ComboFix 07-12-02.5 - Gumiś 2007-12-02 22:10:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1521 [GMT 1:00] Running from: C:\Documents and Settings\Gumiś\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 20:47 . 2007-12-02 22:00 2007-12-02 20:47 . 2007-12-02 20:47 2007-12-01 22:32 . 2007-12-01 22:32 2007-12-01 22:32 . 2007-12-01 22:32 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2007-12-01 22:32 . 2007-12-01 22:32 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2007-12-01 22:32 . 2007-12-01 22:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER 2007-12-01 22:32 . 2007-12-01 22:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-11-30 20:52 . 2007-11-30 21:08 2007-11-30 20:48 . 2007-11-30 20:48 2007-11-30 20:48 . 2007-12-01 19:59 5,078,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-30 20:48 . 2007-12-02 22:11 25,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-30 20:48 . 2007-12-01 19:59 8,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-30 20:48 . 2007-12-01 19:59 1,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-30 20:27 . 2007-11-30 20:27 2007-11-30 19:10 . 2007-11-30 19:10 2007-11-29 22:49 . 2007-11-29 22:49 2007-11-29 18:55 . 2007-12-02 19:00 959 --a------ C:\rollback.ini 2007-11-29 16:40 . 2007-12-01 12:30 512 --a------ C:\ScanSectorLog.dat 2007-11-29 16:23 . 2007-12-01 20:14 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-11-29 16:22 . 2007-12-02 19:48 2007-11-29 15:57 . 2007-11-29 15:57 2007-11-29 15:57 . 2007-11-30 20:19 2007-11-27 20:35 . 2007-11-27 20:35 2007-11-22 22:04 . 2007-11-22 22:22 2007-11-20 22:38 . 2007-11-19 18:50 309,430,548 --a------ C:\PES_2008_Patch_0.5.exe 2007-11-20 22:35 . 2007-11-20 22:35 2007-11-20 18:09 . 2007-12-02 19:09 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-20 18:05 . 2007-11-20 18:05 2007-11-20 18:05 . 2007-11-20 18:05 2007-11-20 18:05 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-11-20 18:05 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-11-20 18:05 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-11-20 18:05 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-11-20 18:05 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-20 18:05 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-11-19 21:55 . 2007-12-02 18:56 2007-11-19 21:54 . 2007-11-19 21:54 2007-11-18 21:40 . 2007-12-02 22:10 2007-11-18 21:40 . 2007-10-17 16:27 707,024 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-11-18 21:40 . 2007-10-17 16:26 281,552 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-11-18 13:59 . 2007-11-18 14:00 2007-11-16 20:37 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-14 23:49 . 2007-11-15 00:05 2007-11-13 23:01 . 2007-11-30 21:13 2007-11-13 19:25 . 2007-11-13 19:29 2007-11-13 19:18 . 2007-11-13 19:18 2007-11-13 19:10 . 2007-09-14 05:21 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-11-13 16:02 . 2007-12-02 19:56 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-13 16:02 . 2007-11-13 23:34 22,328 --a------ C:\Documents and Settings\Gumiś\Dane aplikacji\PnkBstrK.sys 2007-11-13 16:01 . 2007-12-02 21:00 2007-11-13 16:01 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-13 16:01 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-13 16:01 . 2007-11-13 16:01 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-13 16:01 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-13 16:01 . 2007-12-02 20:20 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-13 16:01 . 2007-12-02 19:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-10 14:35 . 2007-11-10 15:14 2007-11-10 14:04 . 2007-11-10 14:04 2007-11-10 12:20 . 2007-11-10 12:20 2007-11-10 12:09 . 2007-11-10 12:09 2007-11-10 11:09 . 2007-11-10 11:12 2007-11-08 19:50 . 2007-11-30 13:30 2007-11-08 19:35 . 2007-11-08 19:35 2007-11-08 19:35 . 2007-11-08 19:35 2007-11-08 19:35 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-11-08 19:35 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2007-11-07 23:38 . 2007-11-13 16:15 2007-11-07 23:38 . 2006-09-23 12:13 79,518 --------- C:\WINDOWS\system32\IE7Eula.rtf 2007-11-07 23:38 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-07 23:36 . 2007-11-07 23:36 2007-11-07 23:36 . 2007-11-07 23:36 2007-11-07 22:54 . 2007-11-27 20:35 2007-11-07 22:11 . 2007-11-07 22:11 2007-11-07 20:10 . 2007-11-07 20:10 2007-11-07 20:10 . 2007-11-07 20:10 2007-11-07 20:10 . 2006-06-27 14:24 31,744 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys 2007-11-07 19:57 . 2007-11-07 19:58 2007-11-07 19:28 . 