ComboFix 07-12-15.5 - koolzoli 2007-12-15 14:16:01.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1080 [GMT 1:00] Running from: D:\do naprawy kompa w razie syfu\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 ))))))))))))))))))))))))))))))) . 2007-12-14 19:49 . 2007-12-14 19:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-14 19:49 . 2007-12-14 19:49 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-14 19:11 . 2007-12-14 19:11 2007-12-14 17:14 . 2007-12-14 17:14 2007-12-12 22:57 . 2007-12-12 23:01 2007-12-08 14:02 . 2007-12-08 14:02 2007-12-07 18:16 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-12-07 17:52 . 2007-12-07 19:26 2007-12-07 16:14 . 2007-12-07 16:14 2007-12-07 16:14 . 2007-12-07 16:15 2007-12-05 22:27 . 2007-12-05 22:27 2007-12-05 22:25 . 2007-12-13 11:19 2007-12-05 22:25 . 2007-12-13 10:51 186 --a------ C:\WINDOWS\usdthank.ini 2007-12-05 22:25 . 2007-12-05 22:25 31 --a------ C:\WINDOWS\idc.ini 2007-12-05 22:11 . 2007-12-13 11:19 2007-12-05 19:54 . 2007-12-05 19:54 2007-12-03 21:41 . 2007-12-09 22:10 2007-12-03 21:41 . 2007-12-09 22:07 2007-12-03 21:41 . 2007-12-09 22:07 2007-12-03 17:45 . 2007-12-03 17:45 2007-12-03 17:45 . 2007-12-03 17:45 2007-12-03 15:51 . 2007-12-03 15:51 2007-12-02 22:35 . 2007-12-02 22:35 2007-12-02 22:23 . 2007-12-02 22:23 2007-11-30 23:33 . 2007-11-30 23:33 2007-11-30 23:23 . 2007-11-30 23:23 2007-11-30 23:14 . 2007-11-30 23:14 2007-11-28 20:56 . 2007-12-01 18:20 2007-11-28 19:21 . 2007-11-28 19:32 2007-11-28 19:19 . 2007-12-05 21:34 2007-11-27 17:58 . 2007-11-27 17:58 2007-11-27 17:58 . 2007-11-27 17:58 2,578 --a------ C:\WINDOWS\stsetup.htm 2007-11-26 13:45 . 2007-11-26 13:45 2007-11-25 19:54 . 2007-12-14 22:49 2007-11-25 13:05 . 2007-11-25 13:06 2007-11-24 23:09 . 2007-11-25 13:03 2007-11-24 22:56 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-24 19:01 . 2007-12-14 22:53 2007-11-23 19:54 . 2007-12-07 18:12 314 --a------ C:\WINDOWS\wcx_ftp.ini 2007-11-22 22:31 . 2007-11-22 22:31 126 --a------ C:\WINDOWS\winzipme.ini 2007-11-22 22:30 . 2007-11-22 22:30 2007-11-21 16:56 . 2007-11-25 16:07 2007-11-21 16:56 . 2007-12-07 18:27 1,721 --a------ C:\WINDOWS\wincmd.ini 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\UC.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-21 16:56 . 2006-07-26 06:55 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-21 16:49 . 2007-11-28 18:00 2007-11-18 14:51 . 2007-11-18 14:51 2007-11-15 22:46 . 2007-11-22 12:32 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-15 13:03 --------- d-----w C:\Program Files\AutoConnect 2007-12-14 21:30 --------- d-----w C:\Program Files\Soulseek 2007-12-14 21:01 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\MyPhoneExplorer 2007-12-14 19:20 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-12 22:58 6,735,360 ----a-w C:\WINDOWS\system32\logonuiX.exe 2007-12-07 17:15 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\ATI 2007-12-07 15:22 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Skype 2007-12-04 16:09 --------- d-----w C:\Program Files\llvlseve 2007-12-04 09:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-11-30 22:24 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-28 19:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-28 19:27 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-28 18:19 --------- d-----w C:\Program Files\iTunes 2007-11-26 09:27 --------- d-----w C:\Program Files\CursorXP 2007-11-25 16:30 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2007-11-12 17:45 --------- d-----w C:\Program Files\WinCustomize 2007-11-12 17:13 --------- d-----w C:\Program Files\Stardock 2007-11-12 17:13 --------- d-----w C:\Program Files\Common Files\Stardock 2007-11-12 13:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-09 21:07 --------- d-----w C:\Program Files\Skype 2007-11-09 21:07 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-09 21:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-08 20:22 --------- d-----w C:\Program Files\PowerQuest 2007-11-05 14:11 --------- d-----w C:\Program Files\QuickTime Alternative 2007-11-05 14:11 --------- d-----w C:\Program Files\iPod 2007-11-05 14:11 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Apple Computer 2007-11-05 14:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-11-05 14:10 --------- d-----w C:\Program Files\Common Files\Apple 2007-11-05 14:10 --------- d-----w C:\Program Files\Apple Software Update 2007-11-05 14:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-11-02 03:56 6,217,728 ----a-w C:\WINDOWS\system32\Atioglgl.dll 2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-10-31 16:01 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\The Bat! 2007-10-30 23:33 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\AdobeUM 2007-10-30 22:53 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-30 22:53 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Nero 2007-10-30 22:51 --------- d-----w C:\Program Files\Nero 2007-10-30 22:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-10-30 13:10 --------- d-----w