- Kod: Zaznacz wszystko
[quote]Poproszę o sprawdzenie loga z Hijack,comboFix i SDFix.Wszystko mi za długo otwiera się
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:04, on 2008-08-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\HIJACK\HiJackThis-narzędzie dom wykonywania loga\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218378151529
O17 - HKLM\System\CCS\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3EEBB15-114A-43CF-965F-8068A650EF65}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 5365 bytes
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 11:59:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fe,cb,23,01,e6,dd,24,8e,61,34,f9,af,ef,c1,a2,76,90,b1,3f,6b,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:41,47,ca,3a,6a,41,37,30,64,84,48,94,11,69,93,d2,e0,c6,09,76,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fe,cb,23,01,e6,dd,24,8e,61,34,f9,af,ef,c1,a2,76,90,b1,3f,6b,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:41,47,ca,3a,6a,41,37,30,64,84,48,94,11,69,93,d2,e0,c6,09,76,5c,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
ComboFix 08-08-19.06 - Wojciech 2008-08-21 12:17:21.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.175 [GMT 2:00]
Running from: C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
/wow section - STAGE 40
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Wojciech\Dane aplikacji\inst.exe
C:\WINDOWS\system32\cfbcdeec_d.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-21 11:47 . 2008-08-21 12:02 <DIR> d-------- C:\SDFix
2008-08-19 17:50 . 2008-08-19 17:50 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-19 10:55 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-18 14:31 . 2008-08-18 14:31 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2008-08-18 10:50 . 2008-08-19 10:51 <DIR> d-------- C:\Program Files\ESET
2008-08-17 16:47 . 2008-08-17 16:47 <DIR> d-------- C:\Program Files\uTorrent
2008-08-17 13:31 . 2008-08-17 13:31 <DIR> d-------- C:\Program Files\AD Sound Recorder
2008-08-17 09:03 . 2008-08-19 17:51 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Lavasoft
2008-08-13 19:43 . 2008-08-13 19:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 19:37 . 2008-08-13 19:37 <DIR> d-------- C:\Program Files\Real Alternative
2008-08-13 18:22 . 2008-08-13 19:09 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Any Video Converter
2008-08-13 17:32 . 2008-08-20 18:51 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-13 16:43 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 16:38 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 08:42 . 2008-08-13 08:42 <DIR> d-------- C:\Program Files\Lekarz domowy
2008-08-11 16:16 . 2008-08-11 16:17 <DIR> d-------- C:\Program Files\Nero
2008-08-11 16:16 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-08-11 16:16 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-08-11 16:16 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-08-11 16:16 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-08-11 16:16 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-08-11 09:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-11 09:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-10 11:31 . 2008-08-18 11:06 <DIR> d-------- C:\Program Files\Unlocker
2008-08-10 11:31 . 2008-08-18 11:07 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Desktopicon
2008-08-09 15:38 . 2008-08-09 15:38 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Simply Super Software
2008-08-07 16:03 . 2008-08-07 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab(2)
2008-08-07 12:00 . 2008-08-07 12:00 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-08-06 15:20 . 2008-08-06 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-06 12:56 . 2008-08-13 17:30 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-08-05 15:05 . 2008-08-06 08:11 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Winamp(2)
2008-08-04 08:53 . 2008-08-06 08:12 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-08-04 08:53 . 2008-08-04 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-08-02 18:08 . 2008-08-11 17:48 <DIR> d-------- C:\Program Files\WashAndGo
2008-08-02 17:27 . 2008-08-02 17:28 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-08-02 17:27 . 2008-08-02 17:27 23 --a------ C:\WINDOWS\system32\aabffcce2_d.ocx
2008-08-02 17:09 . 2008-08-02 17:09 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-08-02 17:07 . 2008-08-02 17:06 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-31 13:58 . 2008-07-31 13:58 128 --ahs---- C:\Documents and Settings\desktop.ini
2008-07-29 16:54 . 2008-07-29 17:07 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Nowe Gadu-Gadu
2008-07-29 16:52 . 2008-07-29 16:53 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu
2008-07-28 17:17 . 2008-07-28 17:21 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-28 15:42 . 2008-07-28 15:42 1,694 --a------ C:\WINDOWS\unins000.dat
2008-07-28 15:42 . 2008-07-28 17:16 130 --a------ C:\WINDOWS\waterfalls.ini
2008-07-28 08:56 . 2008-07-28 17:20 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-28 08:56 . 2008-07-28 17:21 72,066 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-28 08:52 . 2008-07-28 17:16 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-07-27 16:08 . 2008-07-27 16:40 67 --a------ C:\WINDOWS\Aurora MPEG To DVD.INI
2008-07-27 15:07 . 2008-07-27 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-07-26 17:32 . 2008-07-26 17:32 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\CyberLink
