Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: Win32/Rootkit.Agent.ODG trojan

  1. 2009-08-09, 16:34 #11
    Xadam
    Xadam is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    17

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33:09, on 2009-08-09
    Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\autoclk.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
    C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    D:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [autoclk] autoclk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9745 bytes














    ComboFix 09-08-08.04 - RedCloud 2009-08-09 16:16.2.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.692 [GMT 2:00]
    Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ADS - WINDOWS: deleted 48 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1601991441-287435753-2479082871-1000
    c:\windows\Installer\34b2e.msp
    c:\windows\system32\AVSredirect.dll
    c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security
    c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security\System Security
    c:\windows\system32\drivers\kungsfxugkinet.sys
    c:\windows\system32\drivers\SKYNETibapipyl.sys
    c:\windows\system32\drivers\vsfocerdwxsnqm.sys
    c:\windows\system32\kungsfewmexptj.dll
    c:\windows\system32\kungsfkvscpxyx.dat
    c:\windows\system32\kungsfmyliqukl.dat
    c:\windows\system32\kungsfudjbpfmy.dll
    c:\windows\system32\SKYNETqecxncbd.dll
    c:\windows\system32\vsfocellptbqlf.dll
    c:\windows\system32\vsfoceotpeuops.dat
    c:\windows\system32\vsfoceptusaejk.dat
    c:\windows\system32\vsfocepvarpodv.dll
    c:\windows\TEMP\cvieeruruy.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_kungsfigswkwnv
    -------\Legacy_kungsfigswkwnv
    -------\Service_SKYNETdmduyxcd
    -------\Legacy_SKYNETdmduyxcd
    -------\Service_vsfocerdodjitu
    -------\Legacy_vsfocerdodjitu
    -------\Legacy_sfx
    -------\Legacy_sfxdrv
    -------\Legacy_.esettrialresetalerterAlerter
    -------\Service_.esettrialresetalerterAlerter


    ((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
    .

    2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
    2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
    2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
    2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Avira
    2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
    2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
    2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
    2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564
    2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
    2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
    2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Nero
    2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
    2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
    2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
    2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
    2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
    2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
    2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
    2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684
    2009-08-01 17:31 . 2009-08-01 17:35 -------- d-----w- c:\program files\BitComet
    2009-08-01 17:23 . 2009-08-01 17:23 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
    2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
    2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
    2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
    2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
    2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Simply Super Software
    2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
    2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
    2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
    2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
    2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
    2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
    2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
    2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
    2009-07-24 15:13 . 2003-01-30 06:48 143360 ----a-w- c:\windows\autoclk.exe
    2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
    2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
    2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Malwarebytes
    2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
    2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
    2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
    2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
    2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
    2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
    2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
    2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
    2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
    2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
    2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
    2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
    2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
    2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
    2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
    2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
    2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
    2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\OpenFM
    2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
    2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
    2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
    2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Microsoft Help
    2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
    2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
    2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
    2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
    2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
    2009-06-15 13:24 . 2009-06-15 13:23 403456 ----a-w- c:\windows\system32\kdfinj.tmp
    2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
    2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
    2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
    2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
    2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
    2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
    2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
    2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
    2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
    2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
    2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
    2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
    2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
    2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
    2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
    2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
    2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
    2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .

    ------- Sigcheck -------

    [-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
    "autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

    c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
    Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
    Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

    c:\docume~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
    DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
    backup=c:\windows\pss\Ad-aware Updater.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\CallOfDuty\\CoDWaWmp.exe"=
    "d:\\CallOfDuty\\CoDWaW.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
    "19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
    "24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
    "24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
    "8085:TCP"= 8085:TCP:sfx
    "14076:TCP"= 14076:TCP:BitComet 14076 TCP
    "14076:UDP"= 14076:UDP:BitComet 14076 UDP
    "53:UDP"= 53:UDP:Promo

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
    S1 58ee5dc9;58ee5dc9;c:\windows\system32\drivers\58ee5dc9.sys [2009-07-24 0]
    S2 .esettrialresetalerter;Eset Trial Reset .EsetTrialResetAlerter;c:\windows\TEMP\ylqppofahn.exe service --> c:\windows\TEMP\ylqppofahn.exe service [?]
    S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
    S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - USUNIĘTO PUSTE WPISY - - - -

