ComboFix 07-09-13.3 - “Tomek” 2007-09-13 20:34:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.455 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\Tomek\DANEAP~1\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\msvrc20.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.
2007-09-13 20:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 23:35
2007-09-11 22:14
2007-09-10 19:05
2007-08-31 23:56
2007-08-31 23:56
2007-08-30 09:17
2007-08-30 09:16
2007-08-30 09:16
2007-08-26 21:27
2007-08-26 21:27
2007-08-22 09:23
2007-08-15 22:38
2007-08-15 22:04
2007-08-15 21:53
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 15:19 --------- d-------- C:\Program Files\Google
2007-09-12 20:17 --------- d-------- C:\Program Files\eMule
2007-09-11 23:48 --------- d-------- C:\Program Files\PopCap Games
2007-09-11 23:46 --------- d-------- C:\Program Files\Winamp
2007-09-11 16:06 --------- d-------- C:\Program Files\Multi_Media
2007-09-10 18:31 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-09-09 00:03 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\URSoft
2007-09-02 17:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Suite
2007-08-24 22:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Microsoft Help
2007-08-11 07:06 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\Skype
2007-08-10 19:26 --------- d-------- C:\Program Files\Nokia
2007-08-10 19:26 --------- d-------- C:\Program Files\Common Files\PCSuite
2007-08-10 19:26 --------- d-------- C:\Program Files\Common Files\Nokia
2007-08-10 19:25 --------- d-------- C:\Program Files\PC Connectivity Solution
2007-08-10 19:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Installations
2007-08-10 19:17 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\Nokia
2007-08-05 19:03 --------- d-------- C:\Program Files\Ashampoo
2007-07-31 22:29 --------- d-------- C:\Program Files\eDonkey Accelerator
2007-07-15 11:02 --------- d-------- C:\Program Files\Kraina Gier
2007-07-14 21:17 --------- d–h----- C:\Program Files\InstallShield Installation Information
2007-07-14 21:10 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\InterTrust
2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe
2007-05-27 20:19 1526 --a------ C:\Program Files\INSTALL.LOG
2007-03-19 20:13 6422611 --a------ C:\Program Files\temp.000
2007-03-19 20:13 6422611 --------- C:\Program Files\frostwire-4.13.1.6.windows.exe
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-05-18 08:27 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2007-01-02 21:40]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
“HP Software Update”=“D:\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12]
“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-02-11 03:15]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-02-13 22:05]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]
“Adobe Reader Speed Launcher”=“D:\Reader\Reader_sl.exe” [2007-05-11 03:06]
“WinampAgent”=“D:\Winamp\winampa.exe” [2007-05-15 00:22]
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 15:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-24 21:07]
“RunTheMop”=“C:\Program Files\The Mop Team\The Mop 4\themop.exe” []
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Enable Labtec Wireless Desktop.lnk - C:\Program Files\Labtec Wireless Desktop\MagicKey.exe [2007-03-21 23:22:10]
HP Digital Imaging Monitor.lnk - D:\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegedit”=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveSearch”=1 (0x1)
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS
.
Contents of the ‘Scheduled Tasks’ folder
“2007-09-10 17:05:59 C:\WINDOWS\Tasks\Norton Security Scan.job”
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 20:36:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 20:37:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-09-13 20:37
.
— E O F —
jako03 zabrakło znaczników ?? Proszę to poprawić. Tytuł zmieniono.
jakich znaczników
Sfiksuj w Hijacku ten bezplikowy wpis:
>>Hijack>>scan(Do a system scan only)>>zaznacz go >> Fix checked.
Log jest czysty.
A jeśli chodzi o sprawę “znaczników”:
chodzi o to, by log umieszczać w znacznikach [*quote]Twój log[*/quote], oczywiście bez tych gwiazdek*.
Albo zrób tak: zaznacz cały log i kliknij nad postem przycisk “Quote”.
jessi