Z góry za pomoc wielkie dzięki.
Log z hijackthis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:09, on 2008-03-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MoorHunt\MoorHunt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir.exe?menu/fwl_index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9D11527-FB1D-482D-8961-B67D02581C88}: NameServer = 192.168.1.1,194.204.152.34
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9681 bytes
i jeszcze z combofix:
- Kod: Zaznacz wszystko
ComboFix 08-03-30.3 - Ja 2008-03-31 10:29:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1454 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dbcbefdf_d.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 09:49 . 2008-03-31 09:54 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Command & Conquer 3 Kane's Wrath
2008-03-31 09:48 . 2008-03-31 09:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-27 21:43 . 2008-03-27 21:43 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\Black Sea Studios
2008-03-27 20:54 . 2008-03-27 20:54 <DIR> d-------- C:\Program Files\Black Sea Studios
2008-03-27 20:23 . 2008-03-27 20:23 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-26 16:07 . 2008-03-26 16:07 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\Talkback
2008-03-26 08:00 . 2008-03-26 08:00 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-25 21:13 . 2008-03-25 21:13 <DIR> d-------- C:\Program Files\podatki.pl
2008-03-25 21:05 . 2008-03-25 21:05 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\AdobeUM
2008-03-25 20:14 . 2008-03-25 20:14 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\Talkback
2008-03-25 19:02 . 2008-03-25 19:02 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\Talkback
2008-03-25 14:41 . 2008-03-25 14:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 14:41 . 2008-03-25 14:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-25 14:03 . 2008-03-25 14:03 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Talkback
2008-03-25 13:48 . 2008-03-25 13:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 22:48 . 2007-03-21 21:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-03-24 22:08 . 2008-03-24 22:09 <DIR> d-------- C:\Program Files\Executive Software
2008-03-24 21:56 . 2008-03-24 21:56 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-24 21:56 . 2008-03-24 22:38 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-24 21:29 . 2008-03-27 16:08 <DIR> d-------- C:\Program Files\MoorHunt
2008-03-24 21:06 . 2008-03-24 22:49 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-03-24 21:05 . 2008-03-24 22:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-24 21:05 . 2008-03-24 22:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-24 21:05 . 2008-03-24 22:32 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-24 21:05 . 2008-03-24 22:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-24 21:04 . 2008-03-24 22:32 <DIR> d-------- C:\Program Files\Symantec
2008-03-24 21:04 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-24 17:59 . 2008-03-24 18:00 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\U3
2008-03-23 20:50 . 2008-03-23 20:54 <DIR> d-------- C:\WINDOWS\Caps
2008-03-23 20:31 . 2008-03-23 20:31 62 --a------ C:\WINDOWS\MyProg.ini
2008-03-23 20:23 . 2008-03-23 20:26 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Hide IP NG
2008-03-23 18:44 . 2008-03-23 18:44 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\U3
2008-03-22 17:27 . 2008-03-22 17:27 23 --a------ C:\WINDOWS\system32\dacdcb8_d.ocx
2008-03-21 14:13 . 2008-03-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-03-19 19:50 . 2006-09-13 19:19 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-19 19:50 . 2006-09-13 19:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-19 19:50 . 2006-09-13 19:17 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-19 14:16 . 2008-03-19 14:16 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Nokia Multimedia Player
2008-03-18 18:12 . 2008-03-18 18:27 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\AdobeUM
2008-03-17 17:00 . 2008-03-18 18:59 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-16 20:36 . 2008-03-16 20:36 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Command & Conquer 3 Tiberium Wars
2008-03-15 15:21 . 2008-03-23 20:39 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\HideIP
2008-03-14 22:17 . 2008-03-14 22:17 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\Media Player Classic
2008-03-14 22:17 . 2008-03-14 22:17 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\DivX
2008-03-14 22:14 . 2008-03-14 22:14 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\Nokia Multimedia Player
2008-03-14 12:46 . 2008-03-14 12:46 <DIR> d-------- C:\Program Files\MagicISO
2008-03-13 14:22 . 2008-03-13 14:22 <DIR> d-------- C:\Program Files\Damian Pasternak
2008-03-10 13:27 . 2008-03-10 13:27 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-09 22:27 . 2008-03-09 22:27 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-09 22:27 . 2008-03-09 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-09 20:14 . 1999-01-20 06:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-03-09 20:14 . 1999-11-12 06:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-03-09 20:11 . 2008-03-09 20:11 <DIR> d-------- C:\Program Files\Cartall
2008-03-06 09:39 . 2008-03-06 09:39 <DIR> d---s---- C:\Documents and Settings\Ja\UserData
2008-03-04 19:43 . 2008-03-04 19:43 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\Media Player Classic
2008-03-04 17:10 . 2008-03-04 17:10 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\foobar2000
2008-03-04 15:09 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-04 15:07 . 2008-03-04 15:07 <DIR> dr-h----- C:\Documents and Settings\Kamil\Dane aplikacji\SecuROM
