x-kom hosting

[Rozwiązany] Prosze o sprawdzenie logów

Danyyy
utworzono
utworzono

Ściagnąłem plik z neta i w czasie instalacji komp mi sie zrestartował i po włączeniu koło zegara na dole po prawej pojawiła sie ikonka, okragła czerwona i z białym krzyżykiem. co chwile wyswietla sie komunikat : Your computer is infected! Windows has detected spyware infection... idalej ostrzezenie albo rada zeby uzyc programu antispyware. przeskanowałem komputer Moim antywirem Nod 32 i wykrył on Genetic Trojan po skanowaniu go usunął nastepnie użyłem Ad-Aware, Arca Micro scan, A-squared free i kazdy z nich cos znalazł co oczywiscie usunąłem. / teraz po skanowaniu przez Combo fix komunikat zniknął ale Dam Logi dla 100% pewności :) Prosze o sprawdzenie ;D z góry dziękuje :)

Log z HiJackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:03, on 2008-08-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EDGE Dialer\Edge.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ljJBqrSK.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5BDFC342-8B82-4CD1-A04B-85954C7982CE}: NameServer = 217.116.100.66 217.116.100.65 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ljJBqrSK - C:\WINDOWS\SYSTEM32\ljJBqrSK.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSv[beeep]) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 7041 bytes

log z Silent Runners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nTrayFw" = "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" ["NVIDIA Corporation"] "JMB36X IDE Setup" = "C:\WINDOWS\JM\JMInsIDE.exe" [null data] "JMB36X Configure" = "C:\WINDOWS\system32\JMRaidSetup.exe boot" ["JMicron Technology Corp."] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "AsusStartupHelp" = "C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [null data] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"					\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"					\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"   -> {HKLM...CLSID} = "IE Microsoft AutoComplete"					\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"   -> {HKLM...CLSID} = "History Band"					\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"   -> {HKLM...CLSID} = "DesktopContext Class"					\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"   -> {HKLM...CLSID} = "Desktop Explorer"					\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"   -> {HKLM...CLSID} = (no title provided)					\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"   -> {HKLM...CLSID} = "nView Desktop Context Menu"					\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"   -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"   -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"					\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"   -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"					\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"   -> {HKLM...CLSID} = "WinRAR"					\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"   -> {HKLM...CLSID} = "Groove GFS Browser Helper"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"   -> {HKLM...CLSID} = "Groove Folder Synchronization"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"   -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"   -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"   -> {HKLM...CLSID} = "Groove XML Icon Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"   -> {HKLM...CLSID} = "Outlook File Icon Extension"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"   -> {HKLM...CLSID} = "Microsoft Office Outlook"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"   -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"   -> {HKLM...CLSID} = (no title provided)					\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"   -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"   -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"   -> {HKLM...CLSID} = "Sony Ericsson File Manager"					\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"] "{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"   -> {HKLM...CLSID} = "Sony Ericsson File Manager"					\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"   -> {HKLM...CLSID} = "a-squared Free Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"   -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"					\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"   -> {HKLM...CLSID} = "NVIDIA CPL Extension"					\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"   -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"   -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"					\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"   -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"					\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"   -> {HKLM...CLSID} = "PDF Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"   -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"					\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"   -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"					\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"					\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"   -> {HKLM...CLSID} = "a-squared Free Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"   -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"   -> {HKLM...CLSID} = "WinRAR"					\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"   -> {HKLM...CLSID} = "a-squared Free Shell Extension"					\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Łucznik335\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DVDDecrypterPlayDVDMovieOnArrival\ "Provider" = "DVD Decrypter" "InvokeProgID" = "DVDDecrypter" "InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt" HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classi" "InvokeProgID" = "MPC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MPC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /Dialog:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"   -> {HKLM...CLSID} = "ShellExecute HW Event Handler"					\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"   -> {HKLM...CLSID} = "ShellExecute HW Event Handler"					\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"   -> {HKLM...CLSID} = (no title provided)					\LocalServer32\(Default) = ""C:\Winamp\winamp.exe"" ["Nullsoft"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SYSTEMROOT%\system32\nvappfilter.dll ["NVIDIA"], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{7C5C0F58-E061-457D-9033-77307F5ED00C}"   -> {HKLM...CLSID} = "TorrentMan Toolbar"					\InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"   -> {HKLM...CLSID} = "&Google"					\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{7C5C0F58-E061-457D-9033-77307F5ED00C}" = "TorrentMan Toolbar"   -> {HKLM...CLSID} = "TorrentMan Toolbar"					\InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)   -> {HKLM...CLSID} = "&Google"					\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"   -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"					\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]   -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"					\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Send to OneNote" "MenuText" = "S&end to OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"   -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"					\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{7c5c0f58-e061-457d-9033-77307f5ed00c}" = (no title provided)   -> {HKLM...CLSID} = "TorrentMan Toolbar"					\InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe" [empty string] ForceWare IP service, nSv[beeep], "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe" ["NVIDIA Corporation"] ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA"] Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"] France Telecom Routing Table Service, FTRTSVC, ""C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"" ["France Telecom SA"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PunkBuster, PnkBstrA, ""D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"" [null data] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-08-04 23:30:44) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds,   launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives   took 60 seconds. ---------- (total run time: 89 seconds)

