"kepa" - 2007-05-17 22:11:03 Dodatek Service Pack 2
ComboFix 07-05.17.6.V - Running from: "D:\zassane"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-17 ))))))))))))))))))))))))))))))))))
2007-05-17 21:58 <DIR> d-------- C:\WINDOWS\pss
2007-05-17 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\GRETECH
2007-05-17 19:54 <DIR> d-------- C:\Program Files\GRETECH
2007-05-17 19:54 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\GRETECH
2007-05-17 19:46 <DIR> d-------- C:\Program Files\Webteh
2007-05-17 19:38 <DIR> d-------- C:\Program Files\MarBit
2007-05-16 19:03 <DIR> d-------- C:\Program Files\Light StartUp
2007-05-16 19:03 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\Light StartUp
2007-05-16 18:49 <DIR> d-------- C:\Program Files\eMule
2007-05-16 16:56 73,928 --a------ C:\WINDOWS\system32\dmcompod.dll
2007-05-16 16:56 52,424 --a------ C:\WINDOWS\system32\dmloaded.dll
2007-05-16 16:56 41,160 --a------ C:\WINDOWS\system32\dmbandd.dll
2007-05-16 16:56 359,624 --a------ C:\WINDOWS\system32\dinput8d.dll
2007-05-16 16:56 342,888 --a------ C:\WINDOWS\system32\d3dref9.dll
2007-05-16 16:56 30,920 --a------ C:\WINDOWS\system32\dswaved.dll
2007-05-16 16:56 3,799,400 --a------ C:\WINDOWS\system32\d3dx9d_33.dll
2007-05-16 16:56 3,087,208 --a------ C:\WINDOWS\system32\d3d9d.dll
2007-05-16 16:56 248,008 --a------ C:\WINDOWS\system32\d3dref8.dll
2007-05-16 16:56 240,328 --a------ C:\WINDOWS\system32\dmimed.dll
2007-05-16 16:56 134,344 --a------ C:\WINDOWS\system32\dmusicd.dll
2007-05-16 16:56 117,448 --a------ C:\WINDOWS\system32\dmstyled.dll
2007-05-16 16:56 115,912 --a------ C:\WINDOWS\system32\dmscripd.dll
2007-05-16 16:56 112,840 --a------ C:\WINDOWS\system32\dmsynthd.dll
2007-05-16 16:56 106,696 --a------ C:\WINDOWS\system32\d3dref.dll
2007-05-16 16:56 1,390,792 --a------ C:\WINDOWS\system32\d3d8d.dll
2007-05-16 16:56 <DIR> d-------- C:\Program Files\Common Files\aliaswavefront shared
2007-05-16 16:56 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-05-16 16:49 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-05-16 16:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-16 16:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-05-16 16:49 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-05-16 16:49 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-05-16 16:49 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-05-16 16:49 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-05-16 16:49 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-05-16 16:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-16 16:49 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-05-16 16:49 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-05-16 16:49 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-05-16 16:49 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (April 2007)
2007-05-15 21:13 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-05-15 20:43 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\IDM
2007-05-15 20:43 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\DMCache
2007-05-12 01:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-12 01:42 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-12 01:42 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-12 01:39 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\Real
2007-05-12 01:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-05-11 19:31 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\Nokia Multimedia Player
2007-05-10 21:17 <DIR> d-------- C:\Program Files\Common Files\LogoManager
2007-05-10 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-05-10 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-05-10 18:43 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-05-10 18:43 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-05-10 18:42 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-05-10 18:42 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-05-10 18:42 <DIR> d-------- C:\Program Files\Nokia
2007-05-10 17:23 <DIR> d-------- C:\DOCUME~1\kepa\Phone Browser
2007-05-10 17:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Suite
2007-05-10 17:11 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\Nokia
2007-05-10 17:07 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-05-10 17:07 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\PC Suite
2007-05-10 17:06 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-05-10 17:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-10 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Installations
2007-05-09 22:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-08 21:50 983,040 --a------ C:\WINDOWS\system32\aacenc32.dll
2007-05-08 21:50 1,097,728 --a------ C:\WINDOWS\system32\NeroIPP.dll
2007-05-08 21:50 <DIR> d-------- C:\Program Files\motoTunes
2007-05-04 23:23 <DIR> d-------- C:\Program Files\MSBuild
2007-05-04 22:40 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-05-04 22:40 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-04 22:40 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-04 22:40 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-04 22:40 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-04 22:40 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-04 22:40 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-04 22:40 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-04 22:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-04 13:43 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-05-04 13:33 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-05-03 23:43 <DIR> d-------- C:\Program Files\iTunes
2007-05-03 23:43 <DIR> d-------- C:\Program Files\iPod
2007-05-03 23:39 <DIR> d-------- C:\Program Files\QuickTime
2007-04-29 22:50 <DIR> d-------- C:\Program Files\DivX
2007-04-24 20:50 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\GanymedeNet
2007-04-24 20:48 <DIR> d-------- C:\Program Files\Ganymede
2007-04-24 15:41 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\MusicIP
