wyskakuje scren aplikacja mtmc.exe

**Posty:** 227 · przez **baryła** 07 Cze 2008, 08:52

Poproszę o sprawdzenie logów z hijack,combofix i sdfix.Pozdrawiam.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:20, on 2008-06-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\HIJACK\HiJackThis-narzędzie dom wykonywania loga\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--
End of file - 8795 bytes

ComboFix 08-06-06.6 - Wojciech 2008-06-07 8:31:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.145 [GMT 2:00]
Running from: C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
pv: No matching processes found
Składnia polecenia jest niepoprawna.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
-------\Service_Binary file SvcDump matches

((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 07:21 . 2008-06-07 07:34 <DIR> d-------- C:\SDFix
2008-06-06 06:56 . 2008-06-06 07:01 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\IDM
2008-06-06 06:56 . 2008-06-07 08:35 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\DMCache
2008-06-05 17:08 . 2008-06-06 07:11 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-06-05 17:07 . 2008-06-05 17:10 <DIR> d-------- C:\Program Files\Real
2008-06-05 15:09 . 2008-06-05 15:45 <DIR> d-------- C:\Program Files\Weather Watcher
2008-06-05 15:09 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2008-06-05 07:35 . 2008-06-05 07:35 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-04 19:07 . 2008-06-04 19:07 4,096 --ahs---- C:\VSNAP.IDX
2008-06-04 16:27 . 2008-06-04 16:27 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Symantec
2008-06-04 15:43 . 2008-06-04 15:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-04 15:43 . 2007-03-28 20:29 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2008-06-04 15:43 . 2007-03-28 20:49 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2008-06-04 15:43 . 2007-03-28 20:12 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-06-04 15:43 . 2007-03-28 20:29 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2008-06-04 15:43 . 2007-03-28 20:12 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-06-04 15:43 . 2007-03-28 20:23 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2008-06-04 15:42 . 2008-06-04 15:42 <DIR> d-------- C:\Program Files\Norton Ghost
2008-06-04 15:41 . 2008-06-04 15:41 <DIR> d-------- C:\Program Files\Symantec
2008-06-04 15:41 . 2008-06-04 15:42 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-04 15:41 . 2008-06-04 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-04 07:44 . 2008-06-04 07:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-03 16:47 . 2008-06-03 18:46 <DIR> d-------- C:\Program Files\Google
2008-06-03 11:18 . 2008-06-03 11:18 8,294,454 --a------ C:\WINDOWS\startup.bmp
2008-06-03 11:18 . 2008-04-14 22:50 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-06-03 11:12 . 2008-06-03 11:18 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-06-03 06:57 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-03 06:55 . 2008-06-03 06:55 <DIR> d-------- C:\Program Files\ESET
2008-06-02 17:11 . 2008-06-05 15:12 <DIR> d-------- C:\Program Files\GoD
2008-06-02 16:37 . 2008-06-02 16:37 <DIR> d-------- C:\Program Files\ToniArts
2008-06-01 17:26 . 2008-06-02 15:15 <DIR> d-------- C:\Program Files\DivX Free Codec
2008-06-01 16:33 . 2008-06-04 07:43 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-01 14:54 . 2008-06-01 14:54 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Media Player Classic
2008-06-01 14:53 . 2008-06-01 14:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-06-01 14:17 . 2008-06-01 14:17 <DIR> d-------- C:\Program Files\Winamp
2008-06-01 14:17 . 2008-06-03 15:26 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Winamp
2008-05-31 16:26 . 2008-06-05 14:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-30 07:39 . 2008-05-30 07:44 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-30 07:39 . 2008-06-03 11:49 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\MegauploadToolbar
2008-05-29 18:58 . 2008-05-29 18:58 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\ESET
2008-05-29 18:57 . 2008-05-29 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-29 16:32 . 2008-05-29 16:32 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-29 16:32 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-29 16:31 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-05-29 16:30 . 2008-05-29 16:32 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:44 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-05-28 16:39 . 2008-05-28 16:46 <DIR> d-------- C:\Program Files\Watermill 3D Screensaver
2008-05-28 15:28 . 2008-06-07 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-28 14:40 . 2008-05-28 14:40 <DIR> d-------- C:\WINDOWS\Sun
2008-05-27 17:45 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Ad Muncher
2008-05-27 07:55 . 2008-05-27 07:55 <DIR> d-------- C:\Program Files\Nero
2008-05-27 07:55 . 2008-05-27 07:55 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-27 07:55 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-05-27 07:55 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-05-27 07:55 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-05-27 07:55 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-27 07:55 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-05-26 14:39 . 2008-05-26 17:02 <DIR> d-------- C:\Program Files\XLView
2008-05-26 08:52 . 2008-05-26 08:52 <DIR> d-------- C:\Program Files\WinASO
2008-05-26 08:43 . 2008-05-26 16:20 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-24 17:33 . 2008-05-27 20:11 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\skypePM
2008-05-24 17:33 . 2008-05-24 17:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-24 17:31 . 2008-05-24 17:31 <DIR> d-------- C:\Program Files\Skype
2008-05-24 17:31 . 2008-05-24 17:31 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-24 17:31 . 2008-05-27 20:24 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Skype
2008-05-24 17:30 . 2008-05-24 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-05-24 14:56 . 2008-05-24 14:56 <DIR> d-------- C:\WINDOWS\system32\drivers\User_Port
2008-05-24 08:07 . 2008-05-24 08:07 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-05-24 07:54 . 2008-06-07 08:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-22 16:34 . 2008-05-22 16:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-22 16:33 . 2008-05-22 16:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-05-22 16:33 . 2008-05-22 16:33 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-05-22 16:33 . 2008-05-18 16:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-05-22 16:33 . 2008-06-07 08:35 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-05-22 16:33 . 2008-05-18 17:59 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-05-22 16:33 . 2008-05-18 17:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-05-22 16:33 . 2008-05-22 16:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-22 08:46 . 2008-05-22 08:46 <DIR> d-------- C:\Program Files\%temp&
2008-05-21 07:36 . 2008-05-21 07:39 <DIR> d-------- C:\Program Files\Screamer Radio
2008-05-21 07:13 . 2008-05-21 07:14 23 --a------ C:\WINDOWS\sys.dat
2008-05-21 07:04 . 2008-05-23 17:06 <DIR> d-------- C:\Program Files\BitComet
2008-05-21 07:04 . 2008-05-21 07:04 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-20 14:01 . 2008-05-19 14:13 211 --ahs---- C:\BOOT.BKK
2008-05-20 13:43 . 2008-05-20 13:43 <DIR> d-------- C:\Program Files\TGTSoft
2008-05-20 08:07 . 2008-05-20 08:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 08:05 . 2008-05-20 08:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-20 08:05 . 2008-05-20 08:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-19 15:40 . 2008-05-19 15:40 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-19 14:11 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-19 14:03 . 2008-05-19 14:03 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-19 14:02 . 2008-05-19 14:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-19 14:01 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-19 13:54 . 2008-05-19 13:54 <DIR> d-------- C:\WINDOWS\EHome
2008-05-19 13:40 . 2008-05-19 13:40 <DIR> d-------- C:\Program Files\Atlantis3D
2008-05-19 13:37 . 2008-05-19 13:37 <DIR> d-------- C:\Program Files\ScreenSaver.com
2008-05-19 13:37 . 2004-04-08 07:51 939,368 --a------ C:\WINDOWS\flash.ocx
2008-05-19 13:37 . 2005-04-12 17:43 659,456 --a------ C:\WINDOWS\3D Lake Cabin Full.scr
2008-05-19 11:06 . 2008-05-19 17:43 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\GlarySoft
2008-05-19 11:04 . 2008-05-19 11:04 <DIR> d-------- C:\Program Files\Glary Utilities
2008-05-19 10:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 10:49 . 2008-05-19 10:50 <DIR> d-------- C:\Program Files\Java
2008-05-19 10:46 . 2008-05-19 10:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 10:29 . 2008-06-05 18:45 <DIR> d-------- C:\Program Files\English Translator 3
2008-05-19 10:23 . 2008-05-19 10:23 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 10:13 . 2008-05-19 10:14 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-05-19 09:18 . 2008-05-19 09:18 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-19 09:17 . 2008-05-19 09:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-19 09:17 . 2008-05-19 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-05-19 09:14 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2008-05-19 09:13 . 2008-05-19 09:18 <DIR> d-------- C:\Program Files\HP
2008-05-19 09:13 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-19 09:12 . 2008-05-19 09:18 79,608 --a------ C:\WINDOWS\hpfins05.dat
2008-05-19 09:12 . 2005-05-24 05:19 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2008-05-19 09:11 . 2008-05-19 09:11 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\HP
2008-05-19 07:20 . 2008-05-19 07:20 <DIR> d-------- C:\Program Files\Lavalys
2008-05-19 07:07 . 2008-05-19 07:07 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\TuneUp Software
2008-05-19 07:05 . 2008-05-19 07:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 06:57 . 2008-05-19 06:57 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Nero
2008-05-19 06:54 . 2008-05-27 07:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-19 06:40 . 2008-05-19 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ad Muncher
2008-05-19 06:36 . 2008-05-19 06:36 <DIR> d-------- C:\Program Files\MWSnap
2008-05-19 06:34 . 2008-05-19 06:34 <DIR> d-------- C:\Program Files\MSECache
2008-05-19 06:32 . 2008-05-26 16:30 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-05-19 06:32 . 2008-05-19 06:32 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\URSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 06:28 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-03 09:18 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-02 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-18 14:54 --------- d-----w C:\Program Files\MSBuild
2008-05-18 14:54 --------- d-----w C:\Program Files\Microsoft Works
2008-05-18 14:46 --------- d-----w C:\Program Files\VIA
2008-05-18 14:46 --------- d-----w C:\Program Files\S3
2008-05-18 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-18 14:39 --------- d-----w C:\Program Files\Realtek AC97
2008-05-18 14:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-18 14:06 --------- d-----w C:\Program Files\Usługi online
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 3,559,424 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 99,328 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 4,647,936 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:00 2,447,616 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,324,480 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 98,816 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 641,024 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
.

------- Sigcheck -------

2007-12-07 03:58 825344 fc62b038aba1fdb8ba3d7c44cb487beb C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 11:32 668672 193f94d811881d00867aeb1d6780f44f C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-03-01 14:35 827392 b1db24042f335198ead97aaa675b1078 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-04 15:00 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:05 662016 37c7b292d6fcd9636d42c738cd288db8 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14 824832 01412a2abd1154b25d4f5b5450585bb3 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 15:02 826368 acb31b4ed243d4dffa5268f4ad2b0d6f C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 15:00 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 22:51 549888 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 22:51 549888 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\system32\winlogon.exe
2008-04-14 22:51 510464 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 15:00 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 21:59 2324480 15404abd2fc0b6d1ab187d9929b8056c C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 21:59 2324480 15404abd2fc0b6d1ab187d9929b8056c C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 21:59 2067200 4bba965664faa56b187c27f4cad7e7c5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 15:00 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 22:00 2447616 25a15808fc1245110be001bd59230b43 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 22:00 2447616 25a15808fc1245110be001bd59230b43 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 22:00 2190336 8ca14ecf04594eabbe93c9ff2e3cbfb1 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 22:51 1553408 bda7a4169bf5e1f3ee76b017396e4f47 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 15:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 22:51 1553408 bda7a4169bf5e1f3ee76b017396e4f47 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 22:51 1035264 c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 15:00 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51 25088 5336d3244305fd884215daf84d108566 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51 25088 5336d3244305fd884215daf84d108566 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 22:51 15360 1bd41eda5b869afc99895c39a8de36e1 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-09 14:28 529408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 25088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-06 06:56 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-11-03 06:48 779776]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
C:\PROGRA~1\DialNet\FPLICE~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
C:\Program Files\DialNet\winpppoverethernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-05-05 11:02 2334520 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 22:51 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 22:51 1826816 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\z-WrDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"DivX Free Codec"=C:\Program Files\DivX Free Codec\Divx Free Update.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25398:TCP"= 25398:TCP:BitComet 25398 TCP
"25398:UDP"= 25398:UDP:BitComet 25398 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 16:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:51]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-29 16:32]
S3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 06:35:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-07 06:35:11 C:\WINDOWS\Tasks\1-Klik Konserwacja.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-07 06:35:20 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 08:35:27
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Ad Muncher\AM28140.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-06-07 8:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 06:38:15

