ComboFix 08-06-20.4 - Iza 2008-06-29 18:58:05.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.87 [GMT 2:00]
Running from: C:\Documents and Settings\Iza\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-29  )))))))))))))))))))))))))))))))
.

2008-06-29 18:48 . 2008-06-29 18:48	<DIR>	d--------	C:\!KillBox
2008-06-29 18:39 . 2008-06-29 18:39	<DIR>	d--------	C:\Program Files\Trend Micro
2008-06-29 15:47 . 2008-06-29 15:47	<DIR>	d--------	C:\Program Files\Adobe Media Player
2008-06-29 15:46 . 2008-06-29 15:46	<DIR>	d--------	C:\Program Files\Common Files\Adobe AIR
2008-06-29 15:44 . 2008-06-29 15:44	<DIR>	d--------	C:\WINDOWS\LastGood
2008-06-29 13:30 . 2008-06-29 14:00	<DIR>	d--------	C:\Program Files\Spyware Doctor
2008-06-29 13:30 . 2008-06-29 13:30	<DIR>	d--------	C:\Documents and Settings\Iza\Dane aplikacji\PC Tools
2008-06-29 13:30 . 2008-06-29 15:09	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-29 13:30 . 2008-06-10 21:22	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-29 13:30 . 2008-06-02 15:19	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-29 13:30 . 2008-06-02 15:19	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-29 13:30 . 2008-06-02 15:19	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2008-06-29 12:22 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 12:18 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2008-06-29 12:18 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2008-06-29 12:18 . 2007-07-30 19:18	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2008-06-29 12:11 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-06-29 12:09 . 2008-06-29 12:09	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-06-29 12:08 . 2008-06-29 12:08	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-06-29 12:05 . 2008-06-29 12:06	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-06-29 12:04 . 2008-06-29 12:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-29 12:03 . 2008-06-29 12:03	<DIR>	dr-h-----	C:\MSOCache
2008-06-29 12:01 . 2008-06-29 12:01	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2008-06-29 11:58 . 2008-06-29 11:58	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start
2008-06-29 11:46 . 2008-06-29 11:46	<DIR>	d--------	C:\WINDOWS\provisioning
2008-06-29 11:46 . 2008-06-29 11:46	<DIR>	d--------	C:\WINDOWS\peernet
2008-06-29 11:43 . 2008-06-29 11:43	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-06-29 11:38 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]02240_.tmp
2008-06-29 11:37 . 2004-08-03 22:43	15,872	--a------	C:\WINDOWS\system32\spupdsvc.exe
2008-06-29 11:33 . 2008-06-29 11:33	<DIR>	d--------	C:\WINDOWS\EHome
2008-06-29 11:22 . 2008-06-29 11:22	<DIR>	d---s----	C:\Documents and Settings\Iza\UserData
2008-06-28 21:45 . 2008-06-28 21:45	0	-rahs----	C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE A40_01626000-PL_PSA40E-0DEWN.MRK
2008-06-28 21:44 . 2003-12-15 12:20	<DIR>	d--------	C:\Documents and Settings\Iza\WINDOWS
2008-06-28 21:44 . 2003-12-15 10:44	<DIR>	d--h-----	C:\Documents and Settings\Iza\Ustawienia lokalne
2008-06-28 21:44 . 2008-06-29 11:59	<DIR>	dr-------	C:\Documents and Settings\Iza\Ulubione
2008-06-28 21:44 . 2003-12-15 10:48	<DIR>	d--h-----	C:\Documents and Settings\Iza\Szablony
2008-06-28 21:44 . 2008-06-29 18:58	<DIR>	d--------	C:\Documents and Settings\Iza\Pulpit
2008-06-28 21:44 . 2008-06-29 16:34	<DIR>	dr-------	C:\Documents and Settings\Iza\Moje dokumenty
