Hijack 2 napisał(a):Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:39, on 2007-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ProgramyAd-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
e:\programy\Diskeeper Lite\DKService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
E:\programy\Gadu-Gadu\gg.exe
E:\programy\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\opera\Opera.exe
E:\programy\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\programy\FlashGet\jccatch.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - e:\Programy\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\programy\FlashGet\getflash.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\programy\FLASHGET\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - e:\programy\steganos internet anonym 2006\sia2006iep.dll
O3 - Toolbar: Get Anonymous - {8892C699-6978-4DD9-8EB2-951C93DB4F62} - E:\Programy\GetAnonymous 2.2 Professional\IEToolBar.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - e:\Programy\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] E:\programy\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "E:\programy\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "E:\programy\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "E:\programy\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "E:\programy\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - e:\Programy\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - e:\Programy\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {5ECC1EE8-8F08-4CA8-8255-ABC24867227F} (GBNetris Control) - http://www.gamebonus.com/dngame/gbnetris.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A9F13-FB8A-45D3-8CAE-8CC5BF6FFA5C}: NameServer = 194.204.52.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5F0915-8A04-49C3-AD21-9633FDE0C37B}: NameServer = 194.204.52.34,217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\ProgramyAd-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - e:\programy\Diskeeper Lite\DKService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\programy\nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 12003 bytes
combofix napisał(a):ComboFix 07-08-25.2 - "0pako0" 2007-08-26 21:20:18.1 - FAT32x86
BĄd wejcia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
BĄd wejcia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{44D36~1
C:\Program Files\network monitor
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\hosts
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\4qJ1I08c.exe
C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\Tasks.\At11.job
C:\WINDOWS\Tasks.\At12.job
C:\WINDOWS\Tasks.\At23.job
C:\WINDOWS\Tasks.\At24.job
C:\WINDOWS\Tasks.\At3.job
C:\WINDOWS\Tasks.\At4.job
C:\WINDOWS\Tasks.\At5.job
C:\WINDOWS\Tasks.\At6.job
C:\WINDOWS\Tasks.\At7.job
C:\WINDOWS\Tasks.\At8.job
C:\WINDOWS\Tasks.\At9.job
C:\WINDOWS\teller2.chk
C:\WINDOWS\uninstall_nmon.vbs
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-26 21:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 17:14 <DIR> d-------- C:\DOCUME~1\0pako0\APPLIC~1\Uniblue
2007-08-26 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-26 09:36 <DIR> d-------- C:\Program Files\HDD Regenerator
2007-08-26 08:10 <DIR> d--hs---- C:\FOUND.002
2007-08-25 16:54 <DIR> d--hs---- C:\FOUND.001
2007-08-21 14:22 <DIR> d-------- C:\DOCUME~1\0pako0\APPLIC~1\Expressivo
2007-08-20 18:47 <DIR> d-------- C:\Program Files\GammonEmpire
2007-08-14 14:08 991,232 --a------ C:\WINDOWS\SYSTEM32\NCTVideoCoreM.dll
2007-08-14 14:08 974,848 --a------ C:\WINDOWS\SYSTEM32\mfc70.dll
2007-08-14 14:08 90,112 --a------ C:\WINDOWS\SYSTEM32\NCTAudioFormatSettings3.dll
2007-08-14 14:08 589,824 --a------ C:\WINDOWS\SYSTEM32\NCTVideoView.dll
2007-08-14 14:08 458,752 --a------ C:\WINDOWS\SYSTEM32\NCTAudioPlayer2.dll
2007-08-14 14:08 4,085,904 --a------ C:\WINDOWS\SYSTEM32\wmfdist.exe
2007-08-14 14:08 3,031,040 --a------ C:\WINDOWS\SYSTEM32\NCTVideoTransform.dll
2007-08-14 14:08 294,912 --a------ C:\WINDOWS\SYSTEM32\NCTAVIFile.dll
2007-08-14 14:08 282,624 --a------ C:\WINDOWS\SYSTEM32\NCTQuickTimeFile.dll
2007-08-14 14:08 237,568 --a------ C:\WINDOWS\SYSTEM32\lame_enc.dll
2007-08-14 14:08 2,658,304 --a------ C:\WINDOWS\SYSTEM32\NCTAudioCompress3.dll
2007-08-14 14:08 2,260,992 --a------ C:\WINDOWS\SYSTEM32\NCTVideoCompress.dll
2007-08-14 14:08 196,608 --a------ C:\WINDOWS\SYSTEM32\NCTWMVFile.dll
2007-08-14 14:08 139,264 --a------ C:\WINDOWS\SYSTEM32\NCTVideoPlayer.dll
2007-08-14 14:08 139,264 --a------ C:\WINDOWS\SYSTEM32\NCTVideoFile.dll
2007-08-14 14:08 1,810,432 --a------ C:\WINDOWS\SYSTEM32\NCTAudioCompress2.dll
2007-08-14 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-14 13:55 <DIR> d-------- C:\DOCUME~1\0pako0\APPLIC~1\Ahead
