"user" - 07-08-08 13:54:58 Dodatek Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\user\Pulpit\Bezpieczeästwo\" ((((((((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))))) 2007-08-08 12:18 d-------- C:\Program Files\Ad Muncher 2007-08-08 11:01 d-------- C:\avenger 2007-08-04 12:02 d-------- C:\Program Files\KM Remote 2007-08-04 11:59 310 --a------ C:\DOCUME~1\user\DANEAP~1\regdatels.dat 2007-08-04 11:59 d-------- C:\Program Files\Lomsel Shutdown 2007-08-03 12:11 d-------- C:\DOCUME~1\user\DANEAP~1\Azureus 2007-08-03 12:11 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Azureus 2007-08-02 19:23 d-------- C:\Downloads 2007-08-02 19:06 d-------- C:\Program Files\FlashGet 2007-07-30 17:49 d-------- C:\DOCUME~1\user\DANEAP~1\gtk-2.0 2007-07-30 15:15 d-------- C:\Program Files\mIRC 2007-07-28 11:44 d-------- C:\DOCUME~1\user\DANEAP~1\Media Player Classic 2007-07-25 18:48 2,662 --ahs---- C:\WINDOWS\system32\httpklg.sys 2007-07-25 18:48 0 --ahs---- C:\WINDOWS\system32\httpget.sys 2007-07-25 18:48 d-------- C:\WINDOWS\system32\WindowsUpdate 2007-07-25 12:55 d-------- C:\DOCUME~1\user\DANEAP~1\Steganos Security Suite 7 SE 2007-07-25 11:13 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2007-07-25 11:13 d-------- C:\Program Files\Stardock 2007-07-25 11:13 d-------- C:\Program Files\Common Files\Stardock 2007-07-24 12:46 197,820 --a------ C:\fotki.exe 2007-07-21 14:42 d-------- C:\DOCUME~1\user\DANEAP~1\Dev-Cpp 2007-07-21 14:42 d-------- C:\Dev-Cpp 2007-07-19 21:32 d-------- C:\Program Files\AIEPR 2007-07-19 20:54 d-------- C:\Program Files\WinPcap 2007-07-19 20:54 d-------- C:\Program Files\Cain 2007-07-19 12:50 d-------- C:\Program Files\Camtech 2007-07-19 12:39 d-------- C:\Program Files\AIMPR 2007-07-19 12:31 d-------- C:\Program Files\ElcomSoft 2007-07-18 17:19 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-07-18 17:19 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-07-18 17:19 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-18 17:19 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-07-18 17:19 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-18 17:19 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-07-18 17:19 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-07-18 17:19 d-------- C:\Program Files\K-Lite Codec Pack 2007-07-16 20:15 d-------- C:\Program Files\Sunbelt Software 2007-07-16 20:09 d-------- C:\Program Files\Kerio 2007-07-15 11:44 15,872 --------- C:\WINDOWS\system32\winskfr.dll 2007-07-15 11:44 119,568 --------- C:\WINDOWS\system32\vb6fr.dll 2007-07-15 11:44 d-------- C:\Program Files\Eurobarre 2007-07-14 15:44 d-------- C:\DOCUME~1\user\DANEAP~1\Avant Profiles 2007-07-14 10:57 d-------- C:\DOCUME~1\user\DANEAP~1\backup 2007-07-08 15:45 d-------- C:\Program Files\Opera 2007-07-08 15:45 d-------- C:\DOCUME~1\user\DANEAP~1\Opera (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-08 11:01 -------- d-------- C:\Program Files\autoconnect 2007-08-06 19:47 -------- d-------- C:\DOCUME~1\user\DANEAP~1\skype 2007-08-06 19:04 -------- d-------- C:\Program Files\speedfan 2007-08-06 12:54 -------- d-------- C:\Program Files\av vcs 3.0 2007-08-03 13:16 -------- d-------- C:\Program Files\gimp-2.0 2007-08-02 23:01 -------- d-------- C:\DOCUME~1\user\DANEAP~1\utorrent 2007-08-02 19:41 -------- d--h----- C:\Program Files\installshield installation information 2007-08-02 19:35 -------- d-------- C:\Program Files\xchat 2007-08-02 19:35 -------- d-------- C:\Program Files\warszawkaracer 2007-08-02 19:34 -------- d-------- C:\Program Files\emule 2007-07-31 11:23 -------- d-------- C:\Program Files\iparty programs 2007-07-29 23:12 -------- d-------- C:\DOCUME~1\user\DANEAP~1\x-chat 2 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswboot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\avastss.scr 2007-07-16 21:12 -------- d-------- C:\Program Files\winamp 2007-07-14 15:13 1407 --a------ C:\WINDOWS\mozver.dat 2007-07-12 11:09 72134 --a--c--- C:\WINDOWS\system32\perfc015.dat 2007-07-12 11:09 438502 --a--c--- C:\WINDOWS\system32\perfh015.dat 2007-07-08 19:29 -------- d-------- C:\Program Files\neostrada tp 2007-07-07 16:45 -------- d-------- C:\Program Files\google 2007-07-06 16:24 -------- d-------- C:\DOCUME~1\user\DANEAP~1\frostwire 2007-07-05 15:50 -------- d-------- C:\Program Files\jowood 2007-07-03 18:43 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 18:43 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-03 15:59 -------- d-------- C:\Program Files\szybki lopez 2007-07-03 14:07 -------- d-------- C:\Program Files\moorhunt 2007-06-28 19:53 -------- d-------- C:\Program Files\ahead 2007-06-28 19:50 -------- d-------- C:\Program Files\Common Files\lightscribe 2007-06-28 19:48 -------- d-------- C:\Program Files\nero 2007-06-27 19:05 972072 --a------ C:\WINDOWS\unneromediahome.exe 2007-06-27 12:16 -------- d-------- C:\Program Files\lavalys 2007-06-26 16:36 20 --a------ C:\WINDOWS\system32\rgc4.dll 2007-06-26 16:36 -------- d-------- C:\Program Files\audio4you 2007-06-26 16:17 -------- d-------- C:\Program Files\tplayer 2007-06-26 14:12 972072 --a------ C:\WINDOWS\unnerovision.exe 2007-06-23 19:22 -------- d-------- C:\Program Files\sagem 2007-06-22 13:56 -------- d-------- C:\Program Files\Common Files\magix shared 2007-06-22 13:11 -------- d-------- C:\Program Files\tdk 2007-06-08 18:38 -------- d-------- C:\Program Files\invention pilot 2007-06-08 18:06 -------- d-------- C:\Program Files\registry shower 2007 2007-05-30 18:54 36424 --a------ C:\DOCUME~1\user\DANEAP~1\gdipfontcachev1.dat 2007-05-22 11:02 163840 --a------ C:\WINDOWS\system32\unrar.dll 2007-05-21 21:53 702 --a------ C:\WINDOWS\unins001.dat 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 09:18 95864 --a------ C:\WINDOWS\system32\neroco.dll 2007-05-07 15:43 63037 --a------ C:\DOCUME~1\user\DANEAP~1\update_hp_redboxhprblog_hpsu.log (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SoundMan"="SOUNDMAN.EXE" "BearShare"="\"E:\\Program Files\\BearShare\\BearShare.exe\" /pause" "WheelMouse"="C:\\Program Files\\A4Tech\\Mouse\\Amoumain.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\"" "BootSkin Startup Jobs"="\"C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs" @="" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "Ad Muncher"="C:\\Program Files\\Ad Muncher\\AdMunch.exe /bt" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Type Pilot"="\"C:\\Program Files\\Invention Pilot\\Type Pilot\\TypePlt.exe\"" "AutoConnect"="C:\\Program Files\\AutoConnect\\AutoConnect.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" @="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Gadu-Gadu"="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk] "path"="C:\\Documents and Settings\\user\\Menu Start\\Programy\\Autostart\\Stardock ObjectDock.lnk" "backup"="C:\\WINDOWS\\pss\\Stardock ObjectDock.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\OBJECT~1\\OBJECT~1.EXE " "item"="Stardock ObjectDock" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Y'z ToolBar.lnk] "path"="C:\\Documents and Settings\\user\\Menu Start\\Programy\\Autostart\\Y'z ToolBar.lnk" "backup"="C:\\WINDOWS\\pss\\Y'z ToolBar.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\YZTOOL~1\\YZTOOL~1.EXE " "item"="Y'z ToolBar" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare Acceleration Patch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare Acceleration Patch" "hkey"="HKCU" "command"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\BearShare Acceleration Patch\\BearShare Acceleration Patch.lnk" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EdHTML" "hkey"="HKCU" "command"="E:\\Program Files\\Binboy\\EdHTMLv5.0\\EdHTML.exe /none" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="emule" "hkey"="HKCU" "command"="C:\\Program Files\\eMule\\emule.exe -AutoStart" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EM_EXEC" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="gg" "hkey"="HKCU" "command"="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBJ" "hkey"="HKCU" "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AutoUpdate" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Onet.pl\\AutoUpdate.exe /tsr" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmrtkrnl" "hkey"="HKLM" "command"="mmrtkrnl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tppoll] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tppoll" "hkey"="HKLM" "command"="C:\\Program Files\\Topro\\tppoll.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="E:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="rem -- Anulowane uruchamianie programu WITaj! 2000" "hkey"="HKCU" "command"="rem -- Anulowane uruchamianie programu WITaj! 2000" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GestMaj" "hkey"="HKLM" "command"="C:\\PROGRA~1\\NEOSTR~1\\GestMaj.exe TaskBarIcon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Watch" "hkey"="HKLM" "command"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c24b45f-fbdc-11db-943e-4d6564696130}] Shell\AutoRun\command H:\USBNB.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 14:05:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-08-08 14:05:29 C:\ComboFix-quarantined-files.txt ... 07-08-08 14:05 C:\ComboFix2.txt ... 07-08-07 21:17 C:\ComboFix3.txt ... 07-07-12 11:30