C:\Program Files\UrbanTerror 2007-10-29 20:49 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Winamp 2007-10-29 15:16 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-10-29 15:16 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2007-10-29 15:16 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-10-29 15:15 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-10-29 15:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-29 15:15 45,056 ----a-w C:\WINDOWS\system32\ogg.dll 2007-10-29 15:15 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2007-10-29 15:15 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll 2007-10-29 15:14 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll 2007-10-29 15:14 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll 2007-10-29 15:14 167,936 ----a-w C:\WINDOWS\system32\ts.dll 2007-10-29 15:14 151,040 ----a-w C:\WINDOWS\system32\mkx.dll 2007-10-29 15:14 142,848 ----a-w C:\WINDOWS\system32\mp4.dll 2007-10-29 15:14 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-10-29 15:13 --------- d-----w C:\Program Files\Real Alternative 2007-10-29 14:55 --------- d-----w C:\Program Files\MarBit 2007-10-29 14:22 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-29 14:21 --------- d-----w C:\Program Files\jv16 PowerTools 2007 2007-10-29 14:16 --------- d-----w C:\Program Files\Google 2007-10-29 14:15 --------- d-----w C:\Program Files\GG Skin Manager 2007-10-29 14:15 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Gadu-Gadu 2007-10-29 14:13 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-29 14:08 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Thunderbird 2007-10-29 14:04 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\vlc 2007-10-29 13:47 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-29 05:54 --------- d-----w C:\Program Files\Usługi online 2007-10-29 05:53 --------- d-----w C:\Program Files\Realtek 2007-10-29 05:52 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-29 05:52 --------- d-----w C:\Program Files\ltmoh 2007-10-29 05:50 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-29 05:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\toshiba 2007-10-29 05:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Sonic 2007-10-29 05:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ATI 2007-10-29 05:43 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\toshiba 2007-10-29 05:43 --------- d-----w C:\Documents and Settings\koolzoli\Dane aplikacji\Sonic 2007-10-28 23:05 --------- d-----w C:\Program Files\MSBuild 2007-10-28 23:05 --------- d-----w C:\Program Files\Microsoft Works 2007-10-28 23:03 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-28 22:56 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-28 22:53 --------- d-----w C:\Program Files\ATI Technologies 2007-10-28 22:44 --------- d-----w C:\Program Files\Opera . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-10-29 15:16] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 19:27] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2005-12-09 23:49 C:\WINDOWS\RTHDCPL.exe] “AGRSMMSG”=“AGRSMMSG.exe” [2005-10-15 14:29 C:\WINDOWS\agrsmmsg.exe] “THotkey”=“C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe” [2006-01-05 14:02] “TPSMain”=“TPSMain.exe” [2005-08-04 14:16 C:\WINDOWS\system32\TPSMain.exe] “TFncKy”=“TFncKy.exe” [] “TDispVol”=“TDispVol.exe” [2005-09-16 14:44 C:\WINDOWS\system32\TDispVol.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-12-17 00:32] “LogonStudio”=“C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” [2002-09-03 18:38] “avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2007-12-14 17:29] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00] C:\Documents and Settings\koolzoli\Menu Start\Programy\Autostart\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-10-28 23:30:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] “UIHost”=“C:\WINDOWS\system32\logonuiX.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll 2007-11-16 13:13 176128 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth Manager.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 15:35 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 00:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] 2005-12-05 12:37 667718 --a------ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 09:51 1836328 --a------ C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2005-05-13 11:03 118784 --a------ C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] 2005-04-12 12:04 65536 --a------ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2005-11-30 12:25 73728 --a------ C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “Nero BackItUp Scheduler 3”=2 (0x2) “iPod Service”=3 (0x3) “AVG Anti-Spyware Guard”=2 (0x2) “Apple Mobile Device”=2 (0x2) R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-15 14:18:30 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\WINDOWS\system32\TDispVol.dll . Completion time: 2007-12-15 14:18:48 C:\ComboFix2.txt … 2007-11-29 11:10 . 2007-12-10 18:15:37 — E O F —