ComboFix 07-10-23.2 - balik 2007-10-24 15:03:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.515 [GMT 2:00] Running from: D:\instalki\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pskill.exe . ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 15:02 51,200 --a------ C:\Windows\NirCmd.exe 2007-10-10 15:16 17,920 --a------ C:\Windows\system32\mdimon.dll 2007-10-10 15:13 2007-10-10 15:12 2007-10-10 15:10 2007-10-04 23:57 2007-10-01 15:22 1,156 --a------ C:\Windows\mozver.dat 2007-09-29 18:25 60,273 --a------ C:\Windows\system32\pthreadGC2.dll 2007-09-29 18:25 7,680 --a------ C:\Windows\system32\ff_vfw.dll 2007-09-29 17:40 2007-09-27 23:13 2007-09-27 23:13 10,872 --a------ C:\Windows\system32\drivers\AvgAsCln.sys 2007-09-27 11:23 0 --a------ C:\Windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 15:16 --------- d-----w C:\Documents and Settings\balik\Dane aplikacji\ViStart 2007-11-23 15:09 --------- d-----w C:\Program Files\ViOrb 2007-11-19 13:42 --------- d-----w C:\Documents and Settings\balik\Dane aplikacji\Tlen.pl 2007-10-24 12:40 --------- d-----w C:\Program Files\OrangeBs 2007-10-04 21:59 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-22 21:25 --------- d-----w C:\Program Files\MarBit 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-04 11:36 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-04 11:35 --------- d-----w C:\Program Files\Canon 2007-09-04 11:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-08-25 18:36 --------- d-----w C:\Documents and Settings\balik\Dane aplikacji\CyberLink 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-08-01 19:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-08-01 19:05 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-08-01 19:05 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-04-26 06:54:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 15:10] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 22:55] “SMSERIAL”=“sm56hlpr.exe” [2005-07-03 17:03 C:\Windows\sm56hlpr.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-11-14 18:21 C:\Windows\RTHDCPL.EXE] “SkyTel”=“SkyTel.EXE” [2006-05-16 19:04 C:\Windows\SkyTel.exe] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 06:17] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 06:13] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 06:17] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2006-03-02 14:00 C:\Windows\system32\bthprops.cpl] “avast!”=“d:\Programy\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-06-14 18:32] “OBSWATCH”=“C:\PROGRA~1\OrangeBs\Watch.exe” [2005-09-07 10:26] “WinampAgent”=“d:\Programy\Winamp\winampa.exe” [2007-05-15 00:22] “!AVG Anti-Spyware”=“D:\Programy\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] “LClock”=“C:\Program Files\LClock\LClock.exe” [] “Vista Sidebar”=“C:\Program Files\Vista Sidebar\sidebar.exe” [] “ViStart”=“C:\Program Files\ViStart\ViStart.exe” [] “VisualTooltip”=“C:\Program Files\VisualTooltip\VisualToolTip.exe” [] “ViOrb”=“C:\Program Files\ViOrb\ViOrb.exe” [] R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys R3 NWUSBModem;Novatel Wireless USB Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys R3 NWUSBPort;Novatel Wireless USB Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 15:04:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-24 15:05:01 . — E O F —