Log z Combofix

ComboFix 08-07-30.02 - Łucznik335 2008-08-04 23:18:26.2 - NTFSx86 Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.3141 [GMT 2:00] Running from: C:\Documents and Settings\Łucznik335\Pulpit\ComboFix.exe  * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\ljJBqrSK.dll C:\WINDOWS\system32\tuvSiiji.dll C:\WINDOWS\system32\winivstr.exe . (((((((((((((((((((((((((   Files Created from 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))) . 2008-08-04 21:52 . 2008-08-04 21:52	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Babylon 2008-08-04 21:52 . 2008-08-04 21:52	6,509,280	--a------	C:\WINDOWS\system32\Babylon7_setup.exe 2008-08-04 20:15 . 2008-08-04 20:15	<DIR>	d--------	C:\Program Files\DoubleDesktop 2008-08-04 11:05 . 2008-08-04 11:05	<DIR>	d--------	C:\My Downloads 2008-08-03 01:03 . 2008-05-30 14:11	3,850,760	--a------	C:\WINDOWS\system32\D3DX9_38.dll 2008-08-03 01:03 . 2008-05-30 14:11	1,491,992	--a------	C:\WINDOWS\system32\D3DCompiler_38.dll 2008-08-03 01:03 . 2008-05-30 14:19	507,400	--a------	C:\WINDOWS\system32\XAudio2_1.dll 2008-08-03 01:03 . 2008-05-30 14:11	467,984	--a------	C:\WINDOWS\system32\d3dx10_38.dll 2008-08-03 01:03 . 2008-05-30 14:18	238,088	--a------	C:\WINDOWS\system32\xactengine3_1.dll 2008-08-03 01:03 . 2008-05-30 14:17	65,032	--a------	C:\WINDOWS\system32\XAPOFX1_0.dll 2008-08-03 01:03 . 2008-05-30 14:17	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_4.dll 2008-08-03 01:02 . 2008-08-03 01:02	<DIR>	d--------	C:\WINDOWS\Logs 2008-08-01 13:49 . 2008-08-01 13:49	<DIR>	d--------	C:\Program Files\Apple Software Update 2008-08-01 13:49 . 2008-08-01 13:49	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-07-31 13:11 . 2008-07-31 13:11	<DIR>	d--------	C:\Program Files\Trend Micro 2008-07-30 20:00 . 2008-08-01 13:49	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-07-30 16:34 . 2008-07-30 16:34	<DIR>	d--------	C:\Program Files\Switch Off 2008-07-29 15:04 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmp361.tmp 2008-07-29 15:04 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmp360.tmp 2008-07-29 00:13 . 2008-07-29 00:14	<DIR>	d--------	C:\WINDOWS\NV37602608.TMP 2008-07-29 00:13 . 2008-07-29 00:13	<DIR>	d--------	C:\NVIDIA 2008-07-29 00:13 . 2008-05-19 18:16	186,407	--a------	C:\WINDOWS\system32\nvapps.nvb 2008-07-28 22:56 . 2008-07-28 23:03	<DIR>	d--------	C:\Program Files\SpeedFan 2008-07-28 22:56 . 2008-07-28 22:56	45	--a------	C:\WINDOWS\system32\initdebug.nfo 2008-07-28 20:08 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmpE7.tmp 2008-07-28 20:08 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmpE6.tmp 2008-07-28 15:13 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmp20E.tmp 2008-07-28 15:13 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmp20D.tmp 2008-07-24 12:38 . 2007-01-15 16:48	122,240	--a------	C:\WINDOWS\system32\drivers\Gtm51Irp.sys 2008-07-24 12:38 . 2007-01-15 16:48	36,992	--a------	C:\WINDOWS\system32\drivers\gtuqbus.sys 2008-07-24 12:38 . 2007-01-15 16:48	17,152	--a------	C:\WINDOWS\system32\drivers\gtffbus.sys 2008-07-24 12:38 . 2007-01-15 16:48	8,064	--a------	C:\WINDOWS\system32\drivers\gtptser.sys 2008-07-24 12:37 . 2006-03-01 19:53	94,208	--a------	C:\WINDOWS\system32\w32n50.dll 2008-07-24 12:37 . 2003-09-23 11:38	34,688	--a------	C:\WINDOWS\system32\pcampr5.sys 2008-07-24 12:37 . 2006-03-01 19:53	32,128	--a------	C:\WINDOWS\system32\pcandis5.sys 2008-07-24 12:36 . 2008-07-24 14:43	<DIR>	d--------	C:\Program Files\OrangeBS 2008-07-24 12:36 . 2008-07-24 14:42	<DIR>	d--------	C:\Program Files\Common Files\France Telecom 2008-07-23 12:28 . 2008-07-29 15:06	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Codemasters 2008-07-23 12:27 . 2008-07-23 12:27	<DIR>	d--------	C:\Program Files\OpenAL 2008-07-23 12:27 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll 2008-07-23 12:27 . 2008-03-05 15:56	1,420,824	--a------	C:\WINDOWS\system32\D3DCompiler_37.dll 2008-07-23 12:27 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmpD50.tmp 2008-07-23 12:27 . 2008-04-28 15:53	805,400	-ra------	C:\WINDOWS\system32\tmpD4F.tmp 2008-07-23 12:27 . 2008-03-05 16:03	479,752	--a------	C:\WINDOWS\system32\XAudio2_0.dll 2008-07-23 12:27 . 2008-02-05 23:07	462,864	--a------	C:\WINDOWS\system32\d3dx10_37.dll 2008-07-23 12:27 . 2008-07-29 15:04	444,952	--a------	C:\WINDOWS\system32\wrap_oal.dll 2008-07-23 12:27 . 2008-03-05 16:03	238,088	--a------	C:\WINDOWS\system32\xactengine3_0.dll 2008-07-23 12:27 . 2008-07-29 15:04	109,080	--a------	C:\WINDOWS\system32\OpenAL32.dll 2008-07-23 12:27 . 2008-03-05 16:00	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_3.dll 2008-07-22 21:55 . 2008-07-22 21:58	1,572	--a------	C:\WINDOWS\system32\tmp.reg 2008-07-22 21:54 . 