    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
    HKLM-Run-MSxmlHpr - c:\windows\system32\msxm192z.dll


    .
    ------- Skan uzupełniający -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 16:24
    Windows 5.1.2600 Dodatek Service Pack 3 NTFS

    skanowanie ukrytych procesów ...

    skanowanie ukrytych wpisów autostartu ...

    skanowanie ukrytych plików ...

    skanowanie pomyślnie ukończone
    ukryte pliki: 0

    **************************************************************************
    .
    --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

    [HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
    92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
    "??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

    [HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
    "datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
    2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
    "rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

    [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
    "DataDir"="ESET\\ESET Smart Security\\"
    "EditionName"=""
    "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:00000000
    "ProductBase"=dword:00000001
    "ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
    "ProductName"="ESET Smart Security"
    "ProductType"="ess"
    "ProductVersion"="4.0.417.0"
    "UniqueId"="0016B36649D70533"
    "ScannerBuild"=dword:0000121d
    "ScannerVersionId"=dword:00000f6c
    "ScannerVersion"="Locked/open ESET for status."
    "FixId"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
    .
    --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

    - - - - - - - > 'explorer.exe'(2928)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Pozostałe uruchomione procesy ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\ATKKBService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Czas ukończenia: 2009-08-09 16:31 - komputer został uruchomiony ponownie
    ComboFix-quarantined-files.txt 2009-08-09 14:31
    ComboFix2.txt 2008-10-15 17:29

    Przed: 2*556*166*144 bajtów wolnych
    Po: 14*741*114*880 bajtów wolnych

    WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
    ;
    ;Warning: Boot.ini is used on Windows XP and earlier operating systems.
    ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
    ;
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

    311 --- E O F --- 2009-06-21 07:45
  2. 2009-08-09, 19:56 #12
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Do you recognize this folder?

    c:\documents and settings\LocalService\Ulubione
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2009-08-09, 20:01 #13
    Xadam
    Xadam is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    17

    Default

    Yes "Ulubione" means "Favourites" in Polish :P
  4. 2009-08-09, 21:30 #14
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Thanks for information

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File::
c:\windows\system32\kdfinj.tmp
c:\windows\autoclk.exe

DirLook::
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

Folder::
c:\program files\BitComet
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares

Driver::
.esettrialresetalerter
58ee5dc9

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14076:TCP"=-
"14076:UDP"=-
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  5. 2009-08-09, 21:56 #15
    Xadam
    Xadam is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    17

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54:58, on 2009-08-09
    Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
    C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\HiJackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9321 bytes











    ComboFix 09-08-09.03 - RedCloud 2009-08-09 21:41.3.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.582 [GMT 2:00]
    Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
    Użyto następujących komend :: c:\documents and settings\RedCloud\Pulpit\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\autoclk.exe"
    "c:\windows\system32\kdfinj.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\default.m3u
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\DHTnodes.dat
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\FailedSNodes.dat
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareH.dat
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareL.dat
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\SNodes.dat
    c:\program files\BitComet
    c:\program files\BitComet\BitComet.xml
    c:\program files\BitComet\Downloads.xml
    c:\program files\BitComet\Downloads.xml.bak
    c:\program files\BitComet\rules\dhtnodes.dat
    c:\windows\autoclk.exe
    c:\windows\system32\kdfinj.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_.esettrialresetalerter
    -------\Service_.esettrialresetalerter
    -------\Service_58ee5dc9


    ((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
    .

    2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
    2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
    2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
    2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
    2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
    2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
    2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
    2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\13351564
    2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
    2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
    2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
    2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
    2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
    2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
    2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
    2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
    2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
    2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
    2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\14524684
    2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3B4E
    2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
    2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
    2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
    2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
    2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
    2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
    2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
    2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
    2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
    2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
    2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
    2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
    2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
    2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
    2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
    2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
    2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
    2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
    2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
    2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
    2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
    2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
    2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
    2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
    2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
    2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
    2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
    2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
    2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
    2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
    2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
    2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
    2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
    2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
    2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
    2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
    2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
    2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
    2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
    2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
    2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
    2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
    2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
    2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
    2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
    2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
    2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
    2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
    2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
    2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
    2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
    2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
    2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
    2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
    2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
    2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
    2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
    2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
    2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
    2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\13351564 ----

    2009-08-07 12:12 . 2009-08-07 12:12 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564\13351564