Pre-Run: 32,993,251,328 bajtów wolnych
Post-Run: 33,047,465,984 bajt˘w wolnych

417 --- E O F --- 2008-05-20 10:48:07

SDFix: Version 1.188
Run by Administrator on 2008-06-07 at 07:28

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\comsa32.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 07:31:53
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:41,47,ca,3a,6a,41,37,30,64,84,48,94,11,69,93,d2,e0,c6,09,76,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:41,47,ca,3a,6a,41,37,30,64,84,48,94,11,69,93,d2,e0,c6,09,76,5c,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"

Finished!

**Posty:** 8001 · przez **Okocza** 07 Cze 2008, 10:19

Kod: Zaznacz wszystko: C:\WINDOWS\system32\afinding.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\wserving.exe O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

to sfixuj w hijacku - potem wracasz z logami z Combofixa oraz Hijacka

**Posty:** 227 · przez **baryła** 07 Cze 2008, 11:00

Podpowiedz mi jak mam to zrobić bo jestem na razie w tym cienki.Pozdrawiam.

**Posty:** 8001 · przez **Okocza** 07 Cze 2008, 11:02

http://www.forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

w pkt 5 masz wszystko wyjaśnione

**Posty:** 227 · przez **baryła** 07 Cze 2008, 11:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:44, on 2008-06-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\HIJACK\HiJackThis-narzędzie dom wykonywania loga\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3EEBB15-114A-43CF-965F-8068A650EF65}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{00194833-678A-4F2B-9B50-24FAC837806B}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8421 bytes

ComboFix 08-06-06.6 - Wojciech 2008-06-07 11:14:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.161 [GMT 2:00]
Running from: C:\Documents and Settings\Wojciech\Pulpit\PROGRAMY ANTYWIRUSOWE\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
Składnia polecenia jest niepoprawna.

