"Administrator" - 2007-06-07 16:33:49 Dodatek Service Pack. 1 NTFS ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Administrator\Pulpit\Programy\" ((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 ))))))))))))))))))))))))))))))) 2007-06-03 17:37 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Apple Computer 2007-06-03 17:36 d-------- C:\Program Files\QuickTime 2007-06-03 17:36 d-------- C:\Program Files\iPod 2007-06-03 17:35 d-------- C:\Program Files\Apple Software Update 2007-06-03 17:35 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer 2007-06-01 16:53 d-------- C:\Program Files\NCH Swift Sound 2007-06-01 16:53 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NCH Swift Sound 2007-06-01 16:53 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\RecordPad 2007-06-01 16:53 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\NCH Swift Sound 2007-05-31 19:35 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Help 2007-05-31 19:34 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\uTorrent 2007-05-31 19:12 d-------- C:\Gry 2007-05-31 19:02 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-05-25 23:35 d-------- C:\Program Files\Common Files\xing shared 2007-05-25 23:34 d-------- C:\Program Files\Common Files\Real 2007-05-25 23:34 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Real 2007-05-23 12:25 d-------- C:\Program Files\Zylom Games 2007-05-23 12:25 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Zylom 2007-05-23 12:25 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Zylom 2007-05-22 12:18 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Logitech 2007-05-22 12:14 d-------- C:\Program Files\MUSICMATCH 2007-05-22 12:14 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Musicmatch 2007-05-22 12:13 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll 2007-05-22 12:13 7,680 --a------ C:\WINDOWS\system32\asferror.dll 2007-05-22 12:13 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-05-22 12:13 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-05-22 12:13 248,456 --a------ C:\WINDOWS\system32\mpg4dmod.dll 2007-05-22 12:13 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll 2007-05-22 12:13 208,896 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-22 12:13 20,480 --a------ C:\WINDOWS\system32\wmpui.dll 2007-05-22 12:13 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll 2007-05-22 12:13 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll 2007-05-22 12:13 2,977,792 --a------ C:\WINDOWS\system32\wmploc.dll 2007-05-22 12:13 190,464 --a------ C:\WINDOWS\system32\wmerror.dll 2007-05-22 12:13 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll 2007-05-22 12:12 51,840 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys 2007-05-22 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-05-22 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-05-22 12:12 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys 2007-05-22 12:12 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2007-05-22 12:12 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-05-22 12:12 d-------- C:\Program Files\Common Files\Logitech 2007-05-22 12:11 68,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-05-22 12:11 55,040 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys 2007-05-22 12:11 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-05-22 12:11 26,112 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-05-21 19:52 d-------- C:\DOCUME~1\ADMINI~1\AbiSuite 2007-05-21 17:56 d---s---- C:\DOCUME~1\ADMINI~1\UserData 2007-05-21 17:36 d-------- C:\zdjecia 2007-05-21 16:08 14 --a------ C:\DOCUME~1\ADMINI~1\getfile.dat 2007-05-20 20:13 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-05-20 20:13 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-05-20 18:00 d-------- C:\Program Files\Skype 2007-05-20 18:00 d-------- C:\Program Files\Common Files\Skype 2007-05-20 18:00 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Skype 2007-05-20 17:59 14 --a------ C:\WINDOWS\system32\getfile.dat 2007-05-20 17:59 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype 2007-05-20 17:52 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\SopCast 2007-05-20 17:45 d-------- C:\Program Files\Common Files\NSV 2007-05-20 17:43 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-05-20 17:43 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-05-20 17:43 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-05-20 17:43 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-05-20 17:43 d-------- C:\Program Files\Winamp 2007-05-20 14:40 d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Gadu-Gadu 2007-05-20 14:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-20 14:32 dr-hsc--- C:\WINDOWS\system32\dllcache 2007-05-20 14:32 dr--s---- C:\WINDOWS\Fonts 2007-05-20 14:32 dr------- C:\WINDOWS\Web 2007-05-20 14:32 d--h----- C:\WINDOWS\inf 2007-05-20 14:32 d-------- C:\WINDOWS\WinSxS 2007-05-20 14:32 d-------- C:\WINDOWS\twain_32 2007-05-20 14:32 d-------- C:\WINDOWS\system32\wins 2007-05-20 14:32 d-------- C:\WINDOWS\system32\wbem 2007-05-20 14:32 d-------- C:\WINDOWS\system32\usmt 2007-05-20 14:32 d-------- C:\WINDOWS\system32\spool 2007-05-20 14:32 d-------- C:\WINDOWS\system32\ShellExt 2007-05-20 14:32 d-------- C:\WINDOWS\system32\Setup 2007-05-20 14:32 d-------- C:\WINDOWS\system32\ras 2007-05-20 14:32 d-------- C:\WINDOWS\system32\oobe 2007-05-20 14:32 d-------- C:\WINDOWS\system32\npp 2007-05-20 14:32 d-------- C:\WINDOWS\system32\mui 2007-05-20 14:32 d-------- C:\WINDOWS\system32\inetsrv 2007-05-20 14:32 d-------- C:\WINDOWS\system32\IME 2007-05-20 14:32 d-------- C:\WINDOWS\system32\icsxml 2007-05-20 14:32 d-------- C:\WINDOWS\system32\ias 2007-05-20 14:32 d-------- C:\WINDOWS\system32\export 2007-05-20 14:32 d-------- C:\WINDOWS\system32\drivers\etc 2007-05-20 14:32 d-------- C:\WINDOWS\system32\drivers\disdn 2007-05-20 14:32 d-------- C:\WINDOWS\system32\drivers 2007-05-20 14:32 d-------- C:\WINDOWS\system32\dhcp 2007-05-20 14:32 d-------- C:\WINDOWS\system32\config 2007-05-20 14:32 d-------- C:\WINDOWS\system32\3com_dmi 2007-05-20 14:32 d-------- C:\WINDOWS\system32\3076 2007-05-20 14:32 d-------- C:\WINDOWS\system32\2052 2007-05-20 14:32 d-------- C:\WINDOWS\system32\1054 2007-05-20 14:32 d-------- C:\WINDOWS\system32\1045 2007-05-20 14:32 d-------- C:\WINDOWS\system32\1042 2007-05-20 14:32 d-------- C:\WINDOWS\system32\1041 2007-05-20 14:32 d-------- C:\WINDOWS\system32\1037 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-31 14:55:10 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-31 14:55:10 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-20 10:45:57 -------- d-----w C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 20:12] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-10 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [] "VTTrayp"="VTtrayp.exe" [] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\SOUNDMAN.EXE] "SMSERIAL"="sm56hlpr.exe" [] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24] "!AVG Anti-Spyware"="C:\Programy\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20] "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "adiras"="adiras.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-25 23:34] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Programy\iTunes\iTunesHelper.exe" [2007-05-26 12:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05] "Gadu-Gadu"="C:\Programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "SUPERAntiSpyware"="C:\Programy\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-06 21:16] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programy\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programy\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programy\SUPERAntiSpyware\SASWINLO.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-03 15:35:46 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-07 16:34:41 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-07 16:35:12 --- E O F ---