ComboFix 07-10-20.6 - Michaˆek 2007-10-20 18:43:11.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.545 [GMT 2:00] Running from: C:\Documents and Settings\Michaˆek\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 ))))))))))))))))))))))))))))))) . 2007-10-19 20:42 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI 2007-10-19 20:38 d-------- C:\Program Files\ATI Technologies 2007-10-19 20:38 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-10-19 20:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-10-19 15:08 d-------- C:\WINDOWS\Speeditup Free 2007-10-19 15:08 d-------- C:\Program Files\Speeditup Free 2007-10-19 15:01 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-10-19 14:59 d-------- C:\Program Files\Smart PC Solutions 2007-10-18 19:07 d-------- C:\Program Files\NVIDIA Corporation 2007-10-17 14:56 d-------- C:\WINDOWS\system32\Futuremark 2007-10-17 14:56 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-10-17 14:56 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-10-17 14:56 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-10-06 22:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-10-06 22:47 14 --a------ C:\WINDOWS\system32\systeminfo3.dll 2007-10-05 14:56 C:\Documents and Settings\Micha³ek\UserData 2007-10-03 20:09 d-------- C:\Program Files\Common Files\EasyInfo 2007-10-03 13:50 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-10-01 15:32 d-------- C:\Program Files\Setup Files 2007-10-01 15:29 d-------- C:\Program Files\MSI 2007-09-29 05:21 9,854,976 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-09-29 05:07 356,352 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 04:58 143,360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 04:58 122,880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 04:58 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 04:58 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 04:57 122,880 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 04:56 483,328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 04:55 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 04:49 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 04:47 172,032 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 04:36 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-09-29 04:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2007-09-29 04:36 972,072 --a------ C:\WINDOWS\system32\ativva6x.dat 2007-09-29 04:23 5,435,392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-09-29 04:22 376,832 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-09-29 04:20 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-09-29 04:19 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-09-28 17:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-20 15:44 3,407,872 ---ha-w C:\Documents and Settings\Micha³ek\NTUSER.DAT 2007-10-18 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-06 20:55 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-09-28 15:15 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-09-28 15:15 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-09-28 15:15 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-09-14 05:49 --------- d-----w C:\Program Files\Creative 2007-09-13 19:33 --------- d--h--w C:\Program Files\Creative Installation Information 2007-08-26 11:51 --------- d-----w C:\Program Files\Common Files\DirectX 2007-08-24 17:40 --------- d-----w C:\Program Files\BitTorrent 2007-08-23 19:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom 2007-08-23 19:45 --------- d-----w C:\Program Files\Zylom Games 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08] "mkstray"="D:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-07 10:47] "mks_mail"="D:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06] "MKSRegmon"="D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06] "DAEMON Tools"="D:\Program Files\Programy\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "P17Helper"="P17.dll" [2005-05-03 13:38 C:\WINDOWS\system32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-03-30 22:12] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-03-30 22:12] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Color Calibration.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Color Calibration.lnk backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "D:\Download\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe" -mini [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Defender] "C:\Program Files\Speeditup Free\SearchDefender.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] D:\Program Files\Programy\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;"D:\Program Files\mks_vir_2007\bin\MksFwall.exe" R2 MksPC;MksPC;"D:\Program Files\mks_vir_2007\bin\MksPC.exe" R2 MksUpdate;MksUpdate;"D:\Program Files\mks_vir_2007\bin\mksupdate.exe" R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;\??\D:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;\??\D:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;\??\D:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\D:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt S3 UCORESYS;UCORESYS;\??\C:\PROGRA~1\MSI\LIVEUP~1\FlashUty\AMI\AFUWIN\UCORESYS.SYS S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-20 18:44:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-20 18:44:40 C:\ComboFix-quarantined-files.txt ... 2007-09-01 20:36 C:\ComboFix2.txt ... 2007-10-07 21:42 C:\ComboFix3.txt ... 2007-09-01 20:36 . --- E O F ---