:54 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-04-19 14:40:47 -------- d-----w C:\Program Files\Movie Maker 2007-04-19 14:39:55 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-19 14:39:23 -------- d-----w C:\Program Files\Messenger 2007-04-19 14:39:18 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-04-19 14:39:10 -------- d-----w C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-04-13 10:34] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-04-13 11:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-04-16 17:10] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine] rundll32.exe "C:\WINDOWS\system32\qmsvdvbd.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "D:\Programy\Phoneskype\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wuauclt3] wuauclt3.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-03 16:56:00 C:\WINDOWS\tasks\WebReg 20070531185649.job ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 16:50:42 -------- d-----w C:\Program Files\FlashGet 2007-06-02 07:38:00 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-02 07:25:37 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-28 11:19:44 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-28 11:19:44 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-01 18:12:53 1,277 ----a-w C:\WINDOWS\mozver.dat 2007-04-21 16:16:51 -------- d-----w C:\Program Files\Hewlett-Packard 2007-04-21 16:16:49 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-04-21 08:04:34 -------- d-----w C:\Program Files\GameJack 5 2007-04-21 08:01:06 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-04-21 07:37:54 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-20 19:12:44 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-20 19:10:35 -------- d-----w C:\Program Files\SlySoft 2007-04-20 18:56:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-04-19 16:30:02 -------- d-----w C:\Program Files\Common Files\ODBC 2007-04-19 16:29:59 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-04-19 15:56:01 -------- d-----w C:\DOCUME~1\OOKONR~1.O\DANEAP~1\FlashGet 2007-04-19 15:49:13 -------- d-----w C:\Program Files\WinPcap 2007-04-19 15:49:01 -------- d-----w C:\Program Files\netcut 2007-04-19 15:28:03 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-19 15:16:30 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-19 15:11:34 -------- d-----w C:\Program Files\Ahead 2007-04-19 14:56:50 -------- d-----w C:\Program Files\Trend Micro 2007-04-19 14:51:55 -------- d-----w C:\Program Files\Realtek Sound Manager 2007-04-19 14:51:55 -------- d-----w C:\Program Files\AvRack 2007-04-19 14:43:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-19 14:43:16 0 --sha-r C:\MSDOS.SYS 2007-04-19 14:43:16 0 --sha-r C:\IO.SYS 2007-04-19 14:43:16 0 ----a-w C:\CONFIG.SYS 2007-04-19 14:43:16 0 ----a-w C:\AUTOEXEC.BAT 2007-04-19 14:41:42 -------- d--h--w C:\Program Files\WindowsUpdate 2007-04-19 14:41:37 -------- d-----w C:\Program Files\Usługi online 2007-04-19 14:40:54 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-04-19 14:40:47 -------- d-----w C:\Program Files\Movie Maker 2007-04-19 14:39:55 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-19 14:39:23 -------- d-----w C:\Program Files\Messenger 2007-04-19 14:39:18 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-04-19 14:39:10 -------- d-----w C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-04-13 10:34] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-04-13 11:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-04-16 17:10] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine] rundll32.exe "C:\WINDOWS\system32\qmsvdvbd.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "D:\Programy\Phoneskype\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wuauclt3] wuauclt3.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-03 16:56:00 C:\WINDOWS\tasks\WebReg 20070531185649.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 19:03:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 19:04:33 C:\ComboFix-quarantined-files.txt ... 2007-06-03 19:04 --- E O F ---