"~Admin~" - 2007-07-07 15:16:43 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 ))))))))))))))))))))))))))))))) 2007-07-06 19:01 d-------- C:\Program Files\AutoConnect 2007-07-05 19:13 d--h----- C:\WINDOWS\$hf_mig$ 2007-07-04 15:59 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2007-07-03 01:46 d-------- C:\Program Files\Virtual Hottie 2 2007-07-01 18:01 d-------- C:\Program Files\Odkurzacz 2007-06-29 21:07 d-------- C:\WINDOWS\setup.pss 2007-06-29 21:06 d-------- C:\WINDOWS\setupupd 2007-06-29 21:03 137,216 --a------ C:\WINDOWS\regedit.exe 2007-06-29 20:40 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-06-29 20:40 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-06-29 20:40 d-------- C:\Program Files\Kaspersky Lab 2007-06-29 20:40 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab 2007-06-29 20:32 d-------- C:\WINDOWS\CSC 2007-06-29 20:18 75,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-06-29 20:18 3,474,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-06-29 17:50 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 14:43 d-------- C:\Program Files\SuperTux 2007-06-17 17:30 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-06-17 17:30 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-06-17 17:30 77 --a------ C:\WINDOWS\system32\winitn.dll 2007-06-17 17:30 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-06-17 17:30 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-06-17 17:30 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-06-17 17:30 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-06-17 17:30 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-06-17 17:30 1 --a------ C:\WINDOWS\sslzdlt.dat 2007-06-17 17:30 d-------- C:\Program Files\AML Products 2007-06-16 23:52 d-------- C:\Program Files\MP3Gain 2007-06-15 21:56 d-------- C:\Program Files\HLTooLz 2007-06-10 18:31 d-------- C:\Program Files\AMX Mod X 2007-06-07 15:50 d-------- C:\Program Files\Passage3 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 13:09:54 -------- d-----w C:\DOCUME~1\~Admin~\DANEAP~1\Hamachi 2007-07-07 11:36:26 80,664 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-07 11:36:26 461,238 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-06 18:25:01 -------- d-----w C:\Program Files\Valve 2007-07-06 17:20:36 -------- d-----w C:\Program Files\Neostrada TP 2007-07-04 17:17:18 -------- d-----w C:\Program Files\sXe Injected 2007-07-04 17:16:34 -------- d-----w C:\Program Files\GetRight 2007-07-04 16:58:20 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-07-01 16:12:53 -------- d-----w C:\Program Files\SpeedFan 2007-07-01 16:12:53 -------- d-----w C:\Program Files\IrfanView 2007-07-01 16:12:53 -------- d-----w C:\Program Files\BitComet 2007-07-01 16:12:52 -------- d-----w C:\Program Files\Teamspeak2_RC2 2007-06-29 20:37:28 -------- d-----w C:\DOCUME~1\~Admin~\DANEAP~1\Real 2007-06-29 18:10:44 -------- d-----w C:\Program Files\Winamp 2007-06-29 18:10:38 -------- d-----w C:\Program Files\SHOUTcast 2007-06-29 15:01:33 -------- d-----w C:\Program Files\CCleaner 2007-06-15 19:56:33 249,856 ------w C:\WINDOWS\Setup1.exe 2007-06-15 19:56:29 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-06-09 18:19:25 -------- d-----w C:\Program Files\Słownik 2007-06-03 15:24:24 -------- d-----w C:\Program Files\Hamachi 2007-06-03 15:23:05 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-03 15:17:38 -------- d-----w C:\DOCUME~1\~Admin~\DANEAP~1\teamspeak2 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 18:56:21 -------- d-----w C:\Program Files\Astonsoft 2007-05-14 18:46:58 -------- d-----w C:\Program Files\Audacity 2007-05-12 13:42:16 -------- d-----w C:\DOCUME~1\~Admin~\DANEAP~1\Skype 2007-05-10 16:29:51 -------- d-----w C:\Program Files\HURRICANEMU 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2004-05-01 20:11:38 54,272 --sh--w C:\WINDOWS\old_mod_lib.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 12:56] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {85F685C3-20D9-4943-95E4-EB4224056C3F}=C:\Program Files\ivo\Expressivo\IH_iexplore.dll [2007-01-23 14:29] {C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 01:13] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}=C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 05:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 10:50] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 16:22] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40] "Winamp Agent"="C:\Program Files\Winamp\winampa.exe" [2006-08-07 19:24] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-10-13 07:47] "sXe Injected"="C:\Program Files\sXe Injected\sXe Injected.exe" [2007-05-03 06:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-03 14:06] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 08:32] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-10-10 17:51] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-07 15:21:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-07 15:23:32 --- E O F ---