ComboFix 07-12-04.3 - Karol 2007-12-06 17:50:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.623 [GMT 1:00] Running from: C:\Documents and Settings\Karol\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Karol\Pulpit\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\codcuhep.ini C:\WINDOWS\system32\frigltcj.ini C:\WINDOWS\system32\lrtbtufp.ini C:\WINDOWS\system32\luujmxmo.ini C:\WINDOWS\system32\xagwaseh.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\codcuhep.ini C:\WINDOWS\system32\frigltcj.ini C:\WINDOWS\system32\lrtbtufp.ini C:\WINDOWS\system32\luujmxmo.ini C:\WINDOWS\system32\xagwaseh.ini . ((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))) . 2007-12-05 18:44 . 2007-12-05 18:50 2007-12-05 17:11 . 2007-12-05 17:12 2007-12-05 17:11 . 2007-12-05 17:11 2007-12-04 23:17 . 2007-12-04 23:17 2007-12-02 13:33 . 2007-12-02 13:33 2007-12-02 13:32 . 2007-12-02 13:35 2007-12-02 13:32 . 2007-12-02 13:32 2007-12-02 13:32 . 2007-12-02 13:32 268 --ah----- C:\sqmdata00.sqm 2007-12-02 13:32 . 2007-12-02 13:32 244 --ah----- C:\sqmnoopt00.sqm 2007-12-01 21:20 . 2007-12-01 21:20 2007-12-01 20:58 . 2007-12-01 20:58 2007-12-01 20:44 . 2007-12-01 20:45 2007-11-29 18:23 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-11-29 18:23 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-29 18:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-29 18:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-29 18:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-11-29 18:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-29 18:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-29 18:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-29 18:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-29 18:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-27 19:06 . 2007-12-05 21:37 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-27 19:06 . 2007-12-05 21:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-27 19:05 . 2007-11-27 19:05 2007-11-27 19:05 . 2007-11-27 23:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-27 18:25 . 2007-11-30 20:48 2007-11-26 23:49 . 2007-12-05 20:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-26 23:49 . 2007-11-26 23:49 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-26 23:43 . 2007-11-26 23:44 2007-11-26 23:43 . 2007-11-26 23:43 2007-11-26 23:43 . 2007-11-26 23:43 2007-11-26 23:43 . 2007-11-26 23:43 2007-11-26 21:12 . 2007-11-26 21:12 252 --a------ C:\WINDOWS\game.ini 2007-11-26 20:07 . 2007-11-26 20:07 2007-11-26 19:44 . 2007-11-26 19:45 2007-11-26 19:44 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-11-25 19:24 . 2007-11-25 19:24 2007-11-25 15:21 . 2007-11-25 15:21 2007-11-25 15:21 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-25 15:19 . 2007-11-25 15:19 2007-11-23 19:48 . 2007-10-25 17:44 8,488,960 -----c— C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-23 19:47 . 2007-07-09 14:20 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-23 19:47 . 2007-04-02 07:37 546,304 -----c— C:\WINDOWS\system32\dllcache\hhctrl.ocx 2007-11-22 21:06 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-21 21:26 . 2007-11-29 22:40 2007-11-21 21:21 . 2007-11-21 21:21 2007-11-21 20:47 . 2007-12-05 21:03 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-21 20:42 . 2007-11-25 15:51 1,542 --a------ C:\WINDOWS\mozver.dat 2007-11-21 20:36 . 2007-11-21 20:36 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-21 20:22 . 2007-11-29 22:39 2007-11-21 20:22 . 2007-11-21 20:22 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-11-21 20:20 . 2007-11-21 20:20 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-21 20:20 . 2007-11-21 20:20 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6877.sys 2007-11-21 20:19 . 2007-11-21 20:19 2007-11-21 20:19 . 2007-11-21 20:19 2007-11-21 20:19 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-11-21 20:19 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2007-11-21 20:18 . 2007-11-21 20:18 2007-11-21 20:18 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-11-21 20:17 . 2007-11-26 23:44 2007-11-21 20:17 . 2007-01-01 00:00 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-21 20:17 . 2007-01-01 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-21 20:17 . 2007-03-03 23:24 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-21 20:17 . 2007-03-03 23:24 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm 2007-11-21 20:17 . 2007-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-21 20:16 . 2007-11-26 23:43 2007-11-21 20:16 . 2007-11-21 20:16 2007-11-21 20:13 . 2007-11-21 20:13 2007-11-21 20:13 . 2007-11-21 20:13 2007-11-21 20:13 . 2007-11-23 18:45 2007-11-21 20:13 . 2007-11-22 11:57 2007-11-21 20:13 . 2007-11-21 20:13 2007-11-21 20:13 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-21 20:11 . 2007-11-21 20:11 2007-11-21 20:11 . 2007-11-21 20:11 2007-11-21 20:10 . 2007-11-21 20:10 2007-11-21 20:09 . 2007-11-21 20:10 2007-11-21 20:09 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-11-21 20:05 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-11-21 20:04 . 2006-09-13 19:18 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-11-21 20:04 . 2006-09-13 19:15 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-11-21 20:03 . 2007-11-21 20:04 2007-11-21 20:03 . 2007-11-21 20:04 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-12-05 18:55 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-11-21 19:09 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-11-21 20:02 2007-11-21 20:02 . 2007-12-05 18:50 2007-11-21 20:02 . 2007-12-05 18:53 2007-11-21 20:02 . 2007-11-30 00:20 2007-11-21 20:01 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-11-21 20:01 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-11-21 20:01 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-11-21 20:01 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 17:48 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-21 19:09 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-21 18:59 --------- d-----w C:\Program Files\Realtek 2007-11-21 18:58 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-21 18:39 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-11-21 18:11 --------- d-----w C:\Program Files\Usługi online 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-05_18.55.02.45 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-06 16:41:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-08-14 07:00 C:\WINDOWS\RTHDCPL.exe] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2006-11-02 07:55] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 15:57] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sqogatuj] sqogatuj.dll S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . Contents of the ‘Scheduled Tasks’ folder “2007-12-05 20:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 17:51:00 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-06 17:51:26 C:\ComboFix2.txt … 2007-12-05 18:55 . — E O F —