“Karol” - 2007-05-16 22:32:53 Dodatek Service Pack 2 ComboFix 07-05.17.V - Running from: “C:\Documents and Settings\Karol\Pulpit” (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\flxpngdd.dll C:\WINDOWS\system32\gquoqjgw.dll C:\WINDOWS\system32\hbvwbfvv.dll C:\WINDOWS\system32\yoqunsyy.dll C:\WINDOWS\system32\wgjqouqg.ini C:\WINDOWS\system32\vvfbwvbh.ini C:\WINDOWS\system32\yysnuqoy.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 19:05 2007-05-16 18:25 2007-05-15 18:54 2007-05-14 13:16 2007-05-11 16:32 2007-05-11 16:31 2007-05-11 14:44 2007-04-30 14:43 2007-04-30 14:04 2007-04-26 17:32 586,094 —hs---- C:\WINDOWS\system32\vybeg.bak2 2007-04-25 18:43 583,616 —hs---- C:\WINDOWS\system32\vybeg.bak1 2007-04-23 21:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-23 21:33 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-23 21:33 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-04-23 21:33 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 21:33 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-04-23 21:33 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-23 21:33 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-23 21:33 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-23 21:33 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-04-23 21:33 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-23 21:33 2007-04-23 21:33 2007-04-23 21:33 2007-04-23 14:09 2007-04-23 14:09 2007-04-19 17:42 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-04-19 13:23 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-04-19 13:01 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-04-19 13:01 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-04-19 13:01 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-04-19 13:01 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-04-19 13:01 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-04-17 16:38 2007-04-17 13:41 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-16 20:29:34 -------- d-----w C:\Program Files\cFosSpeed 2007-05-16 17:17:21 -------- d-----w C:\Program Files\AutoConnect 2007-05-16 12:12:52 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Azureus 2007-05-15 20:11:51 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-15 20:11:51 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-15 10:56:05 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\foobar2000 2007-05-13 09:00:38 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-13 08:59:10 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-11 12:45:30 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Lavasoft 2007-05-10 16:30:59 -------- d-----w C:\Program Files\G6 FTP Server 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-27 16:31:36 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\SopCast 2007-04-25 11:52:42 -------- d-----w C:\Program Files\IrfanView 2007-04-20 17:36:17 -------- d-----w C:\Program Files\SopCast 2007-04-17 14:36:44 -------- d-----w C:\Program Files\Gadu-Gadu 2007-04-17 11:39:52 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-14 19:32:20 -------- d-----w C:\Program Files\SAGEM 2007-04-10 11:25:00 -------- d-----w C:\Program Files\MSXML 4.0 2007-04-09 13:26:37 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Corel 2007-04-09 13:25:13 -------- d-----w C:\Program Files\Common Files\Corel 2007-04-09 13:24:08 -------- d-----w C:\Program Files\Corel 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll 2007-04-02 17:41:24 4 ----a-w C:\WINDOWS\bytespersecond.dat 2007-03-25 09:38:01 -------- d-----w C:\Program Files\Razer 2007-03-25 09:29:35 -------- d-----w C:\Program Files\VIAudioi 2007-03-25 09:26:48 -------- d-----w C:\Program Files\jv16 PowerTools 2006 2007-03-25 09:25:42 5 --sha-w C:\WINDOWS\system32\fccbcaaf5_s.dll 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-03-15 01:57:15 1,986,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat 2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-03-14 12:45:25 -------- d-----w C:\Program Files\Windows NT 2007-03-14 12:45:20 -------- d-----w C:\Program Files\Movie Maker 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat 2007-03-05 12:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-26 20:56:58 40 ----a-w C:\WINDOWS\ujf635.bin 2007-02-26 20:47:45 376 ----a-w C:\WINDOWS\mozregistry.dat 2007-02-26 19:32:21 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-02-26 19:25:20 13,824 ----a-w C:\WINDOWS_g6uninst.exe 2007-02-26 19:22:15 0 ----a-w C:\WINDOWS\nsreg.dat 2007-02-26 18:21:40 0 --sha-r C:\MSDOS.SYS 2007-02-26 18:21:40 0 --sha-r C:\IO.SYS 2007-02-26 18:21:40 0 ----a-w C:\CONFIG.SYS 2007-02-26 18:21:40 0 ----a-w C:\AUTOEXEC.BAT 2007-02-26 18:17:29 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-02-24 02:55:40 175 ----a-w C:\WINDOWS\system32\Autoexnt.bat 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-07-07 16:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-11-17 12:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 20:27] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 Security Packages kerberos msv1_0 schannel wdigest Notification Packages scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter HTTPFilter LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV NetworkService DnsCache DcomLaunch DcomLaunch TermService rpcss RpcSs imgsvc StiSvc termsvcs TermService WudfServiceGroup WUDFSvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* *newlycreated* -PROCEXP90 ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 22:34:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-16 22:34:51 C:\ComboFix-quarantined-files.txt … 2007-05-16 22:34 — E O F —