Stinger log: McAfee® Stinger Version 3.0.2 built on May 4 2006 Copyright © 2006 McAfee, Inc. All Rights Reserved. Virus data file v1000 created on May 4 2006. Ready to scan for 2 viruses, trojans and variants. This product is outdated. Please go to http://vil.nai.com/vil/stinger for an update. Scan initiated on Mon Jun 25 16:49:57 2007 Number of clean files: 308141 Logfile of HijackThis v1.99.1 Scan saved at 19:51:51, on 2007-06-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\oem-pl\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM…\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [spamihilator] “C:\Program Files\Spamihilator\spamihilator.exe” O4 - HKCU…\Run: [PCTAVApp] “C:\Program Files\PC Tools AntiVirus\PCTAV.exe” /MONITORSCAN O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ … 586-jc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt Stealth 4\IJStealth4Svc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe “oem-pl” - 2007-06-25 19:53:59 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “E:\Generowanie logo Hijack” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-25 )))))))))))))))))))))))))))))))))) 2007-06-25 18:50 2,432 --a------ C:\WINDOWS\wds.dat 2007-06-25 18:50 1,680 --a------ C:\WINDOWS\rmt.dat 2007-06-25 18:44 2007-06-25 18:43 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-25 18:43 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-25 18:43 2007-06-25 18:42 2007-06-25 18:22 2007-06-25 18:21 2007-06-25 10:09 2007-06-24 19:46 2007-06-24 19:45 2007-06-24 13:38 2007-06-24 13:13 96,374 --a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\firstlsp.reg.dat 2007-06-23 15:43 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-06-23 15:43 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-23 15:43 2007-06-23 15:32 2007-06-23 09:51 2007-06-21 10:13 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-06-21 10:13 2007-06-21 09:25 2007-06-21 09:25 2007-06-21 09:25 2007-06-20 18:25 2007-06-20 17:56 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-20 16:45 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-06-20 16:45 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-06-20 16:45 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-06-20 16:45 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-06-20 16:45 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-06-20 16:45 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-06-20 16:45 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-06-20 16:45 2007-06-18 19:40 2007-06-17 21:12 2007-06-15 10:17 2007-06-15 10:16 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll 2007-06-15 10:16 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2007-06-15 10:16 2007-06-15 10:16 2007-06-15 10:13 2007-06-14 20:02 2007-06-14 20:02 2007-06-14 20:02 2007-06-13 09:46 144,896 --------- C:\WINDOWS\system32\schannel.dll 2007-06-07 14:35 491,520 --a------ C:\WINDOWS\system32\lkVCDimager.dll 2007-06-07 14:35 2007-06-06 18:36 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll 2007-06-06 17:10 2007-06-06 16:31 1,004 --a------ C:\WINDOWS\unins000.dat 2007-06-05 21:18 2007-06-05 17:49 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2007-06-05 17:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-06-05 17:49 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-06-05 17:49 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-06-05 17:49 2007-06-05 17:48 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2007-06-05 17:48 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2007-06-05 17:48 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2007-06-05 17:42 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll 2007-06-05 17:42 2007-06-04 21:21 2007-05-31 18:54 2007-05-31 18:39 41 --a------ C:\WINDOWS\system32\bbafadcf4_s.dll 2007-05-31 09:48 2007-05-31 09:44 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 17:55:21 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Skype 2007-06-14 16:54:01 -------- d-----w C:\Program Files\Elaborate Bytes 2007-06-14 14:48:37 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Real 2007-06-11 19:29:10 81,410 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-11 19:29:10 462,734 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-05 08:01:21 -------- d-----w C:\Program Files\ATITool 2007-05-23 07:13:05 1,300 ----a-w C:\WINDOWS\system32\tmp.reg 2007-05-22 08:00:42 -------- d-----w C:\Program Files\Styler 2007-05-22 08:00:38 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Styler 2007-05-21 16:54:19 -------- d-----w C:\Program Files\Blaero Start Orb 2007-05-21 16:54:18 -------- d-----w C:\Program Files\VisualTooltip 2007-05-21 16:54:18 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Stardock 2007-05-21 16:54:08 -------- d-----w C:\Program Files\LClock 2007-05-20 14:21:00 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\ATI 2007-05-20 14:03:02 2,155 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-05-20 14:03:01 38,643 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-05-20 11:29:03 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Uniblue 2007-05-16 15:18:58 683,520 ------w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 16:09:18 -------- d-----w C:\Program Files\TGTSoft 2007-05-14 18:59:01 -------- d-----w C:\Program Files\Microsoft Works 2007-05-14 18:58:45 -------- d-----w C:\Program Files\Microsoft Visual Studio 8 2007-05-12 14:00:32 -------- d-----w C:\Program Files\Foxit Software 2007-05-10 10:59:06 -------- d-----w C:\Program Files\Outlook Express Email Saver 2007-05-10 10:58:06 -------- d-----w C:\Program Files\IE7pro 2007-05-09 17:54:35 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Ashampoo Photo Commander 5 2007-05-08 18:29:27 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-02 18:44:59 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Ashampoo 2007-04-23 08:05:14 100,482 ------w C:\WINDOWS\UninstallThunderbird.exe 2007-04-23 08:05:08 15,749 ------w C:\WINDOWS\mozver.dat 2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-04-20 17:10:44 -------- d-----w C:\DOCUME~1\oem-pl\DANEAP~1\Nokia 2007-04-20 16:28:38 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-20 15:41:55 682,232 ------w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-11 10:07:44 -------- d-----w C:\Program Files\IrfanView 2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll 2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll 2007-03-22 19:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll 2007-03-21 20:57:31 2,560 ------w C:\WINDOWS_MSRSTRT.EXE 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat 2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ------w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ------w C:\WINDOWS\system32\win32k.sys 2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-09-06 08:18] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 01:48] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2004-10-15 19:40] “WinPatrol”=“C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe” [2007-04-19 19:33] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 22:59] “osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2006-09-06 04:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-03-23 13:52] “Spamihilator”=“C:\Program Files\Spamihilator\spamihilator.exe” [2007-01-24 15:49] “PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “PcSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=“C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [2006-10-27 01:48] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk] backup=C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk] backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NaturalColorLoad.lnk] backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^oem-pl^Menu Start^Programy^Autostart^Blaero Start Orb.lnk] backup=C:\WINDOWS\pss\Blaero Start Orb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^oem-pl^Menu Start^Programy^Autostart^NaturalColorLoad.lnk] backup=C:\WINDOWS\pss\NaturalColorLoad.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^oem-pl^Menu Start^Programy^Autostart^Trend Micro Anti-Spyware.lnk] backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^oem-pl^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] E:\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionViewPort] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] C:\Program Files\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger] MSMSGS [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] “C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeaMonkey Quick Launch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Program Files\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe *Newly Created Service* -COMHOST *Newly Created Service* -ERASERUTILDRVI2 *Newly Created Service* -SPBBCDRV Contents of the ‘Scheduled Tasks’ folder 2007-06-25 17:09:41 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - oem-pl.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-25 19:55:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ******************************************************************** Completion time: 2007-06-25 19:56:12 — E O F —