z wirusem?

[Siaju]

Zauważyłem pewien niepokojący fakt. Na moim komputerze pojawiają się (filmy,zdjęcia) które nie powinny tam być. A mianowicie, jestem wieczorem przy komputerze. Wyłączam go, rano go włączam wchodzę w winampa, a tam zamiast mojej listy piosenek pornol Zdarzyło się to już 2 razy i niemożliwe żeby ktoś to ściągał. Podejrzewam wirus, ale nie jestem pewien. Film a raczej klip jest krótki ma do 30 sekund. Nie wiem co robić pomóżcie

[Dzi@dek]

Wstaw logi na co czekasz
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[Siaju]

ComboFix 07-12-18.1 - ppp 2007-12-18 13:51:25.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.185 [GMT 1:00]
Running from: C:\Documents and Settings\ppp\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-11 22:16 . 2007-12-11 22:16 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2007-12-11 22:16 . 2007-12-11 22:16 <DIR> d-------- C:\Program Files\Ringz Studio
2007-12-11 22:16 . 2007-12-11 22:16 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2007-12-11 22:11 . 2007-12-11 22:11 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.04

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 11:54 --------- d-----w C:\Program Files\Neostrada TP
2007-12-18 07:56 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\MegauploadToolbar
2007-12-17 18:11 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\gtk-2.0
2007-12-17 08:16 --------- d-----w C:\Program Files\BitComet
2007-12-12 19:11 --------- d-----w C:\Program Files\Valve
2007-11-15 20:16 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 14:57 162,432 ----a-w C:\WINDOWS\system32\drivers\ithsgt.sys
2007-11-07 14:57 12,032 ----a-w C:\WINDOWS\system32\drivers\lilsgt.sys
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-08 12:55 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-17 19:48 45,120 ----a-w C:\Documents and Settings\ppp\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-02-12 14:10 92,064 ----a-w C:\Documents and Settings\ppp\mqdmmdm.sys
2007-02-12 14:10 9,232 ----a-w C:\Documents and Settings\ppp\mqdmmdfl.sys
2007-02-12 14:10 79,328 ----a-w C:\Documents and Settings\ppp\mqdmserd.sys
2007-02-12 14:10 66,656 ----a-w C:\Documents and Settings\ppp\mqdmbus.sys
2007-02-12 14:10 6,208 ----a-w C:\Documents and Settings\ppp\mqdmcmnt.sys
2007-02-12 14:10 5,936 ----a-w C:\Documents and Settings\ppp\mqdmwhnt.sys
2007-02-12 14:10 4,048 ----a-w C:\Documents and Settings\ppp\mqdmcr.sys
2007-02-12 14:10 25,600 ----a-w C:\Documents and Settings\ppp\usbsermptxp.sys
2007-02-12 14:10 22,768 ----a-w C:\Documents and Settings\ppp\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_225147.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-20 09:51:11 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 09:51:22 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 09:51:11 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 09:51:11 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:15:05 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 09:51:11 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 09:51:11 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 09:51:11 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 09:51:12 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 09:51:14 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 09:51:14 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 09:51:15 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:15:05 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:15:26 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 09:51:15 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 09:51:16 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 09:51:16 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 09:51:18 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 09:51:19 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 09:51:19 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 09:51:19 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 09:51:19 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 09:51:19 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 09:51:20 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 09:51:20 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 09:51:21 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 03:28:35 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 03:28:40 216,288 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 03:28:33 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 03:28:58 723,680 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 03:29:50 386,784 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2007-08-21 06:26:10 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 03:28:35 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 03:28:40 216,288 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 03:28:33 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 03:28:58 723,680 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 03:29:50 386,784 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2006-03-02 12:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:21:30 216,288 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:21:41 386,784 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-03-09 11:51:37 265,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
+ 2007-05-16 15:18:58 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 03:28:40 216,288 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2006-12-19 21:51:04 8,482,304 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 03:28:39 216,288 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 03:29:49 386,784 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-06-18 22:24:36 368,640 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2007-06-27 14:08:46 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2006-10-17 10:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-06-27 14:08:47 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2006-10-17 10:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-06-27 14:08:47 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-06-27 14:08:48 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-06-27 14:08:49 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-06-27 14:08:52 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-06-27 14:09:08 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-06-27 14:09:08 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-06-27 14:09:09 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-06-27 08:30:06 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-06-27 14:09:13 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-06-27 14:09:15 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-06-27 14:09:15 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-07-19 06:58:15 3,583,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-06-27 14:09:26 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-06-27 14:09:26 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-06-27 14:09:29 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-06-27 14:09:30 102,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 03:28:40 216,288 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-06-27 14:09:32 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-06-27 14:09:39 1,152,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-06-27 14:09:40 232,960 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-06-27 14:09:42 823,808 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
+ 2007-08-20 10:01:33 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:01:33 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:01:33 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:01:33 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:24:19 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:01:33 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:01:33 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:01:33 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:01:33 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:01:34 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:01:34 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:01:34 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:24:19 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:24:36 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:01:34 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:01:34 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:01:34 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 10:01:35 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:01:35 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:01:35 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:01:35 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:01:35 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 03:28:40 216,288 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:01:35 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:01:35 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:01:35 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:01:35 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-08 12:53:56 25,622 ----a-r C:\WINDOWS\Installer\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}\fifapc.exe
- 2007-06-27 14:08:46 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:52:52 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-03-06 08:41:02 73,728 ----a-w C:\WINDOWS\system32\AMV_DecDLL.dll
+ 2006-03-06 09:41:02 73,728 ----a-w C:\WINDOWS\system32\AMV_DecDLL.dll
- 2007-06-27 14:08:46 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:52:52 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-10-17 10:57:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:52:52 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-27 14:08:47 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:52:52 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:52:52 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-06-27 08:27:04 63,488 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 11:02:59 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-06-27 14:08:47 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:52:52 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-06-27 14:08:48 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:52:53 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-06-27 07:00:33 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-06-27 14:08:49 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:52:53 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-06-27 14:08:52 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:52:53 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-27 14:09:08 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-10-10 23:52:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-06-27 14:09:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:52:54 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-06-27 14:09:09 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-10-10 23:52:54 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-06-27 08:30:06 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 11:03:09 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-05-16 15:18:58 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-27 14:09:13 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:52:54 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-27 14:09:15 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:52:54 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-06-27 14:09:15 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:52:54 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-07-19 06:58:15 3,583,488 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:26:29 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-27 14:09:26 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:52:56 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-27 14:09:26 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:52:56 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-27 14:09:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:52:56 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-27 14:09:30 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:52:56 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2005-08-30 03:56:13 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-03-02 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:20:23 582,656 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-12-19 21:51:04 8,482,304 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:44:11 8,488,960 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-27 14:09:32 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:52:56 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-27 14:09:39 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:52:57 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-27 14:09:40 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:52:57 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-06-27 14:09:42 823,808 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:52:57 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-20 05:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-09-08 17:07:20 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-10-11 17:07:01 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2004-07-31 16:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2006-10-17 10:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:52:52 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-27 14:08:47 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:52:52 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2005-03-22 15:29:36 5,120 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 2006-10-17 10:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:52:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:02:59 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-06-27 14:08:47 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:52:52 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-06-27 14:08:48 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:52:53 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-06-27 14:08:49 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:52:53 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-06-27 14:08:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:52:53 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-06-27 14:09:08 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:52:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-27 14:09:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:52:54 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-06-27 14:09:09 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:52:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2002-10-23 07:56:26 746,496 ----a-w C:\WINDOWS\system32\ir50_32.dll