2008-06-28 21:44 . 2003-12-15 10:44	<DIR>	dr-------	C:\Documents and Settings\Iza\Menu Start
2008-06-28 21:44 . 2003-12-15 12:25	<DIR>	d--------	C:\Documents and Settings\Iza\Dane aplikacji\toshiba
2008-06-28 21:44 . 2003-12-15 12:28	<DIR>	d--------	C:\Documents and Settings\Iza\Dane aplikacji\AdobeUM
2008-06-28 21:44 . 2008-06-29 15:44	<DIR>	dr-h-----	C:\Documents and Settings\Iza\Dane aplikacji
2008-06-28 21:44 . 2008-06-29 15:48	<DIR>	d--------	C:\Documents and Settings\Iza
2008-06-28 21:44 . 2004-08-04 00:44	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-06-28 21:43 . 2003-12-15 12:20	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-28 21:43 . 2003-12-15 12:25	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\toshiba
2008-06-28 21:43 . 2003-12-15 12:28	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\AdobeUM
2008-06-28 21:42 . 2003-12-15 12:20	<DIR>	d--------	C:\Documents and Settings\Default User\WINDOWS
2008-06-28 21:38 . 2008-06-28 21:38	8,192	--a------	C:\WINDOWS\REGLOCS.OLD
2008-06-28 21:11 . 2008-06-29 16:08	<DIR>	d--------	C:\Documents and Settings\Iza\Dane aplikacji\skypePM
2008-06-28 21:11 . 2008-06-28 21:11	48	--ah-----	C:\WINDOWS\system32\ezsidmv.dat
2008-06-28 21:10 . 2007-07-30 19:19	549,720	--a------	C:\WINDOWS\system32\wuapi.dll
2008-06-28 21:10 . 2007-07-30 19:19	325,976	--a------	C:\WINDOWS\system32\wucltui.dll
2008-06-28 21:10 . 2007-07-30 19:19	216,408	--a------	C:\WINDOWS\system32\wuaucpl.cpl
2008-06-28 21:10 . 2007-07-30 19:19	203,096	--a------	C:\WINDOWS\system32\wuweb.dll
2008-06-28 21:10 . 2004-08-03 14:04	187,160	--a------	C:\WINDOWS\system32\wuaueng1.dll
2008-06-28 21:10 . 2004-08-03 14:03	170,264	--a------	C:\WINDOWS\system32\wuauclt1.exe
2008-06-28 21:10 . 2007-07-30 19:18	33,624	--a------	C:\WINDOWS\system32\wups.dll
2008-06-28 21:06 . 2008-06-28 21:06	<DIR>	d--------	C:\Program Files\Alwil Software
2008-06-28 21:06 . 2003-03-18 22:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll
2008-06-28 21:06 . 2003-03-18 21:14	499,712	--a------	C:\WINDOWS\system32\MSVCP71.dll
2008-06-28 21:06 . 2003-02-21 05:42	348,160	--a------	C:\WINDOWS\system32\MSVCR71.dll
2008-06-28 21:01 . 2008-06-28 21:11	<DIR>	d--------	C:\Documents and Settings\Iza\Dane aplikacji\Skype
2008-06-28 21:00 . 2008-06-28 21:00	<DIR>	d--------	C:\Program Files\Skype
2008-06-28 21:00 . 2008-06-28 21:01	<DIR>	d--------	C:\Program Files\Google
2008-06-28 21:00 . 2008-06-28 21:00	<DIR>	d--------	C:\Program Files\Common Files\Skype
2008-06-28 21:00 . 2008-06-28 21:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 18:52 65536]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 21:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2003-05-23 15:33 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 12:06 32768 C:\WINDOWS\ltsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-17 19:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-13 15:28 122880]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-11-24 12:51 1019904]
"TFNF5"="TFNF5.exe" [2003-10-15 18:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2003-12-02 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-10 21:22 1163656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Iza\Menu Start\Programy\Autostart\
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 19:02:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 19:04:27
ComboFix-quarantined-files.txt  2008-06-29 17:04:17

Pre-Run: 30,805,790,720 bajtów wolnych
Post-Run: 31,328,079,872 bajtów wolnych

131