“TM” - 07-04-24 20:37:22 Dodatek Service Pack 2 ComboFix 07-04-20V - Running from: D:\Software\ ((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 )))))))))))))))))))))))))))))))))) 2007-04-20 22:08 2007-04-19 17:41 3,223,552 --a------ C:\DOCUME~1\TM\ntuser.dat 2007-04-08 09:28 112,640 --a------ C:\WINDOWS\lsb_un20.exe 2007-04-08 09:28 2007-03-25 08:44 52,765 --a------ C:\WINDOWS\system32\csras.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-24 18:53 -------- d-------- C:\Program Files\emule 2007-04-20 18:51 49492 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-20 18:51 355486 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-18 18:16 733824 --a------ C:\WINDOWS\system32\aswboot.exe 2007-04-18 18:12 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 18:12 85952 --a–c— C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 18:10 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 18:09 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 18:07 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 18:06 90112 --a------ C:\WINDOWS\system32\avastss.scr 2007-04-16 20:51 -------- d-------- C:\Program Files\java 2007-04-08 18:58 -------- d-------- C:\Program Files\ffdshow 2007-03-26 19:06 -------- d-------- C:\Program Files\napi-projekt 2007-01-28 12:54 19552 --a------ C:\DOCUME~1\TM\DANEAP~1\gdipfontcachev1.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\ 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\ 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\ 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00 “nlhr”=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\ 6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\ 2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\ 52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00 “tscuninstall”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoDesktopCleanupWizard”=dword:00000001 “ForceClassicControlPanel”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoInternetIcon”=dword:00000000 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“FreeCall” “hkey”=“HKCU” “command”="“C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-24 20:39:15 C:\ComboFix-quarantined-files.txt … 07-04-24 20:39 C:\ComboFix2.txt … 07-04-23 21:08 C:\ComboFix3.txt … 07-04-23 17:34