"Ja" - 2007-08-15 17:35:21    Dodatek Service Pack 2  NTFS  
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Ja\Moje dokumenty\Security\"


(((((((((((((((((((((((((   Files Created from 2007-07-15 to 2007-08-15  )))))))))))))))))))))))))))))))


2007-08-15 17:33	<DIR>	d--------	C:\avenger
2007-08-11 18:30	<DIR>	d--------	C:\Program Files\R3x
2007-08-11 12:33	<DIR>	d--------	C:\Program Files\Speed Gear 5
2007-08-07 13:29	<DIR>	d--------	C:\Program Files\Alcohol Soft
2007-08-07 11:35	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2007-08-06 13:09	82,258	--a------	C:\WINDOWS\system32\drivers\klin.dat
2007-08-06 13:09	82,258	--a------	C:\WINDOWS\system32\drivers\klick.dat
2007-08-06 13:08	65,824	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-06 13:08	2,836,768	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-06 13:08	<DIR>	d--------	C:\Program Files\Kaspersky Lab
2007-08-06 13:08	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-08-05 03:27	683,984	-ra------	C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-08-05 03:26	281,552	--a------	C:\WINDOWS\system32\cfosspeed.dll
2007-08-05 03:26	<DIR>	d--------	C:\Program Files\cFosSpeed
2007-08-04 13:06	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files
2007-07-25 04:20	<DIR>	d--------	C:\Program Files\ElcomSoft
2007-07-24 16:14	<DIR>	d--------	C:\Program Files\uTorrent
2007-07-24 16:14	<DIR>	d--------	C:\DOCUME~1\Ja\DANEAP~1\uTorrent
2007-07-19 00:10	<DIR>	d--------	C:\DOCUME~1\Ja\WINDOWS
2007-07-18 11:52	<DIR>	d--------	C:\Program Files\foobar2000
2007-07-18 11:52	<DIR>	d--------	C:\DOCUME~1\Ja\DANEAP~1\foobar2000


