Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Sprawdzenie Loga
11 Sie 2007, 17:16
Logfile of HijackThis v1.99.1
Scan saved at 17:14:17, on 2007-08-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Cos jest nie tak ostatnio wlanczam kompa a tu jakas nieznana aplikacja w procesach mi dziala
Scan saved at 17:14:17, on 2007-08-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Cos jest nie tak ostatnio wlanczam kompa a tu jakas nieznana aplikacja w procesach mi dziala
11 Sie 2007, 17:52
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
To raczej kosmetyka.
Log z Combofixa.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
To raczej kosmetyka.
Log z Combofixa.
11 Sie 2007, 18:11
masakra kasperski mi robaka wykryl w combofixie wiedzialem by tego gowna nie instalowac dzieki za robala
11 Sie 2007, 18:13
Aplikacja może być traktowana przez oprogramowanie antywirusowe, jako wirus. Należy dane komunikaty zignorować.
11 Sie 2007, 18:19
ComboFix 07-08-09.3 - "VampirLord" 2007-08-11 18:09:37.1 - NTFSx86
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\04DA2179
C:\Program Files\myglobalsearch\bar\Cache\04DA283F
C:\Program Files\myglobalsearch\bar\Cache\04DA2A04.bin
C:\Program Files\myglobalsearch\bar\Cache\04DA2CE3.bin
C:\Program Files\myglobalsearch\bar\Cache\04DA2E79.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\winsys.exe
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-11 18:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 17:32 <DIR> d-------- C:\Program Files\BearShare
2007-08-11 17:32 <DIR> d-------- C:\My Downloads
2007-08-11 07:32 <DIR> d-------- C:\Program Files\ALLPlayer
2007-08-11 06:01 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\uTorrent
2007-08-11 05:41 <DIR> d-------- C:\Program Files\Gothic III
2007-08-10 02:57 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-09 21:38 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-09 21:38 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-09 21:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-09 20:24 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-09 20:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-08 20:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-08 19:55 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2007-08-08 19:53 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-08 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-08-08 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-08-08 15:06 <DIR> d-------- C:\WINDOWS\NV2082752.TMP
2007-08-08 15:05 <DIR> d-------- C:\NVIDIA
2007-08-08 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-08-08 13:26 <DIR> d-------- C:\Program Files\Pcsx2
2007-08-08 07:54 <DIR> d-------- C:\Program Files\Bonjour
2007-08-08 07:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-08 07:43 <DIR> d-------- C:\Program Files\Photoshop
2007-08-08 06:51 <DIR> d-------- C:\Program Files\SnIco Edit
2007-08-05 19:36 <DIR> d-------- C:\Program Files\Xvid
2007-08-05 17:52 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-05 17:52 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Media Player Classic
2007-08-05 17:51 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-05 17:51 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-08-05 17:51 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-05 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-05 17:51 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-08-05 17:51 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-05 17:51 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-05 17:51 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-08-05 17:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-05 17:51 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-05 17:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-05 17:51 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-08-05 17:51 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-08-05 17:33 <DIR> d-------- C:\Program Files\cFosSpeed
2007-08-04 17:24 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-08-04 17:24 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-08-04 17:24 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-30 15:42 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-30 00:22 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-07-30 00:16 <DIR> d-------- C:\Program Files\EdHTMLv5.0
2007-07-28 16:59 <DIR> d-------- C:\Anime
2007-07-26 00:57 <DIR> d-------- C:\Program Files\eSkiMoS R2
2007-07-26 00:57 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\eSkiMoS R2
2007-07-24 20:00 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-24 12:54 <DIR> d-------- C:\Program Files\GoD
2007-07-22 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-07-19 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-19 17:31 845,312 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-19 17:31 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-19 17:31 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-19 17:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-19 17:31 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-19 17:31 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-19 17:31 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-19 17:31 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-07-19 00:32 23 --ahs---- C:\WINDOWS\system32\cbfc0_r.dll