    ---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\14524684 ----

    2009-08-03 19:14 . 2009-08-03 19:23 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684\14524684

    ---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\3B4E ----

    2009-08-01 17:04 . 2009-02-17 16:14 2329 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E\{E782462C-E137-43C1-87CD-DF83E712A87F}.swf

    ---- Directory of c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr ----

    2009-08-05 09:54 . 2009-08-05 10:07 725 ----a-w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr\Guitar Hero World Tour\AspyrConfig.xml


    ------- Sigcheck -------

    [-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-09_14.25.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-09 19:47 . 2009-08-09 19:47 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
    + 2009-08-09 19:46 . 2009-08-09 19:46 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-09 19:45 . 2009-08-09 19:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    - 2009-08-09 14:22 . 2009-08-09 14:22 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    + 2009-08-09 19:46 . 2009-08-09 19:46 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    + 2009-08-09 19:46 . 2009-08-09 19:46 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    - 2009-08-09 14:22 . 2009-08-09 14:22 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-09 19:45 . 2009-08-09 19:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-09 19:45 . 2009-08-09 19:46 7221248 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

    c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
    Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
    Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

    c:\documents and settings\All Users\Menu Start\Programy\Autostart\
    DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
    backup=c:\windows\pss\Ad-aware Updater.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\CallOfDuty\\CoDWaWmp.exe"=
    "d:\\CallOfDuty\\CoDWaW.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
    "19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
    "24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
    "24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
    "8085:TCP"= 8085:TCP:sfx
    "53:UDP"= 53:UDP:Promo

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
    S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
    S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Zawartość folderu 'Zaplanowane zadania'

    2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003Core.job
    - c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003UA.job
    - c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

    2009-08-09 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 20:18]
    .
    - - - - USUNIĘTO PUSTE WPISY - - - -

    HKLM-Run-autoclk - autoclk.exe


    .
    ------- Skan uzupełniający -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 21:47
    Windows 5.1.2600 Dodatek Service Pack 3 NTFS

    skanowanie ukrytych procesów ...

    skanowanie ukrytych wpisów autostartu ...

    skanowanie ukrytych plików ...

    skanowanie pomyślnie ukończone
    ukryte pliki: 0

    **************************************************************************
    .
    --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

    [HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
    92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
    "??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

    [HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
    "datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
    2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
    "rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

    [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
    "DataDir"="ESET\\ESET Smart Security\\"
    "EditionName"=""
    "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:00000000
    "ProductBase"=dword:00000001
    "ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
    "ProductName"="ESET Smart Security"
    "ProductType"="ess"
    "ProductVersion"="4.0.417.0"
    "UniqueId"="0016B36649D70533"
    "ScannerBuild"=dword:0000121d
    "ScannerVersionId"=dword:00000f6c
    "ScannerVersion"="Locked/open ESET for status."
    "FixId"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
    .
    --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

    - - - - - - - > 'explorer.exe'(3156)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Pozostałe uruchomione procesy ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\ATKKBService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Czas ukończenia: 2009-08-09 21:53 - komputer został uruchomiony ponownie
    ComboFix-quarantined-files.txt 2009-08-09 19:53
    ComboFix2.txt 2009-08-09 14:31
    ComboFix3.txt 2008-10-15 17:29

    Przed: 14*832*869*376 bajtów wolnych
    Po: 14*786*691*072 bajtów wolnych

    319 --- E O F --- 2009-06-21 07:45
  6. 2009-08-09, 22:08 #16
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Do you recognize these folders?

    c:\docume~1\ALLUSE~1\DANEAP~1\13351564
    c:\docume~1\ALLUSE~1\DANEAP~1\14524684
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  7. 2009-08-09, 22:16 #17
    Xadam
    Xadam is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    17

    Default

    Yes but i have no idea for what are those 2 files
  8. 2009-08-10, 06:02 #18
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Which files you mean here?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  9. 2009-08-10, 08:46 #19
    Xadam
    Xadam is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    17

    Default

    These two:
    13351564
    14524684
  10. 2009-08-10, 16:32 #20
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    They are folders and not files.

    So you don't recognize bolded folders?

    c:\docume~1\ALLUSE~1\DANEAP~1\13351564
    c:\docume~1\ALLUSE~1\DANEAP~1\14524684
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules