HijackThis log (need help again)

(2 Pages)
1
2
→

You cannot start a new topic
You cannot reply to this topic

HijackThis log (need help again)

#1 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 23 November 2008 - 02:00 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:30, on 2008-11-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - C:\WINDOWS\system32\SystemHper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\WINDOWS\system32\SystemHper.dll,Install
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7532 bytes

everything ok with my pc? i've scanned it with NOD-32, Spybot search and destroy, MBAM, ad-aware and Uniblue RegistryBooster 2. I had a keylogger but im not 100% sure if it was deleted.

This post has been edited by Marcelek: 29 November 2008 - 09:56 AM

Back to top of the page up there ^
MultiQuote
Reply

#2 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 24 November 2008 - 07:28 PM

Hello Marcelek,

Welcome to BFC

Looks like it's still there, and your system has been compromised.

http://www.threatexp...68ca5e7d256abdd

The safest and surest thing you can do would be to save your most important data, then reformat and reinstall. If you choose not to do this I cannot promise you a secure system, even after the password stealer is removed. Please let me know what you've chosen to do.

Regards,
tea

Back to top of the page up there ^
MultiQuote
Reply

#3 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 25 November 2008 - 02:05 PM

Thanks teacup61 for your reply. I will try to use the method i found in internet how to remove this virus and post logs again, coz reinstalling pc is the last thing i would do

This post has been edited by Marcelek: 25 November 2008 - 02:26 PM

Back to top of the page up there ^
MultiQuote
Reply

#4 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 25 November 2008 - 03:50 PM

not actual, check the post below please

This post has been edited by Marcelek: 25 November 2008 - 05:34 PM

Back to top of the page up there ^
MultiQuote
Reply

#5 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 25 November 2008 - 05:34 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:07, on 2008-11-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7760 bytes

I have downloaded KASPERSKY Antivirus and scanned my pc, well it probably removed the keylogger but im still not 100% sure - this is the newest log

Back to top of the page up there ^
MultiQuote
Reply

#6 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 25 November 2008 - 10:06 PM

Hello,

Just as long as you understand you need to change all your passwords when we're sure it's gone. They're all known.

I'd like to have a bit deeper look, given the seriousness, to be sure there are no other nasties lurking:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

Back to top of the page up there ^
MultiQuote
Reply

#7 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 26 November 2008 - 08:01 AM

ComboFix 08-11-26.03 - Marcel 2008-11-26 8:52:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1511 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marcel\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-25 17:31 . 2008-11-25 17:39 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-25 17:31 . 2008-11-25 17:31 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-25 17:30 . 2008-11-25 17:30 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-25 17:30 . 2008-11-26 08:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-25 17:30 . 2008-11-26 08:55 2,279,456 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-25 17:30 . 2008-11-26 08:56 294,944 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-25 17:30 . 2008-11-26 08:55 19,936 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-25 17:30 . 2008-11-26 08:56 2,088 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-25 17:26 . 2008-11-25 17:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-25 16:43 . 2008-11-25 16:43 0 --a------ C:\backup.reg
2008-11-25 15:52 . 2008-11-25 16:20 <DIR> d-------- C:\MGtools
2008-11-25 15:52 . 2008-11-25 16:20 49,331 --a------ C:\MGlogs.zip
2008-11-25 15:52 . 2005-01-14 03:41 11,254 --a------ c:\windows\system32\locate.com
2008-11-25 15:00 . 2008-11-25 15:00 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2008-11-23 14:52 . 2008-11-23 14:52 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\documents and settings\Marcel\Dane aplikacji\Malwarebytes
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-11-23 14:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 14:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 14:01 . 2008-11-25 17:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-23 14:01 . 2008-11-25 17:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-23 13:35 . 2008-11-23 13:35 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 13:35 . 2008-11-23 13:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-11-23 09:44 . 2008-11-23 09:44 <DIR> d-------- c:\program files\ADSLNet
2008-11-10 21:08 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-10 21:08 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-10 21:08 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-10 21:08 . 2004-08-04 00:38 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 12:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 07:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-11-14 21:28 --------- d-----w c:\program files\World of Warcraft
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:42 --------- d-----w c:\documents and settings\Marcel\Dane aplikacji\Tibia
2008-10-17 15:38 --------- d-----w c:\program files\TibiaBot NG76
2008-10-17 06:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 13:46 --------- d-----w c:\program files\Diablo II
2008-10-10 09:10 --------- d-----w c:\program files\DivX
2008-10-04 08:25 --------- d-----w c:\program files\Tibia
2008-10-04 08:24 --------- d-----w c:\program files\TibiaCam TV Lite
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-06-15 18:48 66,936 --sha-w c:\windows\dlinfo_0.drv
.