2007-09-06 00:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe 2008-07-22 21:54 . 2006-04-27 17:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe 2008-07-22 21:54 . 2008-05-29 09:35	86,528	--a------	C:\WINDOWS\system32\VACFix.exe 2008-07-22 21:54 . 2008-05-23 18:21	81,920	--a------	C:\WINDOWS\system32\404Fix.exe 2008-07-22 21:54 . 2004-07-31 18:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe 2008-07-22 21:54 . 2007-10-04 00:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe 2008-07-22 21:40 . 2008-07-22 21:40	219,648	--a--c---	C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-07-21 16:48 . 2008-07-21 16:48	<DIR>	d--------	C:\Program Files\Common Files\LightScribe 2008-07-21 16:48 . 2008-07-21 16:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\LightScribe 2008-07-21 16:43 . 2008-07-21 16:43	<DIR>	d--------	C:\Program Files\Nero 2008-07-21 16:43 . 2008-07-21 16:43	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-07-21 16:40 . 2008-07-21 16:40	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys 2008-07-21 16:40 . 2008-07-21 16:40	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys 2008-07-21 13:30 . 2008-07-21 13:35	<DIR>	d--------	C:\Program Files\GordianKnot 2008-07-21 12:08 . 2008-07-21 12:08	<DIR>	d--------	C:\Program Files\Aud-X 2008-07-20 21:34 . 2008-07-20 21:34	<DIR>	d--------	C:\Program Files\DreamCatcher 2008-07-20 20:06 . 2003-03-16 00:15	90,112	--a------	C:\WINDOWS\unvise32.exe 2008-07-20 19:18 . 2008-07-20 19:18	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2008-07-20 13:13 . 2008-07-20 13:13	<DIR>	d--------	C:\Program Files\Lavalys 2008-07-19 23:36 . 2008-08-04 22:34	69	--a------	C:\WINDOWS\NeroDigital.ini 2008-07-19 23:01 . 2008-08-01 13:49	<DIR>	d--------	C:\Program Files\QuickTime 2008-07-19 23:01 . 2007-09-17 11:34	45,056	--a------	C:\WINDOWS\system32\WNASPI32.DLL 2008-07-19 23:01 . 2007-09-17 11:34	16,512	--a------	C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-07-19 23:00 . 2008-07-19 23:00	<DIR>	d--------	C:\Program Files\ImTOO 2008-07-19 21:21 . 2008-07-27 10:40	<DIR>	d--------	C:\Fraps 2008-07-19 20:25 . 2008-07-19 21:00	<DIR>	d--------	C:\Program Files\CamStudio 2008-07-19 14:10 . 2008-07-21 16:46	<DIR>	d--------	C:\Program Files\Common Files\Ahead 2008-07-19 14:10 . 2008-07-19 23:03	<DIR>	d--------	C:\Program Files\Ahead 2008-07-19 00:35 . 2008-07-19 00:35	23	--a------	C:\WINDOWS\system32\feaaa3_z.ocx 2008-07-19 00:34 . 2008-07-19 00:35	<DIR>	d--------	C:\Program Files\jv16 PowerTools 2008 2008-07-18 23:46 . 2008-07-18 23:46	25,992	--a------	C:\WINDOWS\system32\pgdfgsvc.exe 2008-07-18 23:36 . 2008-07-18 23:36	<DIR>	d--------	C:\Program Files\CCleaner 2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\WINDOWS\system32\AGEIA 2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard 2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\Program Files\AGEIA Technologies 2008-07-18 16:46 . 2008-07-18 20:09	<DIR>	d--------	C:\Program Files\vghd 2008-07-18 16:38 . 2008-07-18 16:38	<DIR>	d--------	C:\Program Files\Common Files\Totem Shared 2008-07-18 15:34 . 2008-07-18 15:35	<DIR>	d--------	C:\Program Files\SystemRequirementsLab 2008-07-17 16:55 . 2008-07-18 23:31	<DIR>	d--------	C:\Program Files\Free Download Manager 2008-07-17 16:22 . 2008-07-17 16:22	<DIR>	d--------	C:\Program Files\Google 2008-07-17 16:22 . 2008-07-17 16:54	<DIR>	d--------	C:\Program Files\FlashGet 2008-07-17 15:30 . 2008-07-18 10:08	<DIR>	d--------	C:\Downloads 2008-07-17 15:27 . 2008-07-17 16:48	<DIR>	d--------	C:\Program Files\Software Informer 2008-07-15 20:33 . 2008-07-15 20:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe 2008-07-15 20:31 . 2008-07-16 16:37	992	--a------	C:\WINDOWS\unins000.dat 2008-07-15 10:58 . 2008-07-15 12:06	21,840	--a----t-	C:\WINDOWS\system32\SIntfNT.dll 2008-07-15 10:58 . 2008-07-15 12:06	17,212	--a----t-	C:\WINDOWS\system32\SIntf32.dll 2008-07-15 10:58 . 2008-07-15 12:06	12,067	--a----t-	C:\WINDOWS\system32\SIntf16.dll 2008-07-14 23:36 . 2008-07-16 15:42	<DIR>	d--------	C:\Program Files\ASCPCWK 2008-07-14 21:37 . 2008-07-14 21:37	<DIR>	d--------	C:\Program Files\TorrentMan 2008-07-14 21:37 . 2008-07-14 21:37	<DIR>	d--------	C:\Program Files\Conduit 2008-07-14 21:37 . 2008-07-14 21:38	<DIR>	d--------	C:\Program Files\BitLord 2008-07-11 19:58 . 2008-07-22 22:53	<DIR>	d--------	C:\Program Files\Common Files\Native Instruments 2008-07-11 19:57 . 2008-07-22 22:53	<DIR>	d--------	C:\Program Files\Native Instruments 2008-07-10 18:51 . 2008-07-10 18:51	<DIR>	d--------	C:\Program Files\Play 2008-07-09 15:29 . 2008-07-09 15:29	<DIR>	d--------	C:\Program Files\Juz w szkole klasa 2a 2008-07-09 15:29 . 2008-07-09 15:29	<DIR>	d--------	C:\Program Files\Common Files\YDP 2008-07-09 15:29 . 