((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 07:21 . 2008-06-07 07:34 <DIR> d-------- C:\SDFix
2008-06-06 06:56 . 2008-06-06 07:01 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\IDM
2008-06-06 06:56 . 2008-06-07 10:48 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\DMCache
2008-06-05 17:08 . 2008-06-06 07:11 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-06-05 17:07 . 2008-06-05 17:10 <DIR> d-------- C:\Program Files\Real
2008-06-05 15:09 . 2008-06-05 15:45 <DIR> d-------- C:\Program Files\Weather Watcher
2008-06-05 15:09 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2008-06-05 07:35 . 2008-06-05 07:35 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-04 19:07 . 2008-06-04 19:07 4,096 --ahs---- C:\VSNAP.IDX
2008-06-04 16:27 . 2008-06-04 16:27 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Symantec
2008-06-04 15:43 . 2008-06-04 15:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-04 15:43 . 2007-03-28 20:29 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2008-06-04 15:43 . 2007-03-28 20:49 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2008-06-04 15:43 . 2007-03-28 20:12 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-06-04 15:43 . 2007-03-28 20:29 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2008-06-04 15:43 . 2007-03-28 20:12 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-06-04 15:43 . 2007-03-28 20:23 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2008-06-04 15:42 . 2008-06-04 15:42 <DIR> d-------- C:\Program Files\Norton Ghost
2008-06-04 15:41 . 2008-06-04 15:41 <DIR> d-------- C:\Program Files\Symantec
2008-06-04 15:41 . 2008-06-04 15:42 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-04 15:41 . 2008-06-04 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-04 07:44 . 2008-06-04 07:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-03 16:47 . 2008-06-03 18:46 <DIR> d-------- C:\Program Files\Google
2008-06-03 11:18 . 2008-06-03 11:18 8,294,454 --a------ C:\WINDOWS\startup.bmp
2008-06-03 11:18 . 2008-04-14 22:50 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-06-03 11:12 . 2008-06-03 11:18 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-06-03 06:57 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-03 06:55 . 2008-06-03 06:55 <DIR> d-------- C:\Program Files\ESET
2008-06-02 17:11 . 2008-06-05 15:12 <DIR> d-------- C:\Program Files\GoD
2008-06-02 16:37 . 2008-06-02 16:37 <DIR> d-------- C:\Program Files\ToniArts
2008-06-01 17:26 . 2008-06-02 15:15 <DIR> d-------- C:\Program Files\DivX Free Codec
2008-06-01 16:33 . 2008-06-04 07:43 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-01 14:54 . 2008-06-01 14:54 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Media Player Classic
2008-06-01 14:53 . 2008-06-01 14:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-06-01 14:17 . 2008-06-01 14:17 <DIR> d-------- C:\Program Files\Winamp
2008-06-01 14:17 . 2008-06-03 15:26 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Winamp
2008-05-31 16:26 . 2008-06-05 14:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-30 07:39 . 2008-05-30 07:44 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-30 07:39 . 2008-06-03 11:49 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\MegauploadToolbar
2008-05-29 18:58 . 2008-05-29 18:58 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\ESET
2008-05-29 18:57 . 2008-05-29 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-29 16:32 . 2008-05-29 16:32 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-29 16:32 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-29 16:31 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-05-29 16:30 . 2008-05-29 16:32 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:44 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-05-28 16:39 . 2008-05-28 16:46 <DIR> d-------- C:\Program Files\Watermill 3D Screensaver
2008-05-28 15:28 . 2008-06-07 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-28 14:40 . 2008-05-28 14:40 <DIR> d-------- C:\WINDOWS\Sun
2008-05-27 17:45 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Ad Muncher
2008-05-27 07:55 . 2008-05-27 07:55 <DIR> d-------- C:\Program Files\Nero
2008-05-27 07:55 . 2008-05-27 07:55 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-27 07:55 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-05-27 07:55 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-05-27 07:55 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-05-27 07:55 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-27 07:55 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-05-26 14:39 . 2008-05-26 17:02 <DIR> d-------- C:\Program Files\XLView
2008-05-26 08:52 . 2008-05-26 08:52 <DIR> d-------- C:\Program Files\WinASO
2008-05-26 08:43 . 2008-05-26 16:20 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-24 17:33 . 2008-05-27 20:11 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\skypePM
2008-05-24 17:33 . 2008-05-24 17:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-24 17:31 . 2008-05-24 17:31 <DIR> d-------- C:\Program Files\Skype
2008-05-24 17:31 . 2008-05-24 17:31 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-24 17:31 . 2008-05-27 20:24 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Skype
2008-05-24 17:30 . 2008-05-24 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-05-24 14:56 . 2008-05-24 14:56 <DIR> d-------- C:\WINDOWS\system32\drivers\User_Port