((((((((((((((((((((((((((((( snapshot@2008-11-25_16.32.22.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-07-21 17:34:36 121,872 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2008-01-29 17:29:38 32,784 ----a-w c:\windows\system32\drivers\klbg.sys
+ 2008-11-25 16:30:19 213,008 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-04-30 17:06:48 24,592 ----a-w c:\windows\system32\drivers\klim5.sys
+ 2008-07-29 19:20:00 24,774 ----a-w c:\windows\system32\drivers\klopp.dat
+ 2008-07-29 19:21:42 218,376 ----a-w c:\windows\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam81\\TibiCAM.exe"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam811\\TibiCAM.exe"=
"c:\\Program Files\\Metin2_UK\\metin2.bin"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam80\\TibiCAM.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Diablo\\diablo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Marcel\Dane aplikacji\Mozilla\Firefox\Profiles\9l88l17i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 08:56:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\GTGina.dll

- - - - - - - > 'lsass.exe'(1660)
c:\windows\system32\imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-26 8:57:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-26 07:57:54
ComboFix2.txt 2008-11-25 15:32:37
ComboFix3.txt 2008-11-25 15:07:49

Przed: 155 426 586 624 bajtów wolnych
Po: 155,442,257,920 bajtów wolnych

188 --- E O F --- 2008-11-16 07:52:39

_________________________________________________________
HijackTHIS
_________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01:07, on 2008-11-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7636 bytes

Looking forward for good news

Back to top of the page up there ^
MultiQuote
Reply

#8 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 26 November 2008 - 08:22 AM

Hi,

Do you happen to have the first report from ComboFix? Did it remove anything the first time you ran it? The HijackThis log looks clean but for a couple of clutter lines. How is it running?

Back to top of the page up there ^
MultiQuote
Reply

#9 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 26 November 2008 - 08:36 AM

Well the first report from ComboFix was replaced with this one so I don't have it anymore. I don't think it deleted anything because I used a script to check my pc in "wowsystemcode" and then when I ve used KASPERSKY it found keylogger but then I deleted it with kaspersky (atleast I think it deleted that crap klog)

I think everything is ok for now.

Thanks

EDIT: Found the 1st log

ComboFix 08-11-24.03 - Marcel 2008-11-25 16:28:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1533 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marcel\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Marcel\Pulpit\CFscript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active

.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-25 15:52 . 2008-11-25 16:20 <DIR> d-------- C:\MGtools
2008-11-25 15:52 . 2008-11-25 16:20 49,331 --a------ C:\MGlogs.zip
2008-11-25 15:52 . 2005-01-14 03:41 11,254 --a------ c:\windows\system32\locate.com
2008-11-25 15:00 . 2008-11-25 15:00 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2008-11-23 14:52 . 2008-11-23 14:52 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\documents and settings\Marcel\Dane aplikacji\Malwarebytes
2008-11-23 14:12 . 2008-11-23 14:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-11-23 14:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 14:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 14:01 . 2008-11-23 14:01 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-23 14:01 . 2008-11-23 14:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-23 13:35 . 2008-11-23 13:35 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 13:35 . 2008-11-23 13:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-11-23 09:44 . 2008-11-23 09:44 <DIR> d-------- c:\program files\ADSLNet
2008-11-22 11:57 . 2008-11-22 11:57 65,536 --a------ c:\windows\system32\SystemHper.dll
2008-11-10 21:08 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-10 21:08 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-10 21:08 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-10 21:08 . 2004-08-04 00:38 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 12:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 07:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-11-14 21:28 --------- d-----w c:\program files\World of Warcraft
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:42 --------- d-----w c:\documents and settings\Marcel\Dane aplikacji\Tibia
2008-10-17 15:38 --------- d-----w c:\program files\TibiaBot NG76
2008-10-17 06:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 13:46 --------- d-----w c:\program files\Diablo II
2008-10-10 09:10 --------- d-----w c:\program files\DivX
2008-10-04 08:25 --------- d-----w c:\program files\Tibia
2008-10-04 08:24 --------- d-----w c:\program files\TibiaCam TV Lite
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-06-15 18:48 66,936 --sha-w c:\windows\dlinfo_0.drv
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-10 949376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemHelp"="c:\windows\system32\SystemHper.dll" [2008-11-22 65536]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam81\\TibiCAM.exe"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam811\\TibiCAM.exe"=
"c:\\Program Files\\Metin2_UK\\metin2.bin"=
"c:\\Documents and Settings\\Marcel\\Pulpit\\TibiCam80\\TibiCAM.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Diablo\\diablo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

*Newly Created Service* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 16:30:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\GTGina.dll

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-25 16:32:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-25 15:32:34
ComboFix2.txt 2008-11-25 15:07:49

Przed: 155 687 194 624 bajtów wolnych
Po: 155,673,657,344 bajtów wolnych

This post has been edited by Marcelek: 26 November 2008 - 08:39 AM

Back to top of the page up there ^
MultiQuote
Reply

#10 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 26 November 2008 - 08:46 AM

That's okay. I just wanted to see if it removed anything the first go round.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Eveything running all right?

