ComboFix 07-11-08.1 - a 2007-11-16 20:32:33.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.134 [GMT 1:00] Running from: C:\Documents and Settings\a\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-16 20:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 12:31 2,237 --a------ C:\WINDOWS\mozver.dat 2007-11-14 11:17 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-12 20:30 d-------- C:\Program Files\Winamp 2007-11-11 11:47 d-------- C:\Documents and Settings\a\Dane aplikacji\JLC's Software 2007-11-11 11:45 d-------- C:\Program Files\JLC's Software 2007-11-10 15:55 d-------- C:\WINDOWS\ERUNT 2007-11-09 03:28 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-09 03:28 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-11-08 07:45 d-------- C:\Documents and Settings\a\Dane aplikacji\Canon 2007-11-07 12:30 d-------- C:\Documents and Settings\a\Dane aplikacji\DivX 2007-11-07 11:52 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-11-07 11:51 d-------- C:\Program Files\DivX 2007-11-07 01:08 d-------- C:\Program Files\MSBuild 2007-11-07 01:05 d-------- C:\WINDOWS\system32\XPSViewer 2007-11-07 01:05 d-------- C:\Program Files\Reference Assemblies 2007-11-07 01:05 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-07 00:47 59,264 -----c--- C:\WINDOWS\system32\dllcache\usbhub.sys 2007-11-07 00:47 36,864 -----c--- C:\WINDOWS\system32\dllcache\hidclass.sys 2007-11-07 00:46 d-------- C:\WINDOWS\system32\DRM 2007-11-07 00:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-11-07 00:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-11-07 00:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-11-07 00:46 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-11-07 00:45 313,344 -----c--- C:\WINDOWS\system32\dllcache\p2pgraph.dll 2007-11-07 00:45 153,088 -----c--- C:\WINDOWS\system32\dllcache\p2p.dll 2007-11-07 00:45 116,224 -----c--- C:\WINDOWS\system32\dllcache\p2pnetsh.dll 2007-11-07 00:45 104,960 -----c--- C:\WINDOWS\system32\dllcache\p2pgasvc.dll 2007-11-07 00:45 58,880 -----c--- C:\WINDOWS\system32\dllcache\pnrpnsp.dll 2007-11-07 00:20 582,656 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-07 00:18 d-------- C:\Program Files\MSXML 6.0 2007-11-07 00:18 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-07 00:17 1,034,752 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-11-07 00:17 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-07 00:16 364,160 -----c--- C:\WINDOWS\system32\dllcache\update.sys 2007-11-07 00:16 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll 2007-11-07 00:15 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys 2007-11-07 00:14 1,843,840 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2007-11-07 00:14 579,072 -----c--- C:\WINDOWS\system32\dllcache\user32.dll 2007-11-07 00:14 282,112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-11-07 00:14 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll 2007-11-07 00:13 2,181,632 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-11-07 00:13 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2007-11-07 00:13 2,058,880 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-11-07 00:13 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2007-11-07 00:13 293,376 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll 2007-11-07 00:13 185,856 -----c--- C:\WINDOWS\system32\dllcache\upnphost.dll 2007-11-07 00:12 8,482,304 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-07 00:12 216,064 -----c--- C:\WINDOWS\system32\dllcache\osk.exe 2007-11-07 00:12 135,168 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll 2007-11-07 00:12 73,216 -----c--- C:\WINDOWS\system32\dllcache\magnify.exe 2007-11-07 00:12 55,296 -----c--- C:\WINDOWS\system32\dllcache\narrator.exe 2007-11-07 00:12 50,176 -----c--- C:\WINDOWS\system32\dllcache\utilman.exe 2007-11-07 00:12 36,352 -----c--- C:\WINDOWS\system32\dllcache\umandlg.dll 2007-11-07 00:11 981,760 -----c--- C:\WINDOWS\system32\dllcache\mfc42u.dll 2007-11-07 00:11 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll 2007-11-07 00:11 334,336 -----c--- C:\WINDOWS\system32\dllcache\wiaservc.dll 2007-11-07 00:11 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll 2007-11-07 00:11 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll 2007-11-07 00:11 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll 2007-11-07 00:10 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll 2007-11-07 00:10 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll 2007-11-07 00:09 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-11-07 00:09 714,240 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll 2007-11-07 00:09 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-11-07 00:09 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-11-07 00:09 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-11-07 00:08 728,576 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 00:08 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe 2007-11-07 00:08 163,584 -----c--- C:\WINDOWS\system32\dllcache\nwrdr.sys 2007-11-07 00:08 143,872 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll 2007-11-07 00:08 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll 2007-11-07 00:08 65,536 -----c--- C:\WINDOWS\system32\dllcache\nwwks.dll 2007-11-07 00:08 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll 2007-11-07 00:08 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll 2007-11-07 00:07 1,498,112 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-11-07 00:07 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2007-11-07 00:07 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll 2007-11-07 00:06 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll 2007-11-07 00:05 1,439,744 -----c--- C:\WINDOWS\system32\dllcache\query.dll 2007-11-07 00:05 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-11-07 00:05 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll 2007-11-07 00:05 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-11-07 00:05 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-11-07 00:04 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-11-07 00:04 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll 2007-11-07 00:03 1,013,248 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll 2007-11-07 00:03 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2007-11-07 00:02 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2007-11-07 00:02 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll 2007-11-07 00:02 111,104 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll 2007-11-07 00:02 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll 2007-11-07 00:01 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll 2007-11-07 00:00 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2007-11-07 00:00 450,560 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 00:00 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys 2007-11-06 23:59 28,672 --------- C:\WINDOWS\system32\verclsid.exe 2007-11-06 22:59 d-------- C:\Program Files\SGJ 2007-11-05 23:26 d-------- C:\Program Files\Trend Micro 2007-11-04 14:29 d-------- C:\Documents and Settings\a\.housecall6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 18:57 277,532 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2007-11-16 18:57 1,904 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2007-11-16 18:57 1,904 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-10-26 18:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard 2007-10-26 18:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir 2007-10-26 18:34 --------- d-----w C:\Documents and Settings\a\Dane aplikacji\ScanSoft 2007-10-26 18:33 --------- d-----w C:\Program Files\ScanSoft 2007-10-26 18:33 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared 2007-10-26 18:33 --------- d-----w C:\Program Files\Canon 2007-10-26 18:33 --------- d-----w C:\Program Files\ArcSoft 2007-10-26 17:00 --------- d-----w C:\Program Files\Usługi online 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdslTaskBar"="stmctrl.dll" [2006-06-02 10:01 C:\WINDOWS\system32\stmctrl.dll] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00] "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29] "APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 17:30] "SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 14:17] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 03:47 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44] "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"=0 (0x0) "DisableLockWorkstation"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoTrayContextMenu"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\docoom] "C:\Program Files\docoom\docoom backup\docoom.exe" /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 docoom online S.L.: docoom backup update permissions manager. 12662.;docoom online S.L.: docoom backup update permissions manager. 12662.;C:\Program Files\docoom\docoom backup\udocoom.exe -PermissionManagerRun R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys . Contents of the 'Scheduled Tasks' folder "2007-11-10 23:00:11 C:\WINDOWS\Tasks\Podstawowe porządkowanie.job" - C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 20:33:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\docoom online S.L.: docoom backup update permissions manager. 12662.] . Completion time: 2007-11-16 20:34:28 . --- E O F ---