2007-08-14 13:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-14 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-14 13:53 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-08-10 21:41 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-08-08 15:21 <DIR> d-------- C:\Program Files\Zylom Games
2007-08-08 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-08-08 13:26 <DIR> d--hs---- C:\FOUND.000
2007-08-03 18:25 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-08-02 20:59 <DIR> d-------- C:\3gptemp
2007-07-31 18:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-07-31 17:42 <DIR> d-------- C:\Program Files\Secure Surfing Engine
2007-07-29 16:15 <DIR> d-------- C:\DOCUME~1\0pako0\APPLIC~1\Leadertech
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-26 16:13 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-26 16:13 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-25 14:15 6826 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore.bin
2007-07-24 18:30 256 ---hs---- C:\W32CRUSR.SYS
2007-07-24 17:03 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\SorensonMedia
2007-07-24 17:03 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\SorensonMedia
2007-07-24 16:21 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Moyea
2007-07-24 16:21 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Moyea
2007-07-24 15:36 --------- d--h----- C:\DOCUME~1\0pako0\APPLIC~1\FVSTemp
2007-07-24 15:36 --------- d--h----- C:\DOCUME~1\0pako0\APPLIC~1\FVSTemp
2007-07-24 15:29 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2007-07-23 12:08 --------- d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-07-23 12:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-07-23 12:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-07-21 13:07 172032 --a------ C:\WINDOWS\system32\cncs32.dll
2007-07-12 03:33 --------- d-------- C:\Program Files\CoffeeCup Software
2007-07-10 18:32 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Teleca
2007-07-10 18:32 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Teleca
2007-07-10 18:32 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Sony Ericsson
2007-07-10 18:32 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Sony Ericsson
2007-07-10 18:30 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-07-10 17:24 --------- d-------- C:\Program Files\Siemens Data Suite
2007-07-07 22:29 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Cream Software
2007-07-07 22:29 --------- d-------- C:\DOCUME~1\0pako0\APPLIC~1\Cream Software
2007-07-03 19:10 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-07-03 19:10 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-06-30 17:14 --------- d-------- C:\Program Files\GameSpy Arcade
2007-06-30 13:45 52736 --a------ C:\WINDOWS\ipuninst.exe
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-06-26 14:12 972072 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-30 18:15 348160 --a------ C:\WINDOWS\system32\SDL_ttf.dll
2006-08-04 16:21 271 ---hs---- C:\Program Files\desktop.ini
2006-08-04 16:21 23453 ---h----- C:\Program Files\folder.htt
1997-10-24 13:20 25088 --a------ C:\WINDOWS\inf\regl3acm.exe
2007-05-02 21:19:44 18,774 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2007-05-02 21:19:40 248 --sh--r C:\WINDOWS\SYSTEM32\2D496249FF.sys
2006-12-19 10:51:56 56 --sh--r C:\WINDOWS\SYSTEM32\FF4962492D.sys
2005-07-29 14:24:26 472 --sha-r C:\WINDOWS\cGFrbw\w3IOvT.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 C:\WINDOWS\SYSTEM32\nvmctray.dll]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="E:\programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"Uniblue RegistryBooster 2"="E:\programy\RegistryBooster 2\RegistryBooster.exe" [2007-08-17 14:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIA2006"="E:\programy\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\CDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\CDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
AutoRun\command- P:\CDCheck.exe
Contents of the 'Scheduled Tasks' folder
2007-08-25 23:01:58 C:\WINDOWS\Tasks\At2.job
2007-08-26 07:01:52 C:\WINDOWS\Tasks\At10.job
2007-08-26 10:01:52 C:\WINDOWS\Tasks\At13.job
2007-08-26 11:01:02 C:\WINDOWS\Tasks\At14.job
2007-08-26 12:01:02 C:\WINDOWS\Tasks\At15.job
2007-08-26 13:01:58 C:\WINDOWS\Tasks\At16.job
2007-08-26 14:01:56 C:\WINDOWS\Tasks\At17.job
2007-08-26 15:02:00 C:\WINDOWS\Tasks\At18.job
2007-08-26 16:02:04 C:\WINDOWS\Tasks\At19.job
2007-08-26 17:01:02 C:\WINDOWS\Tasks\At20.job
2007-08-26 18:01:02 C:\WINDOWS\Tasks\At21.job
2007-08-26 19:01:02 C:\WINDOWS\Tasks\At22.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 21:23:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 21:24:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 21:24
--- E O F ---