2007-11-07 19:28 2007-11-07 19:28 . 2007-11-07 19:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-07 19:25 . 2007-11-07 19:25 2007-11-07 19:25 . 2007-11-07 19:25 2007-11-07 19:25 . 2007-11-07 19:25 2007-11-07 17:23 . 2007-12-01 22:43 2007-11-07 17:20 . 2007-11-07 17:20 2007-11-07 14:00 . 2007-11-07 14:00 2007-11-07 14:00 . 2007-12-02 20:47 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 19:06 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-02 18:24 22,141,494 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_02_19_19_01_full.dmp.zip 2007-11-10 09:56 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-11-07 12:58 --------- d-----w C:\Documents and Settings\Gumiś\Dane aplikacji\Gadu-Gadu 2007-11-07 12:57 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-07 12:51 --------- d-----w C:\Program Files\RivaTuner v2.02 2007-11-07 12:19 --------- d-----w C:\Program Files\ZTE Corporation 2007-11-07 12:17 --------- d-----w C:\Documents and Settings\Gumiś\Dane aplikacji\DAEMON Tools Pro 2007-11-07 12:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro 2007-11-07 12:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-07 12:12 --------- d-----w C:\Program Files\Lavalys 2007-11-07 12:07 --------- d-----w C:\Documents and Settings\Gumiś\Dane aplikacji\Grisoft 2007-11-07 12:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-07 12:05 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-07 12:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-11-07 12:04 --------- d-----w C:\Program Files\foobar2000 2007-11-07 11:57 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-11-07 11:57 --------- d-----w C:\Program Files\Realtek AC97 2007-11-07 11:57 --------- d-----w C:\Program Files\DIFX 2007-11-07 11:57 --------- d-----w C:\Program Files\AvRack 2007-11-07 11:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 11:39 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 11:38 --------- d-----w C:\Program Files\Usługi online 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-17 00:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-17 00:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-09-17 00:07 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-17 00:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-09-17 00:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-09-17 00:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-09-17 00:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-09-17 00:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-09-17 00:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-09-17 00:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-09-17 00:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-09-17 00:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-09-17 00:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-09-17 00:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-09-17 00:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-09-17 00:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-09-17 00:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-09-17 00:07 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-09-17 00:07 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-09-17 00:07 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-09-17 00:07 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-09-17 00:07 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-09-17 00:07 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] “PowerArchiver Tray”=“C:\Program Files\PowerArchiver\PASTARTER.EXE” [2007-03-20 21:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2006-06-20 22:42 C:\WINDOWS\soundman.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “CnxDslTaskBar”=“c:\program files\zte corporation\zxdsl852\CnxDslTb.exe” [2005-07-21 19:52] “RivaTunerStartupDaemon”=“C:\Program Files\RivaTuner v2.02\RivaTuner.exe” [2007-07-01 20:20] “amd_dc_opt”=“C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe” [2006-06-28 15:42] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2007-10-17 16:26] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-11-07 17:13] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-01-08 14:29] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys R3 RivaTuner32;RivaTuner32;??\C:\Program Files\RivaTuner v2.02\RivaTuner32.sys *Newly Created Service* - PNKBSTRA *Newly Created Service* - PNKBSTRK . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 22:11:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 22:11:47 . — E O F —