2008-03-04 08:21 . 2008-03-18 10:40 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\uTorrent
2008-03-02 19:00 . 2008-03-02 19:00 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Ubisoft
2008-03-02 19:00 . 2008-03-02 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-03-02 18:53 . 2008-03-02 18:53 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-02 18:53 . 2008-03-02 18:53 <DIR> d-------- C:\Program Files\QuickTime
2008-03-02 18:53 . 2008-03-02 21:25 1,838 --a------ C:\WINDOWS\system32\jhcisz.KEY
2008-03-02 18:52 . 2007-12-07 02:48 619,008 --a------ C:\WINDOWS\system32\XFlower.dll
2008-03-02 18:40 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-02 18:40 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-02 18:40 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-02 18:40 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-02 17:17 . 2008-03-02 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-03-01 17:19 . 2008-03-01 17:19 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-01 17:19 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-01 17:17 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-01 17:17 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-01 17:17 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-01 17:16 . 2008-03-01 17:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-29 22:28 . 2008-02-29 22:28 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-02-29 22:28 . 2008-02-29 22:28 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\teamspeak2
2008-02-29 22:28 . 2008-02-29 22:28 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-02-28 18:11 . 2008-03-26 16:06 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\Orbit
2008-02-27 18:15 . 2008-03-25 20:13 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\Orbit
2008-02-27 08:43 . 2008-03-27 20:23 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\Orbit
2008-02-26 19:18 . 2008-03-27 21:11 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\Orbit
2008-02-26 18:41 . 2008-02-26 18:41 <DIR> d-------- C:\Program Files\MarBit
2008-02-26 11:55 . 2008-02-26 11:55 <DIR> d-------- C:\Documents and Settings\Ja\dwhelper
2008-02-25 20:20 . 2008-02-25 20:20 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\skypePM
2008-02-25 20:20 . 2008-02-25 20:20 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-25 20:18 . 2008-03-27 21:12 <DIR> d-------- C:\Program Files\Skype
2008-02-25 20:18 . 2008-02-25 20:28 <DIR> d-------- C:\Documents and Settings\Damian\Dane aplikacji\Skype
2008-02-25 20:17 . 2008-03-27 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-24 13:17 . 2008-02-24 13:17 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-02-24 13:17 . 2008-02-24 13:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 13:17 . 2008-02-24 13:18 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-24 11:24 . 2008-02-24 11:25 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-02-23 13:39 . 2008-02-23 13:39 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-20 18:43 . 2008-02-20 18:43 <DIR> d-------- C:\Program Files\CCleaner
2008-02-18 13:45 . 2008-02-18 13:48 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-18 13:44 . 2008-02-18 13:44 <DIR> d-------- C:\Documents and Settings\Ja\SystemRequirementsLab
2008-02-16 23:14 . 2008-02-16 23:14 <DIR> d-------- C:\WINDOWS\Sun
2008-02-16 23:13 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 06:57 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\foobar2000
2008-03-30 16:43 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-28 12:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 18:23 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-14 17:51 --------- d-----w C:\Program Files\ASUS
2008-02-05 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-05 07:05 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-05 07:05 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-04 19:55 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-02-04 19:53 --------- d-----w C:\Program Files\foobar2000
2008-02-04 19:52 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
2008-02-04 19:41 --------- d-----w C:\Program Files\My Company Name
2008-02-04 19:29 --------- d-----w C:\Program Files\Realtek
2008-02-04 18:38 --------- d-----w C:\Program Files\Usługi online
2008-01-18 20:19 607,744 ----a-w C:\WINDOWS\system32\x264vfw.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 00:48 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-02-17 13:19 368 --sha-w C:\WINDOWS\system32\Windowsupdates\updatefiles.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 10:42 380928]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 08:25 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 01:43 100864 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26943:TCP"= 26943:TCP:BitComet 26943 TCP
"26943:UDP"= 26943:UDP:BitComet 26943 UDP
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 11:06]
S3 atidgllk;atidgllk;C:\WINDOWS\atidgllk.sys [2005-10-20 10:29]
S3 cpuz126;cpuz126;C:\DOCUME~1\Ja\USTAWI~1\Temp\cpuz.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 19:19]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NATServices REG_MULTI_SZ NATServices
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
C:\WINDOWS\system32\Windowsupdates\Windupdate.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 20:55:14 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Ja.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 10:31:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-31 10:31:40
ComboFix-quarantined-files.txt 2008-03-31 08:31:25
Pre-Run: 7,788,081,152 bajtów wolnych
Post-Run: 7,780,433,920 bajtów wolnych
.
2008-03-26 06:02:15 --- E O F ---