1998-10-07 12:54	327,168	--a------	C:\WINDOWS\IsUn0415.exe 2008-07-08 23:57 . 2006-03-02 14:00	221,184	--a------	C:\WINDOWS\system32\wmpns.dll 2008-07-08 23:55 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]00001_.tmp 2008-07-08 23:33 . 2006-03-02 14:00	219,648	--a------	C:\WINDOWS\system32\uxtheme.tm 2008-07-08 22:04 . 2008-07-08 22:33	<DIR>	d--------	C:\Program Files\KM Remote 2008-07-08 17:37 . 2008-07-08 17:37	<DIR>	d--------	C:\WINDOWS\system32\pl-PL 2008-07-08 17:36 . 2008-07-08 17:37	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer 2008-07-08 17:36 . 2008-07-08 17:36	<DIR>	d--------	C:\Program Files\Reference Assemblies 2008-07-08 17:36 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll 2008-07-08 17:35 . 2008-07-08 17:35	<DIR>	d--------	C:\Program Files\MSXML 6.0 2008-07-08 14:52 . 2008-07-08 14:52	<DIR>	d--------	C:\Program Files\Plus! 2008-07-08 14:52 . 2008-07-09 00:00	2,359,350	--a------	C:\WINDOWS\Topthemes wallpaper.bmp 2008-07-08 14:52 . 2008-07-08 14:52	1,129,409	--a------	C:\WINDOWS\system32\New World.scr 2008-07-08 14:20 . 2008-07-08 14:20	<DIR>	d--------	C:\cda 2008-07-08 11:03 . 2008-08-04 10:02	<DIR>	d--------	C:\WINDOWS\system32\LogFiles 2008-07-08 11:03 . 2008-07-08 11:03	669,184	--a------	C:\WINDOWS\system32\pbsvc.exe 2008-07-08 11:03 . 2008-07-08 11:03	103,736	--a------	C:\WINDOWS\system32\PnkBstrB.exe 2008-07-08 11:03 . 2008-07-08 11:03	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-04 15:57	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-04 15:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information 2008-08-04 09:06	---------	d-----w	C:\Program Files\BearShare 2008-07-31 20:19	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll 2008-07-22 19:40	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll 2008-07-21 11:31	---------	d-----w	C:\Program Files\AviSynth 2.5 2008-07-21 11:13	---------	d-----w	C:\Program Files\AutoGK 2008-07-19 12:10	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2008-07-15 08:59	---------	d-----w	C:\Program Files\Common Files\InstallShield 2008-07-12 17:00	5,120	----a-w	C:\WINDOWS\system32\BReWErS.dll 2008-07-08 15:36	---------	d-----w	C:\Program Files\MSBuild 2008-07-06 22:40	---------	d-----w	C:\Program Files\iriverter 2008-07-03 21:23	---------	d-----w	C:\Program Files\Sony Ericsson 2008-07-03 21:23	---------	d-----w	C:\Program Files\Common Files\Teleca Shared 2008-07-03 21:23	---------	d-----w	C:\Program Files\Common Files\Sony Ericsson Shared 2008-07-03 21:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-07-03 21:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-06-30 11:30	32	----a-w	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-06-30 11:28	---------	d-----w	C:\Program Files\Skype 2008-06-30 11:28	---------	d-----w	C:\Program Files\Common Files\Skype 2008-06-30 11:28	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-06-29 14:55	---------	d-----w	C:\Program Files\Real Alternative 2008-06-29 14:54	---------	d-----w	C:\Program Files\K-Lite Codec Pack 2008-06-29 13:55	---------	d-----w	C:\Program Files\Lavasoft 2008-06-29 13:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-06-29 13:45	---------	d-----w	C:\Program Files\ASUS 2008-06-29 13:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-06-29 09:06	43,698	----a-w	C:\WINDOWS\system32\xvid-uninstall.exe 2008-06-29 09:06	---------	d-----w	C:\Program Files\Gabest 2008-06-29 08:48	---------	d-----w	C:\Program Files\DVD Decrypter 2008-06-28 13:13	---------	d-----w	C:\Program Files\Java 2008-06-28 13:13	---------	d-----w	C:\Program Files\Common Files\Java 2008-06-28 12:22	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2008-06-28 08:47	---------	d-----w	C:\Program Files\AVIcodec 2008-06-28 08:40	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-06-28 08:38	---------	d-----w	C:\Program Files\DVD Shrink 2008-06-27 19:57	---------	d-----w	C:\Program Files\SubEdit-Player 2008-06-27 19:26	---------	d-----w	C:\Program Files\Any DVD Converter Professional 2008-06-27 19:16	---------	d-----w	C:\Program Files\ToniArts 2008-06-27 17:41	---------	d-----w	C:\Program Files\ivo 2008-06-27 16:37	---------	d-----w	C:\Program Files\Microsoft Works 2008-06-27 16:33	---------	d-----w	C:\Program Files\MagicDisc 2008-06-27 12:08	---------	d-----w	C:\Program Files\Guitar Pro 5 2008-06-27 12:05	---------	d-----w	C:\Program Files\PowerISO 2008-06-27 12:01	---------	d-----w	C:\Program Files\DAEMON Tools Lite 2008-06-27 11:59	715,248	----a-w	C:\WINDOWS\system32\drivers\sptd.sys 2008-06-27 11:01	---------	d-----w	C:\Program Files\ESET 2008-06-27 11:01	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-06-27 10:27	---------	d-----w	C:\Program Files\EDGE Dialer 2008-06-27 10:10	---------	d-----w	C:\Program Files\Realtek 2008-06-27 10:06	---------	d-----w	C:\Program Files\NVIDIA Corporation 2008-06-27 09:58	---------	d-----w	C:\Program Files\microsoft frontpage 2008-06-27 09:57	---------	d-----w	C:\Program Files\Usługi online 2008-05-16 09:48	446,464	----a-w	C:\WINDOWS\system32\NVUNINST.EXE . (((((((((((((((((((((((((((((   snapshot@2008-07-31_14.32.19.23   ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-29 13:04:16	53,248	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-08-02 23:02:58	53,248	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-07-29 13:04:16	12,800	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-08-02 23:02:58	12,800	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-07-29 13:04:16	473,600	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-08-02 23:02:58	473,600	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-07-29 13:04:14	2,676,224	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56	2,676,224	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15	2,846,720	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56	2,846,720	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15	563,712	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56	563,712	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15	567,296	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56	567,296	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15	576,000	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57	576,000	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15	577,024	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57	577,024	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16	577,536	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57	577,536	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16	577,536	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57	577,536	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16	578,560	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57	578,560	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:17	578,560	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:58	578,560	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:17	145,920	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-08-02 23:02:58	145,920	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-07-29 13:04:17	159,232	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-08-02 23:02:58	159,232	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-07-29 13:04:17	364,544	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-08-02 23:02:59	364,544	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-07-29 13:04:17	178,176	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-08-02 23:02:59	178,176	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-07-29 13:04:16	223,232	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-08-02 23:02:58	223,232	----a-w	C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-03-24 17:33:02	1,527,056	----a-w	C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-08-01 11:49:26	27,136	----a-r	C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-03-25 02:32:44	218,496	----a-r	C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe + 2008-08-02 09:07:05	74,649	----a-w	C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2005-09-22 23:35:10	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown  REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 08:25 363008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.audxacm"= audxacm.acm "msacm.ac3acm4audx"= AC3ACM4AUDX.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Łucznik335^Menu Start^Programy^Autostart^MagicDisc.lnk] path=C:\Documents and Settings\Łucznik335\Menu Start\Programy\Autostart\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-PLSessionManager] --a------ 2007-07-24 19:03 102400 C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\BearShare\\BearShare.exe"= "D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Gadu-Gadu\\gg.exe"= "E:\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "D:\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "D:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"= "C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"= "E:\\Codemasters\\GRID\\GRID.exe"= "D:\\Midway Home Entertainment\\BlackSite Area 51\\Binaries\\Blacksite.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Łucznik335\Dane aplikacji\Mozilla\Firefox\Profiles\pu4kbnsg.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 23:21:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-08-04 23:22:15 - machine was rebooted ComboFix-quarantined-files.txt  2008-08-04 21:22:13 ComboFix2.txt  2008-07-31 12:32:27 Pre-Run: 45,455,585,280 bajtów wolnych Post-Run: 45,446,848,512 bajt˘w wolnych 382