2007-07-19 00:31 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-19 00:21 5 --ahs---- C:\WINDOWS\system32\cfdba6_g.dll
2007-07-16 00:54 <DIR> d-------- C:\Program Files\WMV to AVI MPEG DVD WMV Converter
2007-07-16 00:50 <DIR> d-------- C:\Program Files\WMV To VCD DVD MPEG Converter Pro
2007-07-16 00:38 <DIR> d-------- C:\Program Files\VirtualDubMod
2007-07-16 00:19 <DIR> d-------- C:\Program Files\IP CHECK
2007-07-15 22:47 <DIR> d-------- C:\Program Files\Scan Port
2007-07-14 19:03 <DIR> d-------- C:\Program Files\MarBit
2007-07-14 19:00 <DIR> d--hs---- C:\DOCUME~1\VAMPIR~1\UserData
2007-07-14 18:53 <DIR> d-------- C:\Program Files\DivX
2007-07-14 18:44 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Crystal Player
2007-07-12 16:13 <DIR> d-------- C:\Program Files\NetMeter
2007-07-12 14:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-11 22:09 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Canon
2007-07-11 22:04 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-11 22:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-11 22:03 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-11 22:03 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\ScanSoft
2007-07-11 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ScanSoft
2007-07-11 21:57 <DIR> d-------- C:\Program Files\OmniPageSE4.0
2007-07-11 21:55 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-07-11 21:55 <DIR> d-------- C:\Program Files\PhotoStudio 5.5
2007-07-11 21:53 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2007-07-11 21:53 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\DANEAP~1\CanonBJ
2007-07-11 21:52 57,344 --a------ C:\WINDOWS\system32\CNCI510.DLL
2007-07-11 21:52 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-11 21:52 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2007-07-11 21:52 135,168 --a------ C:\WINDOWS\system32\CNCL510.DLL
2007-07-11 21:52 106,496 --a------ C:\WINDOWS\system32\cnco510.dll
2007-07-11 21:52 1,298,432 --a------ C:\WINDOWS\system32\CNCC510.DLL
2007-07-11 21:52 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-07-11 21:52 <DIR> d--h----- C:\Program Files\CanonBJ
2007-07-11 21:51 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-07-11 21:51 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-11 21:51 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-07-11 21:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 18:13 480032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-11 18:13 43592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-11 18:13 139196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-11 18:13 10517280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-10 14:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 09:33 --------- d-------- C:\Program Files\SkanerOnline
2007-07-19 09:38 74230 --a------ C:\WINDOWS\system32\perfc015.dat
2007-07-19 09:38 448004 --a------ C:\WINDOWS\system32\perfh015.dat
2007-07-11 21:56 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-11 02:10 --------- d-------- C:\Program Files\Messenger
2007-07-11 00:05 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-11 00:05 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-10 23:29 --------- d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Gadu-Gadu
2007-07-10 23:26 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-10 23:24 --------- d-------- C:\Program Files\Kaspersky Anti-Virus 6.0
2007-07-10 23:15 --------- d-------- C:\Program Files\Nero
2007-07-10 23:14 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-10 23:00 --------- d-------- C:\Program Files\Realtek
2007-07-10 22:46 0 -rahs---- C:\MSDOS.SYS
2007-07-10 22:46 0 -rahs---- C:\IO.SYS
2007-07-10 22:46 0 --a------ C:\CONFIG.SYS
2007-07-10 22:46 0 --a------ C:\AUTOEXEC.BAT
2007-07-10 22:46 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-10 22:45 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-10 22:44 --------- d-------- C:\Program Files\Movie Maker
2007-07-10 22:44 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-10 22:43 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-10 22:43 --------- d-------- C:\Program Files\Windows NT
2007-07-10 22:43 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 17:19 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 17:18 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:18 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
--------- C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50]
"CBitSpirit"="C:\Program Files\BitSpirit\BitSpirit.exe" [2006-11-07 01:13]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-08-10 15:15:40 C:\WINDOWS\Tasks\1-Click Maintenance.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 18:15:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 18:16:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 18:16
--- E O F ---
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\04DA2179
C:\Program Files\myglobalsearch\bar\Cache\04DA283F
C:\Program Files\myglobalsearch\bar\Cache\04DA2A04.bin
C:\Program Files\myglobalsearch\bar\Cache\04DA2CE3.bin
C:\Program Files\myglobalsearch\bar\Cache\04DA2E79.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\winsys.exe
