Oto logi wskazane przez Ciebie.Pozdrawiam.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:33, on 2008-02-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Weather Clock\WeatherClock.exe
C:\WINDOWS\explorer.exe
D:\PROGRAMY ANTYWIRUSOWE\USUWA WIRUSY\HiJackThis-narzędzie dom wykonywania loga\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C89619B6-80B5-447E-88FA-F973147237EA}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 3288 bytes
SDFix: Version 1.141
Run by Wojciech on 2008-02-13 at 10:05
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 10:11:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:60,4e,71,c8,f6,e8,63,23,72,0b,24,7c,04,01,66,4e,03,80,d8,bb,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:45,54,d4,c5,a5,e1,1b,d9,39,71,5e,65,b7,11,69,91,ba,8c,33,0e,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,91,03,e9,7a,1e,14,d8,71,b1,93,5e,d9,0f,35,a3,79,37,..
"khjeh"=hex:b1,06,f1,e1,ba,57,b7,fc,18,89,c0,17,84,97,4b,50,ed,50,90,cf,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,ad,15,af,ca,f3,7e,9b,59,44,73,0e,fb,e7,35,37,d7,4d,7d,e5,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ce,08,a0,5b,82,15,ca,83,a0,26,42,72,bf,7a,01,2f,1f,ff,c2,7a,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:60,4e,71,c8,f6,e8,63,23,72,0b,24,7c,04,01,66,4e,03,80,d8,bb,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:45,54,d4,c5,a5,e1,1b,d9,39,71,5e,65,b7,11,69,91,ba,8c,33,0e,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,91,03,e9,7a,1e,14,d8,71,b1,93,5e,d9,0f,35,a3,79,37,..
"khjeh"=hex:b1,06,f1,e1,ba,57,b7,fc,18,89,c0,17,84,97,4b,50,ed,50,90,cf,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,ad,15,af,ca,f3,7e,9b,59,44,73,0e,fb,e7,35,37,d7,4d,7d,e5,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ce,08,a0,5b,82,15,ca,83,a0,26,42,72,bf,7a,01,2f,1f,ff,c2,7a,a3,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120% Corporate"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Files with Hidden Attributes:
Finished!
ComboFix 08-02-13.2 - Wojciech 2008-02-13 10:17:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.149 [GMT 1:00]
Running from: C:\Documents and Settings\Wojciech\Pulpit\RÓŻNE\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-13 10:04 . 2008-02-13 10:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-13 08:35 . 2008-02-13 10:13 <DIR> d-------- C:\SDFix
2008-02-13 06:15 . 2008-02-13 06:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 14:44 . 2008-02-12 14:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-02-12 14:44 . 2004-08-23 13:20 158,720 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-02-12 14:44 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-02-12 08:34 . 2008-02-12 08:34 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Lavasoft
2008-02-12 07:38 . 2008-02-12 07:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-12 07:38 . 2008-02-12 07:38 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\DAEMON Tools
2008-02-11 18:09 . 2004-02-26 11:46 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-02-11 15:59 . 2008-02-11 15:59 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Gadu-Gadu
2008-02-11 15:57 . 2008-02-11 15:30 1,047 --a------ C:\alarms.ini
2008-02-11 15:57 . 2008-02-11 15:57 490 --a------ C:\Setting.ini
2008-02-11 15:44 . 2008-02-11 15:44 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\GlarySoft
2008-02-11 15:39 . 2008-02-11 15:55 <DIR> d-------- C:\Program Files\Glary Utilities
2008-02-11 09:03 . 2008-02-12 10:08 <DIR> d-------- C:\Program Files\Mgtweak
2008-02-11 08:51 . 2008-02-11 16:00 1,324 --a------ C:\WINDOWS\mgutil_reg.ini
2008-02-11 08:51 . 2008-02-11 09:44 81 --a------ C:\WINDOWS\mgutil_win.ini
2008-02-11 08:50 . 2008-02-11 16:01 <DIR> d-------- C:\Program Files\Mgutil
2008-02-10 17:29 . 2008-02-10 17:29 <DIR> d-------- C:\Program Files\ToniArts
2008-02-06 15:43 . 2008-02-11 15:58 <DIR> d-------- C:\Program Files\Weather Clock
2008-02-06 11:26 . 2008-02-06 11:27 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Weather Clock
2008-02-05 17:55 . 2008-02-05 17:55 <DIR> d-------- C:\progdvb
2008-02-05 17:34 . 2008-02-07 09:23 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Winamp
2008-02-05 16:40 . 2008-02-05 17:35 <DIR> d-------- C:\Program Files\Winamp
2008-02-02 17:25 . 2008-02-11 15:43 <DIR> d-------- C:\Program Files\DownloaderGB
2008-02-02 17:25 . 2004-03-08 23:00 167,968 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-02 17:25 . 2005-05-07 11:01 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-02 17:25 . 1998-08-04 23:00 150,528 --a------ C:\WINDOWS\system32\MSCMCIT.DLL
2008-02-02 17:25 . 2006-05-03 21:11 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-02-02 17:25 . 2000-10-01 23:00 122,128 --a------ C:\WINDOWS\system32\VB6IT.DLL
2008-02-02 17:25 . 1998-08-04 23:00 33,792 --a------ C:\WINDOWS\system32\CMDLGIT.DLL
2008-02-02 17:25 . 1998-08-04 23:00 21,504 --a------ C:\WINDOWS\system32\MSMSKIT.DLL
2008-02-02 17:25 . 1998-08-04 23:00 15,872 --a------ C:\WINDOWS\system32\INETIT.DLL
2008-01-31 14:51 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-30 15:53 . 2008-01-31 18:11 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-30 15:53 . 2008-01-31 18:11 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-29 11:50 . 2008-02-12 07:35 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 16:16 . 2008-01-28 16:16 <DIR> d-------- C:\Program Files\MSECache
2008-01-27 16:19 . 2008-01-27 16:19 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-27 16:19 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-27 11:21 . 2008-01-27 11:21 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Image Zone Express