Back to top of the page up there ^
MultiQuote
Reply

#11 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 26 November 2008 - 08:57 AM

Did everything you mentioned.

I found

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

and fixed it with all browsers and windows closed except HijackThis

So far everything is ok

Back to top of the page up there ^
MultiQuote
Reply

#12 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 26 November 2008 - 09:33 AM

Excellent. :thumbsup:

Your Java is out of date, which leaves your computer vulnerable.

Updating Java

Download the latest version of Java Runtime Environment (JRE) 6_u_10.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Have a read here: http://mvps.org/winh...02/unwanted.htm

Be sure to change all your passwords and keep any eye on any online accounts you might have for nefarious activity.

Take care!
tea

Back to top of the page up there ^
MultiQuote
Reply

#13 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 26 November 2008 - 09:40 AM

Thank you for everything! You are really a professional

Back to top of the page up there ^
MultiQuote
Reply

#14 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 27 November 2008 - 12:45 PM

You're most welcome.

Take care! Posted Image

tea

Back to top of the page up there ^
MultiQuote
Reply

#15 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 29 November 2008 - 09:57 AM

This time my brother needs help

Combofix logs:

ComboFix 08-11-28.03 - Ameraigo 2008-11-29 10:38:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.697Uruchomiony z: c:\documents and settings\Ameraigo\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Amerigo\Dane aplikacji\BITS
c:\documents and settings\Amerigo\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Amerigo\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Amerigo\Dane aplikacji\BITS\ProxyList.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 09:12 . 2008-11-29 09:12 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-29 09:12 . 2008-11-29 09:12 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-29 09:11 . 2008-11-29 09:11 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-29 09:11 . 2008-11-29 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-29 09:11 . 2008-11-29 10:43 2,007,072 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-29 09:11 . 2008-11-29 10:43 188,448 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-29 09:11 . 2008-11-29 10:43 16,760 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-29 09:11 . 2008-11-29 10:43 1,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-29 09:02 . 2008-11-29 09:02 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-23 08:56 . 2004-10-15 18:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2008-11-23 08:56 . 2004-10-15 18:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2008-11-23 08:56 . 2004-10-15 18:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2008-11-23 08:55 . 2008-11-23 08:55 <DIR> d-------- c:\program files\Sygate
2008-11-23 08:55 . 2008-11-23 08:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 13:09 . 2008-11-28 18:00 <DIR> d-------- c:\program files\Norton Security Scan
2008-11-14 13:09 . 2008-11-28 18:04 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-13 15:03 . 2008-11-13 15:03 <DIR> d-------- c:\documents and settings\Ameraigo\Dane aplikacji\CyberLink
2008-11-12 17:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 21:50 . 2008-11-07 22:52 <DIR> d-------- c:\program files\9Dragons