2007-04-23 20:38 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-04-23 20:30 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\AltrixSoft
2007-04-19 21:27 <DIR> d-------- C:\Program Files\AutoConnect
2007-04-18 07:31 <DIR> d-------- C:\DOCUME~1\kepa\DANEAP~1\Gadu-Gadu
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-17 20:33:50 -------- d-----w C:\Program Files\XoftSpy
2007-05-16 18:17:00 -------- d-----w C:\Program Files\Winamp
2007-05-15 22:14:12 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\Hamachi
2007-05-12 00:44:38 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-12 00:33:39 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\uTorrent
2007-05-03 22:45:07 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\Apple Computer
2007-05-03 22:31:12 -------- d-----w C:\Program Files\Apple Software Update
2007-05-02 19:07:37 -------- d-----w C:\Program Files\Gadu-Gadu
2007-04-29 21:50:30 4,444 ----a-w C:\WINDOWS\mozver.dat
2007-04-15 13:49:47 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-15 11:36:00 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\Lavasoft
2007-04-13 16:10:41 75,486 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-04-13 16:10:41 451,352 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-04-10 18:16:15 -------- d-----w C:\Program Files\PhotoFiltre
2007-04-09 13:33:57 -------- d-----w C:\Program Files\InstallShield Installation Information
2007-04-09 01:26:50 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\Media Player Classic
2007-04-08 22:52:00 -------- d-----w C:\Program Files\JetAudio
2007-04-07 14:11:32 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-05 16:36:02 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-05 16:12:25 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-04 21:11:53 -------- d-----w C:\Program Files\uTorrent
2007-04-04 11:21:58 -------- d-----w C:\Program Files\ZTE ZXDSL 852
2007-04-03 17:17:49 -------- d-----w C:\Program Files\Common Files\DirectX
2007-04-03 17:12:27 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-03 15:14:23 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-04-02 17:50:47 -------- d-----w C:\Program Files\hp deskjet 3820 series
2007-04-01 11:49:40 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2007-03-31 16:57:58 287 ----a-w C:\WINDOWS\EReg072.dat
2007-03-31 16:49:04 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-31 10:42:04 4 ----a-w C:\WINDOWS\system32\proc843682063.bin
2007-03-29 19:40:36 -------- d-----w C:\Program Files\Microsoft Works
2007-03-27 13:54:14 -------- d-----w C:\Program Files\Messenger
2007-03-24 16:39:10 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\COWON
2007-03-24 16:38:04 -------- d-----w C:\Program Files\Common Files\COWON
2007-03-24 16:28:38 208,384 ----a-w C:\WINDOWS\ADS.exe
2007-03-23 15:51:58 -------- d-----w C:\Program Files\Media Player Classic
2007-03-18 12:52:56 86,528 ----a-w C:\WINDOWS\bnetunin.exe
2007-03-18 12:52:56 61,440 ----a-w C:\WINDOWS\diabswun.exe
2007-03-17 20:45:38 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-17 20:45:33 -------- d-----w C:\DOCUME~1\kepa\DANEAP~1\Talkback
2007-03-17 20:44:07 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-17 20:26:23 100,482 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-03-17 19:11:06 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-17 19:11:01 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-17 18:44:38 -------- d-----w C:\Program Files\C-Media 3D Audio
2007-03-17 18:27:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-17 18:26:47 0 --sh--r C:\MSDOS.SYS
2007-03-17 18:26:47 0 --sh--r C:\IO.SYS
2007-03-17 18:26:47 0 ------w C:\CONFIG.SYS
2007-03-17 18:26:47 0 ------w C:\AUTOEXEC.BAT
2007-03-17 18:23:44 -------- d-----w C:\Program Files\WindowsUpdate
2007-03-17 18:23:35 -------- d-----w C:\Program Files\Usługi online
2007-03-17 18:22:27 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-17 18:22:15 -------- d-----w C:\Program Files\Movie Maker
2007-03-17 18:20:45 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 18:19:49 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-17 18:19:38 -------- d-----w C:\Program Files\Windows NT
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-02-21 20:00:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26 23:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 10:01 C:\WINDOWS\system32\stmctrl.dll]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-01-15 18:28]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 12:12]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoResolveTrack"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000001
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [2006-10-26 23:48]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDSwitchAgent"=""C:\\Program Files\\Softwin\\BitDefender9\\bdswitch.exe""
"BDOESRV"=""C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe""
"BDMCon"=""C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe""
"BDNewsAgent"=""C:\\Program Files\\Softwin\\BitDefender9\"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
WudfServiceGroup WUDFSvc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{847a1b3c-dfa8-11db-bd92-b8a5caadc82e}]
Shell\AutoRun\command F:\AUTORUN.EXE
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2ac18b7-d4b9-11db-a9eb-806d6172696f}]
Shell\AutoRun\command E:\Bin\assetup.exe
*newlycreated* -PROCEXP90
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070517-215444-364
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperHeroSlapdown.dll (file missing)
backup-20070517-215443-608
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program Files\Geek Superhero\GeekSuperHeroBugSwat.dll (file missing)
backup-20070517-215300-887
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
backup-20070517-212128-261
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
backup-20070517-212128-190
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-17 22:13:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-17 22:15:00
C:\ComboFix-quarantined-files.txt ... 2007-05-17 22:15
--- E O F ---