2008-07-26 16:42 . 2008-08-06 08:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-26 16:42 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-26 16:42 . 2008-07-04 08:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-26 16:42 . 2008-05-31 01:22 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-07-26 16:42 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-26 16:42 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-26 16:42 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-07-26 16:42 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-07-26 16:42 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-26 16:42 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-26 16:42 . 2004-04-18 12:34 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-26 16:37 . 2008-07-26 16:38 <DIR> d-------- C:\Program Files\CCleaner
2008-07-26 16:13 . 2008-08-02 17:08 <DIR> d-------- C:\Program Files\CyberLink
2008-07-26 16:13 . 2008-08-03 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-07-24 13:56 . 2008-07-24 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\vsosdk
2008-07-24 12:37 . 2008-07-26 12:12 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Vso
2008-07-24 12:37 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-24 12:37 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-24 12:37 . 2008-07-26 11:27 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-24 12:37 . 2008-07-26 12:12 47,360 --a------ C:\Documents and Settings\Wojciech\Dane aplikacji\pcouffin.sys
2008-07-23 18:21 . 2008-07-23 18:21 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-07-23 18:21 . 2008-07-23 18:21 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-07-23 15:09 . 2008-07-23 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SlySoft
2008-07-23 08:25 . 2008-07-23 08:25 43 --a------ C:\WINDOWS\Aurora Media Workshop.INI
2008-07-23 08:23 . 2008-05-06 08:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-07-23 08:23 . 2008-05-06 08:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-07-23 08:23 . 2001-04-19 17:34 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-07-23 08:23 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-07-22 17:09 . 2008-07-22 17:11 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-07-22 17:04 . 2008-07-22 17:05 <DIR> d-------- C:\Program Files\Easy Video Joiner
2008-07-21 20:18 . 2008-07-21 20:18 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-07-21 16:33 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 15:40 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-19 15:30 --------- d-----w C:\Program Files\GoD
2008-08-19 12:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-19 08:10 --------- d-----w C:\Program Files\English Translator 3
2008-08-18 12:31 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\uTorrent
2008-08-11 14:16 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-07 11:59 --------- d-----w C:\Program Files\AutoConnect
2008-08-04 07:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-02 13:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 13:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 11:58 128 --sha-w C:\Program Files\desktop.ini
2008-07-29 15:04 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-28 06:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-27 18:20 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\MegauploadToolbar
2008-07-21 06:05 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\DMCache
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 15:21 --------- d-----w C:\Program Files\Easy CD-DA Extractor 11
2008-07-17 19:22 --------- d-----w C:\Program Files\MSECache
2008-07-14 15:03 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\Obsidium
2008-07-14 14:55 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\Skype
2008-07-14 14:09 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\skypePM
2008-07-14 13:20 --------- d-----w C:\Program Files\MSBuild
2008-07-11 17:22 62,464 ------w C:\WINDOWS\system32\pdfgenm.dll
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 14:36 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\Gadu-Gadu
2008-06-25 13:47 --------- d-----w C:\Program Files\%temp&
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-29 14:32 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-19 12:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008051220080519\index.dat
2008-05-19 12:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008051920080520\index.dat
.
------- Sigcheck -------
2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-09 14:28 529408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 11:06 1443072]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-11-03 06:48 779776]
C:\Documents and Settings\Wojciech\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Wojciech^Menu Start^Programy^Autostart^RocketDock.lnk]
path=C:\Documents and Settings\Wojciech\Menu Start\Programy\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Wojciech^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\z-WrDialer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 22:51 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"pdfFactory Dyspozytor v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:*:Disabled:GoD High Port
"8462:TCP"= 8462:TCP:*:Disabled:GoD Low Port
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:51]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 15:00]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-29 16:32]
S3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]
2008-08-21 C:\WINDOWS\Tasks\1-Klik Konserwacja.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]
2008-08-21 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-04-09 13:22]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\aum3k5e3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 12:19:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Completion time: 2008-08-21 12:20:30
ComboFix-quarantined-files.txt 2008-08-21 10:20:24
Pre-Run: 25,035,763,712 bajtów wolnych
Post-Run: 25,055,301,632 bajtów wolnych
245 --- E O F --- 2008-08-19 14:42:27
[/quote]