- 2007-06-27 14:09:13 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:52:54 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-09-03 22:10:30 54,960 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2007-05-02 10:32:04 182,512 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2007-06-11 20:04:36 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
- 2007-04-13 21:06:57 48,238 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-10-08 12:48:18 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2006-11-10 14:49:52 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-04-30 15:11:28 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
- 2006-09-03 12:11:18 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-04-30 14:08:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
- 2006-09-03 12:13:02 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-04-30 14:30:38 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2006-11-10 15:15:52 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-04-30 14:05:32 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
- 2006-11-10 14:49:32 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-04-30 15:11:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2006-11-10 14:49:40 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-04-30 15:11:24 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2006-11-10 14:49:56 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-04-30 15:11:30 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-05-02 10:31:46 383,216 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020022.exe
- 2006-11-10 14:49:28 73,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-04-30 14:33:00 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
- 2006-11-10 14:49:22 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-04-30 14:29:00 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
- 2006-11-10 14:49:24 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-04-30 14:33:00 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-27 14:09:15 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:52:54 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-06-27 14:09:15 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:52:54 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-07-19 06:58:15 3,583,488 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:26:29 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-27 14:09:26 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:52:56 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-27 14:09:26 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:52:56 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-27 14:09:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:52:56 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2003-04-25 09:22:16 65,536 ----a-w C:\WINDOWS\system32\MZP4_DEC.DLL
- 2007-06-27 14:09:30 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:52:56 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-09-20 20:44:54 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-18 11:57:24 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-20 20:44:54 50,336 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-12-18 11:57:24 50,336 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-09-20 20:44:54 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-18 11:57:24 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-09-20 20:44:54 358,390 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-12-18 11:57:24 358,390 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2003-06-05 19:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
- 2006-03-02 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:20:23 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2006-12-19 21:51:04 8,482,304 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:44:11 8,488,960 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-04-27 15:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
- 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-05-22 09:02:22 163,840 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2003-05-15 06:39:50 155,136 ----a-w C:\WINDOWS\system32\unrar.dll
- 2007-06-27 14:09:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:52:56 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-27 14:09:39 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:52:57 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2002-05-15 04:58:38 122,880 ----a-w C:\WINDOWS\system32\v2k2_dec.dll
+ 2004-02-02 09:15:20 102,400 ----a-w C:\WINDOWS\system32\v2kdspde.dll
+ 1999-10-29 18:36:44 278,016 ----a-w C:\WINDOWS\system32\vct3216.dll
+ 2003-05-05 20:02:52 446,464 ----a-w C:\WINDOWS\system32\vp31vfw.dll
+ 2004-12-10 02:03:02 438,272 ----a-w C:\WINDOWS\system32\vp6vfw.dll
+ 2005-03-08 07:24:32 655,360 ----a-w C:\WINDOWS\system32\vp7vfw.dll
- 2007-06-27 14:09:40 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:52:57 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-06-27 14:09:42 823,808 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:52:57 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-03-09 11:51:37 265,216 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:28 368,640 ----a-w C:\WINDOWS\system32\xpsp3res.dll
- 2007-06-28 16:52:18 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2005-01-16 03:47:48 745,472 ----a-w C:\WINDOWS\system32\xvidcore.dll
- 2007-06-28 16:54:10 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2005-01-16 03:49:50 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 21:42]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 14:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-26 16:22]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:07]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-12-11 22:16]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 13:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ppp^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]
path=C:\Documents and Settings\ppp\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 18:38 35328 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
2003-10-16 18:07 24576 --a------ C:\PROGRA~1\NEOSTR~1\CnxMon.exe