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 14:17 --------- d-----w c:\program files\Gadu-Gadu
2008-11-14 13:07 --------- d-----w c:\program files\World of Warcraft
2008-11-08 11:47 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-11-06 20:47 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\Skype
2008-11-04 21:18 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\skypePM
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:07 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Skype
2008-10-22 14:06 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\skypePM
2008-10-19 21:30 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-19 18:03 --------- d-----w c:\program files\Warcraft III
2008-10-19 14:19 --------- d-----w c:\program files\Garena
2008-10-17 17:00 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\teamspeak2
2008-10-17 14:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 13:49 --------- d-----w c:\program files\Valve
2008-10-15 12:22 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Teeworlds
2008-10-12 20:49 --------- d-----w c:\program files\Plato Video To 3GP Converter
2008-10-12 19:21 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Winamp
2008-10-08 12:55 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Gadu-Gadu
2008-10-06 13:23 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Ventrilo
2008-10-04 08:21 --------- d-----w c:\program files\Common Files\Adobe
2008-09-23 13:20 454 ----a-w c:\program files\Skrót do Adobe.lnk
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-10 14:17 2,829 ----a-w c:\windows\War3Unin.pif
2008-09-10 14:17 139,264 ----a-w c:\windows\War3Unin.exe
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 16:26 298,104 ----a-w c:\windows\system32\imon.dll
2008-08-29 16:21 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4"CTFMON.EXE"="c:\windows\system32\ctfmon.exe""Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe""Steam"="c:\program files\Valve\Steam\Steam.exe""MSMSGS"="c:\program files\Messenger\msmsgs.exe""wltray.exe"="c:\windows\system32\wltray.exe""SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe""NeroFilterCheck"="c:\windows\system32\NeroCheck.exe""RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe""LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe""ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe""NvCplDaemon"="c:\windows\system32\NvCpl.dll""NvMediaCenter"="c:\windows\system32\NvMcTray.dll""WinampAgent"="c:\program files\Winamp\winampa.exe""Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""SmcService"="c:\progra~1\Sygate\SPF\smc.exe""AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe""RTHDCPL"="RTHDCPL.EXE""nwiz"="nwiz.exe""CTFMON.EXE"="c:\windows\system32\CTFMON.EXE"path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup--------- 2004-08-03 23:55 1667584 c:\program files\Messenger\msmsgs.exe"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001"DisableMonitoring"=dword:00000001"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Rohan\\rohanclient.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\seyju\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"="3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sysR3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sysR3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sysR3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sysS3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt.
Zawartość folderu 'Zaplanowane zadania'

2008-11-28 c:\windows\Tasks\Norton Security Scan for Ameraigo.job
- c:\program files\Norton Security Scan\Nss.exe.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Ameraigo\Dane aplikacji\Mozilla\Firefox\Profiles\z5anim4h.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 10:45:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt""ImagePath"=""
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-29 10:46:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-29 09:46:54

Przed: 185 685 905 408 bajtów wolnych
Po: 188,954,370,048 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exetimeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWSc:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

420 --- E O F --- 2008-11-12 20:39:33

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:30, on 2008-11-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run:C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run:"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run:C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run:"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run:"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run:RTHDCPL.EXE
O4 - HKLM\..\Run:C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run:RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run:nwiz.exe /install
O4 - HKLM\..\Run:RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run:"C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run:"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run:C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run:"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run:C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run:"C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run:"C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run:"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run:C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5797 bytes

Back to top of the page up there ^
MultiQuote
Reply

#16 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 29 November 2008 - 09:59 AM

2nd combofix scan:

ComboFix 08-11-28.03 - Ameraigo 2008-11-29 10:48:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.681Uruchomiony z: c:\documents and settings\Ameraigo\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 09:12 . 2008-11-29 09:12 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-29 09:12 . 2008-11-29 09:12 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-29 09:11 . 2008-11-29 09:11 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-29 09:11 . 2008-11-29 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-29 09:11 . 2008-11-29 10:43 2,007,072 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-29 09:11 . 2008-11-29 10:43 188,448 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-29 09:11 . 2008-11-29 10:43 16,760 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-29 09:11 . 2008-11-29 10:43 1,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-29 09:02 . 2008-11-29 09:02 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-23 08:56 . 2004-10-15 18:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2008-11-23 08:56 . 2004-10-15 18:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2008-11-23 08:56 . 2004-10-15 18:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2008-11-23 08:56 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2008-11-23 08:55 . 2008-11-23 08:55 <DIR> d-------- c:\program files\Sygate
2008-11-23 08:55 . 2008-11-23 08:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 13:09 . 2008-11-28 18:00 <DIR> d-------- c:\program files\Norton Security Scan
2008-11-14 13:09 . 2008-11-28 18:04 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-13 15:03 . 2008-11-13 15:03 <DIR> d-------- c:\documents and settings\Ameraigo\Dane aplikacji\CyberLink
2008-11-12 17:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 21:50 . 2008-11-07 22:52 <DIR> d-------- c:\program files\9Dragons