2008-01-26 16:36 . 2008-01-26 16:36 31,296 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-26 16:26 . 2008-01-26 16:26 <DIR> d-------- C:\Program Files\Google
2008-01-25 08:12 . 2008-01-25 08:12 <DIR> d-------- C:\WINDOWS\Sun
2008-01-21 17:53 . 2008-01-21 17:59 <DIR> d-------- C:\Program Files\Audio Record Expert
2008-01-21 09:50 . 2008-01-21 09:50 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11
2008-01-21 09:50 . 2008-01-29 17:36 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-01-21 07:40 . 2008-01-21 07:58 <DIR> d-------- C:\Program Files\Screamer Radio
2008-01-19 11:45 . 2008-02-12 10:09 1,662 --a------ C:\WINDOWS\mgreg.ini
2008-01-19 11:42 . 2008-02-11 15:16 297 --a------ C:\WINDOWS\mgwin.ini
2008-01-19 10:55 . 2008-01-19 10:55 <DIR> d-------- C:\Program Files\VIA
2008-01-16 16:59 . 2008-01-16 16:59 <DIR> d-------- C:\Program Files\PITy
2008-01-15 14:12 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-14 09:00 . 2008-01-14 09:00 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-01-13 20:42 . 2008-01-13 20:42 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-01-13 16:39 . 2008-01-12 09:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-01-13 16:39 . 2008-01-12 10:16 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-01-13 15:26 . 2008-01-13 15:26 <DIR> d-------- C:\Program Files\MWSnap
2008-01-13 14:34 . 2008-02-07 07:02 <DIR> d-------- C:\Program Files\Chameleon Clock
2008-01-13 14:28 . 2008-01-13 14:28 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 09:29 8,540,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-13 09:29 572,448 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-13 09:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-13 09:28 55,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-13 09:28 118,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-13 07:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 07:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-13 07:10 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-11 14:43 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-02-11 14:43 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-04 17:16 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\Skype
2008-02-04 16:52 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\skypePM
2008-02-01 05:28 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-29 16:36 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-01-12 19:20 --------- d-----w C:\Program Files\Lavalys
2008-01-12 19:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 16:41 --------- d-----w C:\Program Files\S3
2008-01-12 13:47 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\URSoft
2008-01-12 13:00 --------- d-----w C:\Program Files\HP
2008-01-12 13:00 --------- d-----w C:\Program Files\Common Files\HP
2008-01-12 12:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-12 12:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-01-12 12:44 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\HP
2008-01-12 12:41 --------- d-----w C:\Program Files\Java
2008-01-12 12:38 --------- d-----w C:\Program Files\Common Files\Java
2008-01-12 12:06 --------- d-----w C:\Program Files\CCleaner
2008-01-12 11:56 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\TuneUp Software
2008-01-12 11:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-01-12 11:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 11:08 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-12 11:05 --------- d-----w C:\Program Files\Skype
2008-01-12 11:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-12 11:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-12 10:19 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-12 09:47 --------- d-----w C:\Program Files\Nero
2008-01-12 09:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 09:39 --------- d-----w C:\Documents and Settings\Wojciech\Dane aplikacji\Talkback
2008-01-12 09:10 --------- d-----w C:\Program Files\Realtek AC97
2008-01-12 08:50 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-12 08:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-12 08:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-12 08:24 --------- d-----w C:\Program Files\Usługi online
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"WeatherClock"="C:\Program Files\Weather Clock\WeatherClock.exe" [2007-12-05 21:35 2259968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeAlarm]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 15:20 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-22 09:42 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2005-03-11 10:33 147456 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe
R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2000-11-28 21:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-27 16:19]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07ac4eba-d8b3-11dc-8e2f-00e04c86074c}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:28:43 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-11 06:32:38 C:\WINDOWS\Tasks\1-Klik Konserwacja.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-11 14:51:20 C:\WINDOWS\Tasks\glaryoneclickoptimizer.job"
- C:\Program Files\Glary Utilities\oneclickoptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 10:29:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Weather Clock\Clock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-13 10:31:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 09:31:44
.
2008-02-13 05:17:41 --- E O F ---