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-11 18:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 17:32 <DIR> d-------- C:\Program Files\BearShare
2007-08-11 17:32 <DIR> d-------- C:\My Downloads
2007-08-11 07:32 <DIR> d-------- C:\Program Files\ALLPlayer
2007-08-11 06:01 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\uTorrent
2007-08-11 05:41 <DIR> d-------- C:\Program Files\Gothic III
2007-08-10 02:57 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-09 21:38 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-09 21:38 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-09 21:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-09 20:24 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-09 20:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-08 20:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-08 19:55 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2007-08-08 19:53 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-08 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-08-08 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-08-08 15:06 <DIR> d-------- C:\WINDOWS\NV2082752.TMP
2007-08-08 15:05 <DIR> d-------- C:\NVIDIA
2007-08-08 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-08-08 13:26 <DIR> d-------- C:\Program Files\Pcsx2
2007-08-08 07:54 <DIR> d-------- C:\Program Files\Bonjour
2007-08-08 07:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-08 07:43 <DIR> d-------- C:\Program Files\Photoshop
2007-08-08 06:51 <DIR> d-------- C:\Program Files\SnIco Edit
2007-08-05 19:36 <DIR> d-------- C:\Program Files\Xvid
2007-08-05 17:52 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-05 17:52 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Media Player Classic
2007-08-05 17:51 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-05 17:51 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-08-05 17:51 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-05 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-05 17:51 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-08-05 17:51 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-05 17:51 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-05 17:51 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-08-05 17:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-05 17:51 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-05 17:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-05 17:51 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-08-05 17:51 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-08-05 17:33 <DIR> d-------- C:\Program Files\cFosSpeed
2007-08-04 17:24 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-08-04 17:24 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-08-04 17:24 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-30 15:42 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-30 00:22 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-07-30 00:16 <DIR> d-------- C:\Program Files\EdHTMLv5.0
2007-07-28 16:59 <DIR> d-------- C:\Anime
2007-07-26 00:57 <DIR> d-------- C:\Program Files\eSkiMoS R2
2007-07-26 00:57 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\eSkiMoS R2
2007-07-24 20:00 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-24 12:54 <DIR> d-------- C:\Program Files\GoD
2007-07-22 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-07-19 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-19 17:31 845,312 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-19 17:31 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-19 17:31 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-19 17:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-19 17:31 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-19 17:31 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-19 17:31 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-19 17:31 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-07-19 00:32 23 --ahs---- C:\WINDOWS\system32\cbfc0_r.dll
2007-07-19 00:31 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-19 00:21 5 --ahs---- C:\WINDOWS\system32\cfdba6_g.dll
2007-07-16 00:54 <DIR> d-------- C:\Program Files\WMV to AVI MPEG DVD WMV Converter
2007-07-16 00:50 <DIR> d-------- C:\Program Files\WMV To VCD DVD MPEG Converter Pro
2007-07-16 00:38 <DIR> d-------- C:\Program Files\VirtualDubMod
2007-07-16 00:19 <DIR> d-------- C:\Program Files\IP CHECK
2007-07-15 22:47 <DIR> d-------- C:\Program Files\Scan Port
2007-07-14 19:03 <DIR> d-------- C:\Program Files\MarBit
2007-07-14 19:00 <DIR> d--hs---- C:\DOCUME~1\VAMPIR~1\UserData
2007-07-14 18:53 <DIR> d-------- C:\Program Files\DivX
2007-07-14 18:44 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Crystal Player
2007-07-12 16:13 <DIR> d-------- C:\Program Files\NetMeter
2007-07-12 14:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-11 22:09 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Canon
2007-07-11 22:04 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-11 22:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-11 22:03 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-11 22:03 <DIR> d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\ScanSoft