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 14:17 --------- d-----w c:\program files\Gadu-Gadu
2008-11-14 13:07 --------- d-----w c:\program files\World of Warcraft
2008-11-08 11:47 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-11-06 20:47 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\Skype
2008-11-04 21:18 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\skypePM
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:07 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Skype
2008-10-22 14:06 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\skypePM
2008-10-19 21:30 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-19 18:03 --------- d-----w c:\program files\Warcraft III
2008-10-19 14:19 --------- d-----w c:\program files\Garena
2008-10-17 17:00 --------- d-----w c:\documents and settings\Amerigo\Dane aplikacji\teamspeak2
2008-10-17 14:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 13:49 --------- d-----w c:\program files\Valve
2008-10-15 12:22 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Teeworlds
2008-10-12 20:49 --------- d-----w c:\program files\Plato Video To 3GP Converter
2008-10-12 19:21 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Winamp
2008-10-08 12:55 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Gadu-Gadu
2008-10-06 13:23 --------- d-----w c:\documents and settings\Ameraigo\Dane aplikacji\Ventrilo
2008-10-04 08:21 --------- d-----w c:\program files\Common Files\Adobe
2008-09-23 13:20 454 ----a-w c:\program files\Skrót do Adobe.lnk
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-10 14:17 2,829 ----a-w c:\windows\War3Unin.pif
2008-09-10 14:17 139,264 ----a-w c:\windows\War3Unin.exe
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 16:26 298,104 ----a-w c:\windows\system32\imon.dll
2008-08-29 16:21 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4"CTFMON.EXE"="c:\windows\system32\ctfmon.exe""Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe""Steam"="c:\program files\Valve\Steam\Steam.exe""MSMSGS"="c:\program files\Messenger\msmsgs.exe""wltray.exe"="c:\windows\system32\wltray.exe""SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe""NeroFilterCheck"="c:\windows\system32\NeroCheck.exe""RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe""LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe""ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe""NvCplDaemon"="c:\windows\system32\NvCpl.dll""NvMediaCenter"="c:\windows\system32\NvMcTray.dll""WinampAgent"="c:\program files\Winamp\winampa.exe""Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""SmcService"="c:\progra~1\Sygate\SPF\smc.exe""AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe""RTHDCPL"="RTHDCPL.EXE""nwiz"="nwiz.exe""CTFMON.EXE"="c:\windows\system32\CTFMON.EXE"path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup--------- 2004-08-03 23:55 1667584 c:\program files\Messenger\msmsgs.exe"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001"DisableMonitoring"=dword:00000001"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Rohan\\rohanclient.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\seyju\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"="3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sysR3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sysR3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sysR3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sysS3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt.
Zawartość folderu 'Zaplanowane zadania'

2008-11-28 c:\windows\Tasks\Norton Security Scan for Ameraigo.job
- c:\program files\Norton Security Scan\Nss.exe.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Ameraigo\Dane aplikacji\Mozilla\Firefox\Profiles\z5anim4h.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 10:49:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt""ImagePath"=""
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\imon.dll
.
Czas ukończenia: 2008-11-29 10:49:34
ComboFix-quarantined-files.txt 2008-11-29 09:49:29
ComboFix2.txt 2008-11-29 09:46:58

Przed: 189 158 649 856 bajtów wolnych
Po: 189,147,156,480 bajtów wolnych

157 --- E O F --- 2008-11-12 20:39:33

Is his pc safe yet ?

Back to top of the page up there ^
MultiQuote
Reply

#17 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 29 November 2008 - 10:26 AM

Hello again.

What kind of problems was brother having?

Back to top of the page up there ^
MultiQuote
Reply

#18 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 29 November 2008 - 10:56 AM

He had keylogger on his pc. (or still has:p)

Back to top of the page up there ^
MultiQuote
Reply

#19 teacup61

Log'N'Rocker

Group: Malware Experts
Posts: 59
Joined: 22-October 08
Gender:Female
Location:Planet Texas!!

Posted 29 November 2008 - 11:25 AM

I don't see it now, if it was there. If you did exactly the same thing to his that you did to yours, then it should be gone. Remember that I cannot promise you it's secure even though it's gone, and he needs to change all his passwords now.
Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Is it running all right?

This post has been edited by teacup61: 29 November 2008 - 11:26 AM

Back to top of the page up there ^
MultiQuote
Reply

#20 Marcelek

Garage rocker

Group: Members
Posts: 12
Joined: 23-November 08

Posted 29 November 2008 - 11:29 AM

Already did that, yes everything running ok.

Thanks a lot!

Back to top of the page up there ^
MultiQuote
Reply

(2 Pages)
1
2
→

You cannot start a new topic
You cannot reply to this topic

Log'N'Rock: HijackThis log (need help again) - Log'N'Rock

HijackThis log (need help again)

#1 Marcelek

#2 teacup61

#3 Marcelek

#4 Marcelek

#5 Marcelek

#6 teacup61

#7 Marcelek

#8 teacup61

#9 Marcelek

#10 teacup61

#11 Marcelek

#12 teacup61

#13 Marcelek

#14 teacup61

#15 Marcelek

#16 Marcelek

#17 teacup61

#18 Marcelek

#19 teacup61

#20 Marcelek

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

Log'N'Rock: HijackThis log (need help again) - Log'N'Rock

HijackThis log (need help again)

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users