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 13:29:02	--------	d-----w	C:\Program Files\FlashGet
2007-08-14 22:09:35	--------	d-----w	C:\Program Files\Valve
2007-08-14 22:09:28	--------	d-----w	C:\Program Files\sXe Injected
2007-07-26 20:59:28	--------	d-----w	C:\Program Files\AvRack
2007-07-24 14:30:01	--------	d-----w	C:\Program Files\Lavalys
2007-07-19 21:12:43	--------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-07-18 16:03:25	--------	d-----w	C:\Program Files\Winamp
2007-07-14 03:21:58	--------	d-----w	C:\Program Files\DFX
2007-07-11 12:15:12	--------	d-----w	C:\Program Files\Tunatic
2007-07-11 01:35:59	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\dvdcss
2007-07-11 01:34:29	--------	d-----w	C:\Program Files\Xilisoft
2007-07-10 09:57:37	1	----a-w	C:\WINDOWS\system32\SysDVDtoavi.dat
2007-07-10 00:48:49	--------	d-----w	C:\Program Files\Save Flash
2007-07-10 00:10:33	--------	d-----w	C:\Program Files\Software by Design
2007-07-09 14:35:01	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\Skype
2007-07-09 14:32:57	--------	d-----w	C:\Program Files\Common Files\Skype
2007-07-08 12:06:07	--------	d-----w	C:\Program Files\Microsoft IEAK 7
2007-07-06 19:26:24	--------	d-----w	C:\Program Files\Alwil Software
2007-07-05 15:09:28	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-07-05 15:09:28	--------	d-----w	C:\Program Files\VID_0E8F&PID_0012
2007-07-05 11:49:39	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\WNR
2007-07-04 19:23:42	--------	d-----w	C:\Program Files\Streamload
2007-07-04 19:20:15	--------	d-----w	C:\Program Files\Webteh
2007-07-04 19:19:03	--------	d-----w	C:\Program Files\NKProds
2007-07-04 11:19:31	--------	d-----w	C:\Program Files\EA GAMES
2007-07-04 11:18:20	--------	d-----w	C:\Program Files\Common Files\DirectX
2007-07-03 21:03:19	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\Ahead
2007-07-01 01:37:55	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\Jasc
2007-07-01 01:37:24	--------	d-----w	C:\Program Files\Jasc Software Inc
2007-07-01 00:38:52	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\MoyeaFLV2Video
2007-07-01 00:32:16	--------	d-----w	C:\Program Files\Moyea
2007-06-29 02:20:22	--------	d-----w	C:\Program Files\LClock
2007-06-29 00:39:19	--------	d-----w	C:\Program Files\Stoik
2007-06-28 10:51:48	206,088	----a-w	C:\WINDOWS\system32\klogon.dll
2007-06-27 23:58:05	--------	d-----w	C:\Program Files\MySecretFolder XP
2007-06-27 23:56:32	702	----a-w	C:\WINDOWS\unins000.dat
2007-06-27 20:04:02	335	----a-w	C:\WINDOWS\mozregistry.dat
2007-06-27 20:03:32	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\Talkback
2007-06-27 17:36:25	--------	d-----w	C:\Program Files\Binboy
2007-06-24 02:38:50	75,706	----a-w	C:\WINDOWS\system32\perfc015.dat
2007-06-24 02:38:50	451,564	----a-w	C:\WINDOWS\system32\perfh015.dat
2007-06-23 21:07:25	--------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared
2007-06-22 18:11:13	35,363	----a-w	C:\WINDOWS\system32\windrvNT.sys
2007-06-21 02:44:26	--------	d-----w	C:\Program Files\XviD
2007-06-21 02:44:14	--------	d-----w	C:\Program Files\DivX
2007-06-21 02:09:54	--------	d-----w	C:\Program Files\SendSpace
2007-06-21 01:41:04	--------	d-----w	C:\Program Files\Fotosik Manager
2007-06-18 22:59:08	--------	d-----w	C:\Program Files\Gadu-Gadu
2007-06-18 20:26:28	1,688	----a-w	C:\WINDOWS\mozver.dat
2007-06-17 15:49:08	--------	d-----w	C:\Program Files\Microsoft.NET
2007-06-17 02:21:37	--------	d-----w	C:\DOCUME~1\Ja\DANEAP~1\Opera
2007-06-17 02:21:33	--------	d-----w	C:\Program Files\Opera
2007-06-16 14:52:26	--------	d-----w	C:\Program Files\SubEdit-Player
2007-06-16 13:16:20	--------	d-----w	C:\Program Files\Ultra RM Converter
2007-06-16 13:12:12	2,368	----a-w	C:\WINDOWS\system32\SVKP.sys
2007-06-15 10:16:34	--------	d-----w	C:\Program Files\Easy RealMedia Tools
2007-06-15 10:13:37	--------	d-----w	C:\Program Files\AviSynth 2.5
2007-06-15 10:13:21	--------	d-----w	C:\Program Files\AC3Filter
2007-06-15 02:02:30	--------	d-----w	C:\Program Files\Audacity
2007-06-14 18:36:07	1,056	----a-w	C:\WINDOWS\system32\tmp.reg
2007-06-14 12:00:25	64,419	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2007-06-14 12:00:25	6,108	----a-w	C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-14 12:00:24	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll
2007-06-09 19:17:45	464	----a-w	C:\WINDOWS\system32\WMV9VCM.dll
2007-06-09 19:17:45	464	----a-w	C:\WINDOWS\system32\vorbisenc.dll
2007-06-09 19:17:45	464	----a-w	C:\WINDOWS\system32\vorbis.dll
2007-06-09 19:17:45	464	----a-w	C:\WINDOWS\system32\OggDS.dll
2007-06-09 19:17:45	464	----a-w	C:\WINDOWS\system32\ogg.dll
2007-06-09 19:17:44	464	----a-w	C:\WINDOWS\system32\mplvpx.dll
2007-06-09 19:17:44	464	----a-w	C:\WINDOWS\system32\cpuinf32.dll
2007-06-09 19:17:43	464	----a-w	C:\WINDOWS\system32\xvidcore.dll
2007-05-19 15:57:27	0	----a-w	C:\WINDOWS\nsreg.dat
2007-05-19 14:33:30	0	--sha-r	C:\MSDOS.SYS
2007-05-19 14:33:30	0	--sha-r	C:\IO.SYS
2007-05-19 14:33:30	0	----a-w	C:\CONFIG.SYS
2007-05-19 14:33:30	0	----a-w	C:\AUTOEXEC.BAT
2007-05-19 14:31:01	21,856	----a-w	C:\WINDOWS\system32\emptyregdb.dat
2004-08-03 23:44:24	60,928	--sha-w	C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
2006-05-03 10:06:54	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16	31,744	--sh--r	C:\WINDOWS\system32\msfDX.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-16 11:03]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 17:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-02 17:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ja^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ja\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ja^Menu Start^Programy^Autostart^Rapidown.lnk]
path=C:\Documents and Settings\Ja\Menu Start\Programy\Autostart\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\catsrv]
C:\Documents and Settings\Ja\Policies\catsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
C:\Program Files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSF_Monitor]
C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinGuard Pro]
C:\Program Files\WGP\wgp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002c6796-46ad-11dc-8c9f-0014853102b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 17:37:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-15 17:38:37
C:\ComboFix-quarantined-files.txt ... 2007-08-15 17:38

	--- E O F ---