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-11-07 15:57]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-11-07 15:57]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76d61f3a-8e2e-11dc-89ba-000e50e9f1fb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 13:53:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Gadu-Gadu\ggwhook.dll
.
Completion time: 2007-12-18 13:53:46
C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:52
C:\ComboFix2.txt ... 2007-09-20 21:52
C:\ComboFix3.txt ... 2007-09-05 16:30
.
2007-12-12 22:42:46 --- E O F ---

[wojtas]

wklej do notatnika:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76d61f3a-8e2e-11dc-89ba-000e50e9f1fb}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[Siaju]

Ok zrobiłem coś dalej robić? Czy to już wystarczy?

[wojtas]

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

czytaj dokonca

[Siaju]

Wrzucam wszystko

SDFix: Version 1.118

Run by ppp on 2007-12-18 at 15:59

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 16:05:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4b41b350
"s2"=dword:7f59a913
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:08,74,40,e7,3e,cf,0a,6d,43,c8,dc,29,a4,cc,08,e5,07,98,bc,52,60,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,5c,18,b3,d7,3c,8e,e1,0a,a4,33,9d,9e,90,50,40,10,..
"khjeh"=hex:a4,90,c4,32,16,8c,7b,11,4e,ad,5b,57,04,a4,6a,bb,ef,6d,70,4e,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f8,e8,3d,f9,1c,44,4c,aa,c6,15,1f,6f,29,12,60,20,0e,69,28,7d,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:08,74,40,e7,3e,cf,0a,6d,43,c8,dc,29,a4,cc,08,e5,07,98,bc,52,60,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,5c,18,b3,d7,3c,8e,e1,0a,a4,33,9d,9e,90,50,40,10,..
"khjeh"=hex:a4,90,c4,32,16,8c,7b,11,4e,ad,5b,57,04,a4,6a,bb,ef,6d,70,4e,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f8,e8,3d,f9,1c,44,4c,aa,c6,15,1f,6f,29,12,60,20,0e,69,28,7d,99,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Disabled:Gadu-Gadu - program glowny"
"E:\\Program Files\\Valve\\hl.exe"="E:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 28 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 9 Jun 2007 223,744 ...H. --- "C:\Documents and Settings\ppp\Pulpit\~WRL2959.tmp"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 16:13:55, on 2007-12-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ppp\Pulpit\Gry\inne\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - G:\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\\MP3 Player Utilities 4.04\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BED7097-EC42-4E4E-8F39-3704CFE35BFE}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BED7097-EC42-4E4E-8F39-3704CFE35BFE}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



ComboFix 07-12-18.1 - ppp 2007-12-18 18:31:09.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\ppp\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-18 15:59 . 2007-12-18 15:59 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-11 22:16 . 2007-12-11 22:16 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2007-12-11 22:16 . 2007-12-11 22:16 <DIR> d-------- C:\Program Files\Ringz Studio
2007-12-11 22:16 . 2007-12-11 22:16 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2007-12-11 22:11 . 2007-12-11 22:11 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.04

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 16:21 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\MegauploadToolbar
2007-12-18 15:45 --------- d-----w C:\Program Files\Neostrada TP
2007-12-17 18:11 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\gtk-2.0
2007-12-17 08:16 --------- d-----w C:\Program Files\BitComet
2007-12-12 19:11 --------- d-----w C:\Program Files\Valve
2007-11-15 20:16 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 14:57 162,432 ----a-w C:\WINDOWS\system32\drivers\ithsgt.sys
2007-11-07 14:57 12,032 ----a-w C:\WINDOWS\system32\drivers\lilsgt.sys
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-08 12:55 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-17 19:48 45,120 ----a-w C:\Documents and Settings\ppp\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-02-12 14:10 92,064 ----a-w C:\Documents and Settings\ppp\mqdmmdm.sys
2007-02-12 14:10 9,232 ----a-w C:\Documents and Settings\ppp\mqdmmdfl.sys
2007-02-12 14:10 79,328 ----a-w C:\Documents and Settings\ppp\mqdmserd.sys
2007-02-12 14:10 66,656 ----a-w C:\Documents and Settings\ppp\mqdmbus.sys
2007-02-12 14:10 6,208 ----a-w C:\Documents and Settings\ppp\mqdmcmnt.sys
2007-02-12 14:10 5,936 ----a-w C:\Documents and Settings\ppp\mqdmwhnt.sys
2007-02-12 14:10 4,048 ----a-w C:\Documents and Settings\ppp\mqdmcr.sys
2007-02-12 14:10 25,600 ----a-w C:\Documents and Settings\ppp\usbsermptxp.sys
2007-02-12 14:10 22,768 ----a-w C:\Documents and Settings\ppp\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2007-12-18_13.53.15,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-13 12:23:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-18 14:59:29 8,646,656 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-18 14:59:29 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-13 12:23:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-18 14:59:22 8,646,656 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-18 14:59:22 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-12-18 11:57:24 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-18 15:08:52 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-18 11:57:24 50,336 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-12-18 15:08:52 50,336 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-12-18 11:57:24 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-18 15:08:52 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-18 11:57:24 358,390 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-12-18 15:08:52 358,390 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 21:42]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 14:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-26 16:22]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:07]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-12-11 22:16]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 13:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ppp^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]
path=C:\Documents and Settings\ppp\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 18:38 35328 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
2003-10-16 18:07 24576 --a------ C:\PROGRA~1\NEOSTR~1\CnxMon.exe

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-11-07 15:57]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-11-07 15:57]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 18:33:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-18 18:33:43
C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:52
C:\ComboFix2.txt ... 2007-12-18 13:53
C:\ComboFix3.txt ... 2007-09-20 21:52
.
2007-12-12 22:42:46 --- E O F ---

[wojtas]

skasuj te wpisy:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O9 - Extra button: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)

Autor postu otrzymał pochwałę