ComboFix 07-06-18.2 - C:\download\ComboFix.exe “Patryk” - 2007-06-29 18:58:20 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Patryk\Pulpit\internet.lnk ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 ))))))))))))))))))))))))))))))) 2007-06-29 18:51 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-29 18:38 2007-06-29 12:37 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-06-29 09:40 2007-06-29 09:39 2007-06-29 08:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-29 08:54 266,240 --a------ C:\Program Files\Uninstall Pando Toolbar.dll 2007-06-28 19:58 2007-06-28 19:41 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-06-28 19:41 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-06-28 19:40 775,296 --a------ C:\WINDOWS\system32\drivers\emu10k1f.sys 2007-06-28 19:40 6,912 --a------ C:\WINDOWS\system32\drivers\ctlface.sys 2007-06-28 19:40 59,392 --a------ C:\WINDOWS\system32\a3d.dll 2007-06-28 19:40 51,200 --a------ C:\WINDOWS\system32\sfman32.dll 2007-06-28 19:40 495,616 --a------ C:\WINDOWS\system32\sblfx.dll 2007-06-28 19:40 36,992 --a------ C:\WINDOWS\system32\drivers\sfman.sys 2007-06-28 19:40 3,584 --a------ C:\WINDOWS\system32\ctwdm32.dll 2007-06-28 19:40 25,600 --a------ C:\WINDOWS\system32\devldr32.exe 2007-06-28 19:35 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE 2007-06-28 19:35 2007-06-28 19:31 2007-06-28 19:29 2007-06-28 19:13 2007-06-28 19:13 2007-06-28 17:58 2007-06-28 17:28 2007-06-28 17:28 2007-06-28 17:19 2007-06-28 17:16 2007-06-28 17:06 2007-06-28 17:06 2007-06-28 17:06 2007-06-28 17:06 2007-06-28 17:06 2007-06-28 17:06 2007-06-28 17:05 1,048,576 --ah----- C:\DOCUME~1\Patryk\NTUSER.DAT 2007-06-28 17:05 2007-06-28 17:05 2007-06-28 16:51 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-06-28 16:44 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-28 16:44 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-28 15:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-06-28 15:58 2007-06-28 15:34 (2) -rahs-ot- C:\WINDOWS\winstart.bat 2007-06-28 14:16 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-06-28 14:16 2007-06-27 09:51 2007-06-25 09:18 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-06-25 09:18 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-06-25 09:18 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-06-25 09:18 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-06-25 09:18 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-06-25 09:18 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-06-25 09:18 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-06-25 09:18 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-06-25 09:18 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-06-25 09:18 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-06-25 09:18 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-06-25 09:18 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-06-25 09:18 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-06-25 09:18 667,648 --a------ C:\WINDOWS\system32\dinput8.dll 2007-06-25 09:18 648,704 --a------ C:\WINDOWS\system32\dinput.dll 2007-06-25 09:18 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-06-25 09:18 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-06-25 09:18 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll 2007-06-25 09:18 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-06-25 09:18 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-06-25 09:18 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-06-25 09:18 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-06-25 09:18 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-06-25 09:18 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-06-25 09:18 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-06-25 09:18 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll 2007-06-25 09:18 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-06-25 09:18 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll 2007-06-25 09:18 44,032 --a------ C:\WINDOWS\system32\dimap.dll 2007-06-25 09:18 436,224 --a------ C:\WINDOWS\system32\d3dim.dll 2007-06-25 09:18 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-06-25 09:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-06-25 09:18 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-06-25 09:18 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-06-25 09:18 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-06-25 09:18 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-06-25 09:18 350,208 --a------ C:\WINDOWS\system32\d3drm.dll 2007-06-25 09:18 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll 2007-06-25 09:18 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-06-25 09:18 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-06-25 09:18 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-06-25 09:18 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-06-25 09:18 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-06-25 09:18 31,744 --a------ C:\WINDOWS\system32\pid.dll 2007-06-25 09:18 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-06-25 09:18 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-06-25 09:18 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-06-25 09:18 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-06-25 09:18 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-06-25 09:18 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-06-25 09:18 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-06-25 09:18 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-06-25 09:18 223,232 --a------ C:\WINDOWS\system32\gcdef.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 15:09:24 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-28 15:09:24 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-11 21:23:18 -------- d-----w C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02] {38D3FE60-3D53-4F37-BB0E-C7A97A26A156}=C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2007-06-18 12:52] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-06-12 19:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-10-25 07:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-06-12 19:16] “AHQInit”=“C:\Program Files\Creative\SBLive\Program\AHQInit.exe” [2001-05-10 18:49] “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-06-29 08:37] “Disc Detector”=“C:\Program Files\Creative\ShareDLL\CtNotify.exe” [1999-08-30 01:55] “AudioHQ”=“C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE” [2001-08-17 17:01] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Pando”=“C:\Program Files\Pando Networks\Pando\pando.exe” [2007-06-18 12:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-29 18:59:53 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … cmd.exe [2536] scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X??? C???Disc Detector?B???A???A???B???@?$?@?? C???U?@???@?B???A???A???B???@???P???$?@???U?w???@???B???B scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-29 19:00:41 C:\ComboFix-quarantined-files.txt … 2007-06-29 19:00 — E O F —