ComboFix 07-06-11.3 - E:\Programy\AntiVirusowe i firewall’e\ComboFix.exe “Pedro” - 2007-06-11 23:06:36 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 ))))))))))))))))))))))))))))))) 2007-06-11 23:06 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-11 22:46 2007-06-04 23:35 2007-06-04 23:35 2007-05-26 22:19 361,480 --a------ C:\Program Files\billiards_install_1_0_0_63.exe 2007-05-26 22:19 2007-05-20 22:29 2007-05-19 18:42 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-05-19 18:42 2007-05-19 18:39 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-05-19 18:39 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-05-19 18:39 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-05-19 18:39 2007-05-19 18:38 2007-05-19 18:38 2007-05-19 18:38 2007-05-19 18:36 2007-05-19 18:35 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2007-05-19 18:35 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys 2007-05-19 18:35 10,752 --------- C:\WINDOWS\system32\rspndr.exe 2007-05-19 18:35 2007-05-19 18:35 2007-05-19 18:35 2007-05-19 18:35 2007-05-19 18:35 2007-05-19 18:34 2,115,816 --a------ C:\WINDOWS\system32\NPSWF32.dll 2007-05-19 18:34 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2007-05-19 18:34 2007-05-19 18:33 2007-05-19 18:33 2007-05-19 18:28 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2007-05-19 18:28 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2007-05-19 18:28 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2007-05-19 18:28 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2007-05-19 18:28 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-05-19 18:28 2007-05-19 18:28 2007-05-19 18:24 2007-05-19 18:22 2007-05-19 18:22 2007-05-19 18:21 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-05-19 18:20 2007-05-19 18:19 2007-05-19 18:18 2007-05-19 18:17 773,120 --a------ C:\WINDOWS\system32\bubbles.scr 2007-05-19 18:17 77,824 --a------ C:\WINDOWS\system32\StartupCPL.exe 2007-05-19 18:17 696,320 --a------ C:\WINDOWS\system32\americanflag.scr 2007-05-19 18:17 641,824 --a------ C:\WINDOWS\system32\valentines.scr 2007-05-19 18:17 291,840 --a------ C:\WINDOWS\system32\Bliss.scr 2007-05-19 18:17 176,128 --a------ C:\WINDOWS\system32\Bliss.exe 2007-05-19 18:17 117,248 --a------ C:\WINDOWS\system32\ribbons.scr 2007-05-19 18:17 117,248 --a------ C:\WINDOWS\system32\Mystify.scr 2007-05-19 18:17 1,634,304 --a------ C:\WINDOWS\system32\3dwindowsxp.scr 2007-05-19 18:17 1,263,616 --a------ C:\WINDOWS\system32\aurora.scr 2007-05-19 18:17 2007-05-19 18:17 2007-05-19 18:16 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2007-05-19 18:16 2007-05-19 17:19 2007-05-19 17:18 2007-05-19 17:18 2007-05-19 17:18 2007-05-19 17:18 2007-05-19 17:17 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-05-19 17:16 2007-05-19 14:32 2007-05-19 14:32 2007-05-18 22:41 2007-05-18 16:54 2007-05-18 16:45 90,112 --a------ C:\WINDOWS\system32\CActiveList.Dll 2007-05-18 16:45 516,096 --a------ C:\WINDOWS\system32\WinSweep.Dll 2007-05-18 16:45 5,632 --a------ C:\WINDOWS\system32\bindll.dll 2007-05-18 16:45 102,400 --a------ C:\WINDOWS\system32\CFile.Dll 2007-05-18 16:45 2007-05-18 16:06 2007-05-13 16:56 2007-05-13 16:46 2007-05-13 16:46 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-10 23:02:39 -------- d-----w C:\Program Files\SokkerViewer 2007-06-06 09:48:31 -------- d-----w C:\Program Files\TVAnts 2007-06-06 00:08:21 -------- d-----w C:\Program Files\DkZ Studio 2007-06-04 21:35:31 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-03 17:41:32 -------- d-----w C:\Program Files\AutoConnect 2007-05-31 10:25:12 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-28 00:32:21 -------- d-----w C:\Program Files\eMule 2007-05-27 17:52:03 2,191 ----a-w C:\WINDOWS\mozver.dat 2007-05-27 17:46:17 -------- d-----w C:\DOCUME~1\Pedro\DANEAP~1\GanymedeNet 2007-05-26 19:02:00 -------- d-----w C:\Program Files\Winamp 2007-05-19 18:05:20 88,642 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-19 18:05:20 497,420 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-19 18:01:05 -------- d-----w C:\Program Files\Messenger 2007-05-19 16:38:13 -------- d-----w C:\Program Files\Google 2007-05-18 20:42:57 -------- d-----w C:\Program Files\Neostrada TP 2007-05-15 21:07:37 -------- d-----w C:\DOCUME~1\Pedro\DANEAP~1\Desktop Sidebar 2007-05-02 08:07:52 -------- d-----w C:\Program Files\IrfanView 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 16:13:46 -------- d-----w C:\Program Files\SoftMaker Viewer 2007-04-25 09:40:24 -------- d-----w C:\Program Files\AVIcodec 2007-04-20 13:40:50 -------- d-----w C:\Program Files\Desktop Sidebar 2007-04-20 06:45:41 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys 2007-04-20 06:35:06 -------- d-----w C:\Program Files\Common Files\Stardock 2007-04-20 06:35:05 -------- d-----w C:\Program Files\Stardock 2007-04-19 22:28:08 -------- d-----w C:\Program Files\XP Repair Pro 2007 2007-04-15 09:50:34 -------- d-----w C:\DOCUME~1\Pedro\DANEAP~1\dvdcss 2007-03-17 13:47:17 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-20 02:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 20:27] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-16 10:41] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “DkZControls.ocx”=regsvr32.exe /s C:\WINDOWS\system32\DkZControls.ocx “scrrun.dll”=regsvr32.exe /s C:\WINDOWS\system32\scrrun.dll “Quartz.dll”=regsvr32.exe /s C:\WINDOWS\system32\Quartz.dll “SSubTmr6.dll”=regsvr32.exe /s C:\WINDOWS\system32\SSubTmr6.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “NoVisualStyleChoice”=0 (0x0) “NoColorChoice”=0 (0x0) “NoSizeChoice”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “AutoRun”=1 (0x1) “NoSharedDocuments”=1 (0x1) “NoSaveSettings”=0 (0x0) “ForceClassicControlPanel”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoLowDiskSpaceChecks”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^PowerMenu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\PowerMenu.lnk backup=C:\WINDOWS\pss\PowerMenu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pedro^Menu Start^Programy^Autostart^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET] C:\Program Files\Netia\Net\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR] “C:\Program Files\Desktop Sidebar\dsidebar.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSWEEP Popupblocker] C:\Program Files\WinSweep\WSPopup.Exe /STEP1 /SOUND [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\Autorun.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-11 23:07:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce DkZControls.ocx = regsvr32.exe /s C:\WINDOWS\system32\DkZControls.ocx???m?C???F???F?(???6~???(???J?6~???6~???6r???0???x???w?9~ ?6~???6~??6~???6~??6~???r???K?6~??? scrrun.dll = regsvr32.exe /s C:\WINDOWS\system32\scrrun.dll???6~??6~???>w???t7r???6~???7r???6~??????????6~x???w?9~??6~??????6~??6~
7r???6~???|,???7r???????????????\>wc?6~??6~ ?6~??6~????P?6~????????K?6~????????????P?? Quartz.dll = regsvr32.exe /s C:\WINDOWS\system32\Quartz.dll????6~??6~??????\>w????????????????t7r???6~????????
7r???6~???6~x???w?9~??6~???6~??6~7r???????????6~???????????????????????|,???????
7r???>wc?6~??6~ ?6~??6~???P?6~???K?6~???P?? SSubTmr6.dll = regsvr32.exe /s C:\WINDOWS\system32\SSubTmr6.dll??6~??6~???>w???t7r???6~???7r???6~??????????6~x???w?9~??6~??????6~??6~
7r???6~???|,???`7r???>wc?6~??6~ ?6~??6~???P?6~???K?6~???P?? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-11 23:07:58 — E O F —