snip91
komentarz
komentarz
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ljJBqrSK.dllO4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exeO4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exeO20 - Winlogon Notify: ljJBqrSK - C:\WINDOWS\SYSTEM32\ljJBqrSK.dll

FIX w HJT

Do notatnika wklej:

File::C:\WINDOWS\system32\braviax.exeC:\WINDOWS\system32\ljJBqrSK.dllC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\unvise32.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\000001_.tmpC:\WINDOWS\system32\BReWErS.dllFolder::C:\WINDOWS\NV37602608.TMP

W notatniku zakładka Plik --> Zapisz jako --> zapisz pod nazwą CFScript.txt i zapisz go w tym samym katalogu, w którym jest ComboFix.

Wystartuj tryb awaryjny (F8 podczas ładowania systemu). Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt tak, jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum.

Po restarcie usuń ręcznie folder C:\Qoobox.

Danyyy
komentarz
komentarz

ale mam to wkleic do notatnika z logiem od HiJackThis? czy nowy poprostu zrobic i go nazwac CFScript?

a cop do fixów w hi Jackthis to szukałem tych wpisów ale ich tam nie ma.

snip91
komentarz
komentarz

Zrób nowy log w HJT, zaznacz te wpisy, które podałem i wciśnij Fix Checked.

Resztę wklejasz do normalnego nowego notatnika.

Danyyy
komentarz
komentarz

ok tamto juz rozumiem ale teraz dalej z tymi fixami, nzrobiłem nopwy log i jest lista wpisów po lewej sa kwadraciki do zaznaczenia ale wśród tych nie ma tych wpisów :blink: rozumiem ze powinny byc ale nie ma.

snip91
komentarz
komentarz

Wklej ten log tutaj.

Danyyy
komentarz
komentarz
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:05, on 2008-08-05Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeD:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\Program Files\EDGE Dialer\Edge.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Gadu-Gadu\gg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dllO3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exeO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exeO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe bootO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5BDFC342-8B82-4CD1-A04B-85954C7982CE}: NameServer = 217.116.100.66 217.116.100.65O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ForceWare IP service (nSv[beeep]) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe--End of file - 6985 bytes
snip91
komentarz
komentarz

Log już jest czysty.

Pewnie ComboFix usunął te zagrożenia, bo skanowałeś nim po wykonaniu loga w HJT.

Wykonaj te czynności w CFX.

Danyyy
komentarz
komentarz

ok zrobiłem to w tym stanie awaryjnym i teraz zawartosc którego loga mam wkleic? tego RHD Setup? w tym własnie logu nie ma zadnych wpisów tylko jakies dane pare linijek tylko jak cos.

snip91
komentarz
komentarz

Log będzie w pliku ComboFix.txt

Ale to już sprawdzę rano ;)