2007-07-11 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ScanSoft
2007-07-11 21:57 <DIR> d-------- C:\Program Files\OmniPageSE4.0
2007-07-11 21:55 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-07-11 21:55 <DIR> d-------- C:\Program Files\PhotoStudio 5.5
2007-07-11 21:53 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2007-07-11 21:53 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\DANEAP~1\CanonBJ
2007-07-11 21:52 57,344 --a------ C:\WINDOWS\system32\CNCI510.DLL
2007-07-11 21:52 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-11 21:52 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2007-07-11 21:52 135,168 --a------ C:\WINDOWS\system32\CNCL510.DLL
2007-07-11 21:52 106,496 --a------ C:\WINDOWS\system32\cnco510.dll
2007-07-11 21:52 1,298,432 --a------ C:\WINDOWS\system32\CNCC510.DLL
2007-07-11 21:52 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-07-11 21:52 <DIR> d--h----- C:\Program Files\CanonBJ
2007-07-11 21:51 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-07-11 21:51 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-11 21:51 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-07-11 21:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 18:13 480032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-11 18:13 43592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-11 18:13 139196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-11 18:13 10517280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-10 14:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 09:33 --------- d-------- C:\Program Files\SkanerOnline
2007-07-19 09:38 74230 --a------ C:\WINDOWS\system32\perfc015.dat
2007-07-19 09:38 448004 --a------ C:\WINDOWS\system32\perfh015.dat
2007-07-11 21:56 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-11 02:10 --------- d-------- C:\Program Files\Messenger
2007-07-11 00:05 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-11 00:05 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-10 23:29 --------- d-------- C:\DOCUME~1\VAMPIR~1\DANEAP~1\Gadu-Gadu
2007-07-10 23:26 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-10 23:24 --------- d-------- C:\Program Files\Kaspersky Anti-Virus 6.0
2007-07-10 23:15 --------- d-------- C:\Program Files\Nero
2007-07-10 23:14 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-10 23:00 --------- d-------- C:\Program Files\Realtek
2007-07-10 22:46 0 -rahs---- C:\MSDOS.SYS
2007-07-10 22:46 0 -rahs---- C:\IO.SYS
2007-07-10 22:46 0 --a------ C:\CONFIG.SYS
2007-07-10 22:46 0 --a------ C:\AUTOEXEC.BAT
2007-07-10 22:46 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-10 22:45 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-10 22:44 --------- d-------- C:\Program Files\Movie Maker
2007-07-10 22:44 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-10 22:43 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-10 22:43 --------- d-------- C:\Program Files\Windows NT
2007-07-10 22:43 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 17:19 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 17:18 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:18 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
--------- C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50]
"CBitSpirit"="C:\Program Files\BitSpirit\BitSpirit.exe" [2006-11-07 01:13]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-08-10 15:15:40 C:\WINDOWS\Tasks\1-Click Maintenance.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 18:15:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 18:16:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 18:16
--- E O F ---
11 Sie 2007, 19:10
Usuneło Ci My Global Search czyli bardzo dobrze.
Reszta czysta jak na moje oko.
Reszta czysta jak na moje oko.
11 Sie 2007, 20:03
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
to mi w procesach siedzialo nei wiem nawet z kad to sie wzielo na dysku
z francuskiego znaczy witam
nie moge tego usunac pewnei jakis progam musze miec
lol hijack nie moze naprawic niektorych
czyli wedlug ciebie czysto xD hahaha
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
to mi w procesach siedzialo nei wiem nawet z kad to sie wzielo na dysku
z francuskiego znaczy witam
nie moge tego usunac pewnei jakis progam musze miec
lol hijack nie moze naprawic niektorych
czyli wedlug ciebie czysto xD hahaha
11 Sie 2007, 20:53
Ta aplikacja jest bezpieczna. Jeżeli mimo tego nie chcesz jej używać, odinstaluj ją programem Your Uninstaller.
Strony Microsoftu, które zostały zafixowane mogłby zostać. Chyba, że autorowi wątku są one niepotrzebne.
Poza tym logi wydają mi się czyste.
Strony Microsoftu, które zostały zafixowane mogłby zostać. Chyba, że autorowi wątku są one niepotrzebne.
Poza tym logi wydają mi się czyste.
11 Sie 2007, 23:56
jak moga byc te pliki czyste skoro widze je pierwszy raz nie sciagalem ich i mi siedzial ten bonjur w procesach jaka bezpieczna aplikacja tak sie zachowuje !!
12 Sie 2007, 12:13
Możesz pozbyć się tej aplikacji, np. usuwając programem Your Uninstaller.
12 Sie 2007, 19:10
@ VampirLord nie panikuj to są produkty M$ ,które zassałeś podczas updejtu poprawek.Jak ci nie pasują wywalasz i tyle. 
Ps. na moje oko są to jakieś dodatki muzyczne,że tak powiem ogólnie.
Ps. na moje oko są to jakieś dodatki muzyczne,że tak powiem ogólnie.