ComboFix 08-08-14.05 - marek 2008-08-16 9:36:19.4 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.471 [GMT 2:00] Running from: C:\Documents and Settings\marek\Desktop\Nowy folder\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\marek\Cookies\marek@onet[3].txt C:\Documents and Settings\marek\Cookies\marek@pcformat[2].txt C:\Documents and Settings\marek\Cookies\marek@tradedoubler[2].txt . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-25 16:36 . 2008-08-25 16:36 d--hs---- C:\FOUND.004 2008-08-22 23:23 . 2008-08-22 23:23 152,920 --a------ C:\WINDOWS\system32\vghd.scr 2008-08-22 23:22 . 2008-08-22 23:22 d-------- C:\Program Files\vghd 2008-08-15 18:32 . 2008-08-15 18:32 82 --a------ C:\WINDOWS\mafosav.INI 2008-08-15 18:30 . 2008-08-15 18:30 d-------- C:\Buziol Games 2008-08-15 18:09 . 2008-08-15 18:09 d-------- C:\Program Files\Avant Browser-rozszeenie do przegldarki int.Ekspojler 2008-08-15 18:09 . 2008-08-15 18:09 d-------- C:\Documents and Settings\marek\Application Data\Avant Profiles 2008-08-10 00:22 . 2008-08-10 00:22 d-------- C:\Program Files\Trend Micro 2008-08-09 22:08 . 2008-08-09 22:08 d-------- C:\Program Files\Avira 2008-08-09 22:08 . 2008-08-09 22:08 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-07 21:59 . 2008-08-07 21:59 d-------- C:\Program Files\Lavasoft 2008-08-07 21:59 . 2008-08-07 21:59 d-------- C:\Documents and Settings\marek\Application Data\Lavasoft 2008-08-02 10:11 . 2008-08-02 10:11 d-------- C:\Program Files\MSXML 6.0 2008-08-01 22:19 . 2008-08-01 22:19 d-------- C:\Documents and Settings\All Users\Application Data\G DATA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 12:15 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys 2008-08-01 21:06 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-06-23 21:16 43,424 ----a-w C:\Documents and Settings\marek\Application Data\GDIPFONTCACHEV1.DAT 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\MSWSOCK.DLL 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2007-06-25 06:47 329 ----a-w C:\Program Files\Gogle.kml 2007-06-18 15:04 81,920 ----a-w C:\Documents and Settings\marek\Application Data\ezpinst.exe 2007-06-18 15:04 47,360 ----a-w C:\Documents and Settings\marek\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-10_ 0.03.56.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-16 07:13:02 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_1c4.dat + 2008-08-16 07:13:28 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_dd0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 16:00 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-12 20:29 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD] --a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] --------- 2006-04-14 22:35 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot] --a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] --a------ 2006-05-30 12:11 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] --a------ 2006-06-01 14:40 413696 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-06-23 06:59 602112 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-10-16 16:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 13:07 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 03:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\Avant Browser-rozszeenie do przegldarki int.Ekspojler\\avant.exe"= S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SDTray - C:\Program Files\Spyware Doctor\SDTrayApp.exe MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\87b5ynvv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 09:39:22 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-16 9:40:26 ComboFix-quarantined-files.txt 2008-08-16 07:40:22 ComboFix4.txt 2008-08-09 22:05:32 ComboFix3.txt 2008-08-10 14:00:42 ComboFix2.txt 2008-08-15 14:06:22 Pre-Run: 33,486,962,688 bytes free Post-Run: 33,482,571,776 bajtów wolnych 183 --- E O F --- 2008-08-02 09:23:47