“kris” - 2007-06-24 11:32:30 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 ))))))))))))))))))))))))))))))) 2007-06-24 11:32 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-23 22:27 671 --a------ C:\WINDOWS\mozver.dat 2007-06-23 21:43 2007-06-23 21:42 2007-06-23 16:26 2007-06-21 22:24 2007-06-21 22:12 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-06-21 22:12 2007-06-21 22:11 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll 2007-06-21 22:11 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-06-21 22:11 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll 2007-06-21 22:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-06-21 22:10 2007-06-21 22:08 2007-06-21 22:06 2007-06-21 21:57 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-06-21 21:57 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-06-21 21:57 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-06-21 21:57 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-06-21 21:57 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-06-21 21:57 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-06-21 21:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-06-21 21:56 120,392 --a------ C:\WINDOWS\hpoins11.dat 2007-06-21 21:56 2007-06-20 11:56 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-06-20 09:43 2007-06-20 09:38 2007-06-19 16:58 2007-06-19 16:58 2007-06-19 16:50 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-06-19 13:18 2,277,376 --a------ C:\WINDOWS\system32\ntoskvs1.exe 2007-06-19 12:30 2,275,840 --a------ C:\WINDOWS\system32\NewBoot.exe 2007-06-19 12:28 2007-06-19 11:05 2007-06-19 11:04 2007-06-19 11:03 2007-06-19 10:59 220,672 --a------ C:\WINDOWS\system32\logon.scr 2007-06-19 10:58 2007-06-19 10:30 26,877,440 --a------ C:\shell32.dll 2007-06-19 09:26 2007-06-19 09:22 2007-06-19 09:22 2007-06-19 09:22 2007-06-19 09:22 2007-06-19 09:19 81,920 --a------ C:\WINDOWS\system32\closeapp.exe 2007-06-19 09:19 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2007-06-19 09:19 19,968 --a------ C:\WINDOWS\system32\reico.exe 2007-06-19 09:19 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2007-06-19 09:19 2007-06-19 09:14 2007-06-18 08:34 2007-06-13 12:01 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2007-06-13 12:01 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll 2007-06-13 12:01 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2007-06-13 12:01 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2007-06-13 12:01 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll 2007-06-13 12:01 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll 2007-06-13 12:01 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll 2007-06-13 12:01 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll 2007-06-13 12:01 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll 2007-06-13 12:01 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll 2007-06-13 12:01 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll 2007-06-13 12:01 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll 2007-06-13 12:01 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll 2007-06-13 12:01 6,144 --a------ C:\WINDOWS\system32\kbd101.dll 2007-06-13 12:01 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll 2007-06-13 12:01 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2007-06-13 12:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll 2007-06-13 12:00 76,288 --a------ C:\WINDOWS\system32\uniime.dll 2007-06-13 12:00 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll 2007-06-13 11:59 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-06-13 11:59 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-06-13 11:59 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-06-13 11:59 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-06-13 11:59 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-06-13 11:59 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-06-11 21:47 2007-06-11 21:47 2007-06-11 10:17 2007-06-11 09:42 2007-06-10 14:15 2007-06-10 14:04 2007-06-10 13:55 2007-06-10 13:41 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-06-10 13:41 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-06-10 01:48 2007-06-09 10:38 2007-06-09 09:54 2007-06-08 15:17 2007-06-08 15:17 2007-06-08 15:10 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-06-08 15:10 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-08 15:10 2007-06-08 14:44 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-08 14:43 2007-06-08 14:43 2007-06-08 13:38 336 --a------ C:\WINDOWS\system32\tablet.dat 2007-06-08 13:37 8,138 --------- C:\WINDOWS\system32\drivers\PenClass.sys 2007-06-08 13:37 729,088 --------- C:\WINDOWS\system32\Tablet.exe 2007-06-08 13:37 44,544 --------- C:\WINDOWS\system32\TabHook.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-09 16:37:50 74,450 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-09 16:37:50 448,348 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-02 18:27:58 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-29 17:31:30 -------- d-----w C:\Program Files\Usługi online 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-16 11:03] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-08-14 08:00 C:\WINDOWS\RTHDCPL.exe] “nwiz”=“nwiz.exe” [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41] “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2002-12-02 20:56] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22] “Flashget”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-05-16 15:02] “Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2007-04-05 14:57] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] “LClock”=“C:\Program Files\LClock\LClock.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Konnekt”=“C:\Program Files\Konnekt\konnekt.exe” [2005-05-24 23:41] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29] “WhatPulse”=“C:\Program Files\WhatPulse\WhatPulse.exe” [2006-08-21 19:48] “NETIANET”=“C:\Program Files\Netia\Net\netianet.exe” [2007-02-12 15:02] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “NETIANET”=C:\Program Files\Netia\Net\netianet.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{79955e02-0e22-11dc-9948-806d6172696f}] AutoRun\command- D:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{940d474f-0e0f-11dc-99ac-806d6172696f}] AutoRun\command- D:\ncd.exe Contents of the ‘Scheduled Tasks’ folder 2007-06-05 17:42:41 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-24 11:33:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-24 11:34:04 — E O F —