2008-05-24 08:07 . 2008-05-24 08:07 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-05-24 07:54 . 2008-06-07 08:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-22 16:34 . 2008-05-22 16:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-22 16:33 . 2008-06-07 11:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-05-22 16:33 . 2008-05-22 16:33 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-05-22 16:33 . 2008-05-18 16:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-05-22 16:33 . 2008-06-07 08:35 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-05-22 16:33 . 2008-05-18 17:59 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-05-22 16:33 . 2008-05-18 17:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-05-22 16:33 . 2008-05-22 16:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-22 08:46 . 2008-05-22 08:46 <DIR> d-------- C:\Program Files\%temp&
2008-05-21 07:36 . 2008-05-21 07:39 <DIR> d-------- C:\Program Files\Screamer Radio
2008-05-21 07:13 . 2008-05-21 07:14 23 --a------ C:\WINDOWS\sys.dat
2008-05-21 07:04 . 2008-05-23 17:06 <DIR> d-------- C:\Program Files\BitComet
2008-05-21 07:04 . 2008-05-21 07:04 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-20 14:01 . 2008-05-19 14:13 211 --ahs---- C:\BOOT.BKK
2008-05-20 13:43 . 2008-05-20 13:43 <DIR> d-------- C:\Program Files\TGTSoft
2008-05-20 08:07 . 2008-05-20 08:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 08:05 . 2008-05-20 08:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-20 08:05 . 2008-05-20 08:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-19 15:40 . 2008-05-19 15:40 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-19 14:11 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-19 14:03 . 2008-05-19 14:03 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-19 14:02 . 2008-05-19 14:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-19 14:01 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-19 13:54 . 2008-05-19 13:54 <DIR> d-------- C:\WINDOWS\EHome
2008-05-19 13:40 . 2008-05-19 13:40 <DIR> d-------- C:\Program Files\Atlantis3D
2008-05-19 13:37 . 2008-05-19 13:37 <DIR> d-------- C:\Program Files\ScreenSaver.com
2008-05-19 13:37 . 2004-04-08 07:51 939,368 --a------ C:\WINDOWS\flash.ocx
2008-05-19 13:37 . 2005-04-12 17:43 659,456 --a------ C:\WINDOWS\3D Lake Cabin Full.scr
2008-05-19 11:06 . 2008-05-19 17:43 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\GlarySoft
2008-05-19 11:04 . 2008-05-19 11:04 <DIR> d-------- C:\Program Files\Glary Utilities
2008-05-19 10:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 10:49 . 2008-05-19 10:50 <DIR> d-------- C:\Program Files\Java
2008-05-19 10:46 . 2008-05-19 10:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 10:29 . 2008-06-05 18:45 <DIR> d-------- C:\Program Files\English Translator 3
2008-05-19 10:23 . 2008-05-19 10:23 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 10:13 . 2008-05-19 10:14 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-05-19 09:18 . 2008-05-19 09:18 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-19 09:17 . 2008-05-19 09:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-19 09:17 . 2008-05-19 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-05-19 09:14 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2008-05-19 09:13 . 2008-05-19 09:18 <DIR> d-------- C:\Program Files\HP
2008-05-19 09:13 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-19 09:12 . 2008-05-19 09:18 79,608 --a------ C:\WINDOWS\hpfins05.dat
2008-05-19 09:12 . 2005-05-24 05:19 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2008-05-19 09:11 . 2008-05-19 09:11 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\HP
2008-05-19 07:20 . 2008-05-19 07:20 <DIR> d-------- C:\Program Files\Lavalys
2008-05-19 07:07 . 2008-05-19 07:07 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\TuneUp Software
2008-05-19 07:05 . 2008-05-19 07:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 06:57 . 2008-05-19 06:57 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\Nero
2008-05-19 06:54 . 2008-05-27 07:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-19 06:40 . 2008-05-19 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ad Muncher
2008-05-19 06:36 . 2008-05-19 06:36 <DIR> d-------- C:\Program Files\MWSnap
2008-05-19 06:34 . 2008-05-19 06:34 <DIR> d-------- C:\Program Files\MSECache
2008-05-19 06:32 . 2008-05-26 16:30 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-05-19 06:32 . 2008-05-19 06:32 <DIR> d-------- C:\Documents and Settings\Wojciech\Dane aplikacji\URSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 09:09 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-03 09:18 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-02 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-18 14:54 --------- d-----w C:\Program Files\MSBuild
2008-05-18 14:54 --------- d-----w C:\Program Files\Microsoft Works
2008-05-18 14:46 --------- d-----w C:\Program Files\VIA
2008-05-18 14:46 --------- d-----w C:\Program Files\S3
2008-05-18 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-18 14:39 --------- d-----w C:\Program Files\Realtek AC97
2008-05-18 14:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-18 14:06 --------- d-----w C:\Program Files\Usługi online
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 3,559,424 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 99,328 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 4,647,936 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:00 2,447,616 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,324,480 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 98,816 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 641,024 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
.

------- Sigcheck -------

2007-12-07 03:58 825344 fc62b038aba1fdb8ba3d7c44cb487beb C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 11:32 668672 193f94d811881d00867aeb1d6780f44f C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-03-01 14:35 827392 b1db24042f335198ead97aaa675b1078 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-04 15:00 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:05 662016 37c7b292d6fcd9636d42c738cd288db8 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14 824832 01412a2abd1154b25d4f5b5450585bb3 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02 927744 95a3b3f8759a04b02414aa41e73a1159 C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 15:02 826368 acb31b4ed243d4dffa5268f4ad2b0d6f C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 15:00 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 22:51 549888 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 22:51 549888 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\system32\winlogon.exe
2008-04-14 22:51 510464 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 15:00 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 21:59 2324480 15404abd2fc0b6d1ab187d9929b8056c C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 21:59 2324480 15404abd2fc0b6d1ab187d9929b8056c C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 21:59 2067200 4bba965664faa56b187c27f4cad7e7c5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 15:00 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 22:00 2447616 25a15808fc1245110be001bd59230b43 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 22:00 2447616 25a15808fc1245110be001bd59230b43 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 22:00 2190336 8ca14ecf04594eabbe93c9ff2e3cbfb1 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 22:51 1553408 bda7a4169bf5e1f3ee76b017396e4f47 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 15:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 22:51 1553408 bda7a4169bf5e1f3ee76b017396e4f47 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 22:51 1035264 c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 15:00 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51 25088 5336d3244305fd884215daf84d108566 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51 25088 5336d3244305fd884215daf84d108566 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 22:51 15360 1bd41eda5b869afc99895c39a8de36e1 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-07_ 8.38.02.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 06:35:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 08:41:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 08:41:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_20c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-09 14:28 529408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 25088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-06 06:56 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-11-03 06:48 779776]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
C:\PROGRA~1\DialNet\FPLICE~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
C:\Program Files\DialNet\winpppoverethernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-05-05 11:02 2334520 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 22:51 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 22:51 1826816 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\z-WrDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"DivX Free Codec"=C:\Program Files\DivX Free Codec\Divx Free Update.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25398:TCP"= 25398:TCP:BitComet 25398 TCP
"25398:UDP"= 25398:UDP:BitComet 25398 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 16:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:51]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-29 16:32]
S3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 09:00:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-07 09:00:01 C:\WINDOWS\Tasks\1-Klik Konserwacja.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-07 08:41:27 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 11:16:39
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 11:18:24
ComboFix-quarantined-files.txt 2008-06-07 09:18:20
ComboFix2.txt 2008-06-07 06:38:22

Pre-Run: 36,591,013,888 bajtów wolnych
Post-Run: 36,580,691,968 bajtów wolnych

389 --- E O F --- 2008-05-20 10:48:07

**Posty:** 8001 · przez **Okocza** 07 Cze 2008, 11:28

Używasz Ad-Aware ?? jeśli nie to sfixuj to w hijacku

Kod: Zaznacz wszystko: O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)

poza tym:

Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

wyskakuje scren aplikacja mtmc.exe

Wyskakuje scren aplikacja mtmc.exe

Kto jest na forum