Danyyy
komentarz
komentarz
ComboFix 08-07-30.02 - Łucznik335 2008-08-05  1:05:31.4 - NTFSx86 MINIMALMicrosoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.3297 [GMT 2:00]Running from: C:\Documents and Settings\Łucznik335\Pulpit\ComboFix.exeCommand switches used :: C:\CFScript.txt[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]FILE ::C:\WINDOWS\[u]0[/u]00001_.tmpC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\braviax.exeC:\WINDOWS\system32\BReWErS.dllC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\ljJBqrSK.dllC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\unvise32.exe.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\[u]0[/u]00001_.tmpC:\WINDOWS\NV37602608.TMPC:\WINDOWS\NV37602608.TMP\nv3d.chmC:\WINDOWS\NV37602608.TMP\nv3dara.chmC:\WINDOWS\NV37602608.TMP\nv3dchs.chmC:\WINDOWS\NV37602608.TMP\nv3dcht.chmC:\WINDOWS\NV37602608.TMP\nv3dcsy.chmC:\WINDOWS\NV37602608.TMP\nv3ddan.chmC:\WINDOWS\NV37602608.TMP\nv3ddeu.chmC:\WINDOWS\NV37602608.TMP\nv3dell.chmC:\WINDOWS\NV37602608.TMP\nv3deng.chmC:\WINDOWS\NV37602608.TMP\nv3desm.chmC:\WINDOWS\NV37602608.TMP\nv3desn.chmC:\WINDOWS\NV37602608.TMP\nv3dfin.chmC:\WINDOWS\NV37602608.TMP\nv3dfra.chmC:\WINDOWS\NV37602608.TMP\nv3dheb.chmC:\WINDOWS\NV37602608.TMP\nv3dhun.chmC:\WINDOWS\NV37602608.TMP\nv3dita.chmC:\WINDOWS\NV37602608.TMP\nv3djpn.chmC:\WINDOWS\NV37602608.TMP\nv3dkor.chmC:\WINDOWS\NV37602608.TMP\nv3dnld.chmC:\WINDOWS\NV37602608.TMP\nv3dnor.chmC:\WINDOWS\NV37602608.TMP\nv3dplk.chmC:\WINDOWS\NV37602608.TMP\nv3dptb.chmC:\WINDOWS\NV37602608.TMP\nv3dptg.chmC:\WINDOWS\NV37602608.TMP\nv3drus.chmC:\WINDOWS\NV37602608.TMP\nv3dsky.chmC:\WINDOWS\NV37602608.TMP\nv3dslv.chmC:\WINDOWS\NV37602608.TMP\nv3dsve.chmC:\WINDOWS\NV37602608.TMP\nv3dtha.chmC:\WINDOWS\NV37602608.TMP\nv3dtrk.chmC:\WINDOWS\NV37602608.TMP\nvcpl.chmC:\WINDOWS\NV37602608.TMP\nvcplara.chmC:\WINDOWS\NV37602608.TMP\nvcplchs.chmC:\WINDOWS\NV37602608.TMP\nvcplcht.chmC:\WINDOWS\NV37602608.TMP\nvcplcsy.chmC:\WINDOWS\NV37602608.TMP\nvcpldan.chmC:\WINDOWS\NV37602608.TMP\nvcpldeu.chmC:\WINDOWS\NV37602608.TMP\nvcplell.chmC:\WINDOWS\NV37602608.TMP\nvcpleng.chmC:\WINDOWS\NV37602608.TMP\nvcplesm.chmC:\WINDOWS\NV37602608.TMP\nvcplesn.chmC:\WINDOWS\NV37602608.TMP\nvcplfin.chmC:\WINDOWS\NV37602608.TMP\nvcplfra.chmC:\WINDOWS\NV37602608.TMP\nvcplheb.chmC:\WINDOWS\NV37602608.TMP\nvcplhun.chmC:\WINDOWS\NV37602608.TMP\nvcplita.chmC:\WINDOWS\NV37602608.TMP\nvcpljpn.chmC:\WINDOWS\NV37602608.TMP\nvcplkor.chmC:\WINDOWS\NV37602608.TMP\nvcplnld.chmC:\WINDOWS\NV37602608.TMP\nvcplnor.chmC:\WINDOWS\NV37602608.TMP\nvcplplk.chmC:\WINDOWS\NV37602608.TMP\nvcplptb.chmC:\WINDOWS\NV37602608.TMP\nvcplptg.chmC:\WINDOWS\NV37602608.TMP\nvcplrus.chmC:\WINDOWS\NV37602608.TMP\nvcplsky.chmC:\WINDOWS\NV37602608.TMP\nvcplslv.chmC:\WINDOWS\NV37602608.TMP\nvcplsve.chmC:\WINDOWS\NV37602608.TMP\nvcpltha.chmC:\WINDOWS\NV37602608.TMP\nvcpltrk.chmC:\WINDOWS\NV37602608.TMP\nvdsp.chmC:\WINDOWS\NV37602608.TMP\nvdspara.chmC:\WINDOWS\NV37602608.TMP\nvdspchs.chmC:\WINDOWS\NV37602608.TMP\nvdspcht.chmC:\WINDOWS\NV37602608.TMP\nvdspcsy.chmC:\WINDOWS\NV37602608.TMP\nvdspdan.chmC:\WINDOWS\NV37602608.TMP\nvdspdeu.chmC:\WINDOWS\NV37602608.TMP\nvdspell.chmC:\WINDOWS\NV37602608.TMP\nvdspeng.chmC:\WINDOWS\NV37602608.TMP\nvdspesm.chmC:\WINDOWS\NV37602608.TMP\nvdspesn.chmC:\WINDOWS\NV37602608.TMP\nvdspfin.chmC:\WINDOWS\NV37602608.TMP\nvdspfra.chmC:\WINDOWS\NV37602608.TMP\nvdspheb.chmC:\WINDOWS\NV37602608.TMP\nvdsphun.chmC:\WINDOWS\NV37602608.TMP\nvdspita.chmC:\WINDOWS\NV37602608.TMP\nvdspjpn.chmC:\WINDOWS\NV37602608.TMP\nvdspkor.chmC:\WINDOWS\NV37602608.TMP\nvdspnld.chmC:\WINDOWS\NV37602608.TMP\nvdspnor.chmC:\WINDOWS\NV37602608.TMP\nvdspplk.chmC:\WINDOWS\NV37602608.TMP\nvdspptb.chmC:\WINDOWS\NV37602608.TMP\nvdspptg.chmC:\WINDOWS\NV37602608.TMP\nvdsprus.chmC:\WINDOWS\NV37602608.TMP\nvdspsky.chmC:\WINDOWS\NV37602608.TMP\nvdspslv.chmC:\WINDOWS\NV37602608.TMP\nvdspsve.chmC:\WINDOWS\NV37602608.TMP\nvdsptha.chmC:\WINDOWS\NV37602608.TMP\nvdsptrk.chmC:\WINDOWS\NV37602608.TMP\nvmob.chmC:\WINDOWS\NV37602608.TMP\nvmobara.chmC:\WINDOWS\NV37602608.TMP\nvmobchs.chmC:\WINDOWS\NV37602608.TMP\nvmobcht.chmC:\WINDOWS\NV37602608.TMP\nvmobcsy.chmC:\WINDOWS\NV37602608.TMP\nvmobdan.chmC:\WINDOWS\NV37602608.TMP\nvmobdeu.chmC:\WINDOWS\NV37602608.TMP\nvmobell.chmC:\WINDOWS\NV37602608.TMP\nvmobeng.chmC:\WINDOWS\NV37602608.TMP\nvmobesm.chmC:\WINDOWS\NV37602608.TMP\nvmobesn.chmC:\WINDOWS\NV37602608.TMP\nvmobfin.chmC:\WINDOWS\NV37602608.TMP\nvmobfra.chmC:\WINDOWS\NV37602608.TMP\nvmobheb.chmC:\WINDOWS\NV37602608.TMP\nvmobhun.chmC:\WINDOWS\NV37602608.TMP\nvmobita.chmC:\WINDOWS\NV37602608.TMP\nvmobjpn.chmC:\WINDOWS\NV37602608.TMP\nvmobkor.chmC:\WINDOWS\NV37602608.TMP\nvmobnld.chmC:\WINDOWS\NV37602608.TMP\nvmobnor.chmC:\WINDOWS\NV37602608.TMP\nvmobplk.chmC:\WINDOWS\NV37602608.TMP\nvmobptb.chmC:\WINDOWS\NV37602608.TMP\nvmobptg.chmC:\WINDOWS\NV37602608.TMP\nvmobrus.chmC:\WINDOWS\NV37602608.TMP\nvmobsky.chmC:\WINDOWS\NV37602608.TMP\nvmobslv.chmC:\WINDOWS\NV37602608.TMP\nvmobsve.chmC:\WINDOWS\NV37602608.TMP\nvmobtha.chmC:\WINDOWS\NV37602608.TMP\nvmobtrk.chmC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\BReWErS.dllC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\unvise32.exe.(((((((((((((((((((((((((   Files Created from 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))).2008-08-05 01:02 . 2008-08-05 01:02	<DIR>	d--------	C:\Documents and Settings\Administrator2008-08-04 23:22 . 2008-08-04 23:22	<DIR>	d--------	C:\Documents and Settings\úucznik3352008-08-04 21:52 . 2008-08-04 21:52	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\Babylon2008-08-04 21:52 . 2008-08-04 21:52	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Babylon2008-08-04 21:52 . 2008-08-04 21:52	6,509,280	--a------	C:\WINDOWS\system32\Babylon7_setup.exe2008-08-04 20:15 . 2008-08-04 20:15	<DIR>	d--------	C:\Program Files\DoubleDesktop2008-08-04 11:05 . 2008-08-04 11:05	<DIR>	d--------	C:\My Downloads2008-08-03 14:44 . 2008-08-03 14:44	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\ArcaBit2008-08-03 01:03 . 2008-05-30 14:11	3,850,760	--a------	C:\WINDOWS\system32\D3DX9_38.dll2008-08-03 01:03 . 2008-05-30 14:11	1,491,992	--a------	C:\WINDOWS\system32\D3DCompiler_38.dll2008-08-03 01:03 . 2008-05-30 14:19	507,400	--a------	C:\WINDOWS\system32\XAudio2_1.dll2008-08-03 01:03 . 2008-05-30 14:11	467,984	--a------	C:\WINDOWS\system32\d3dx10_38.dll2008-08-03 01:03 . 2008-05-30 14:18	238,088	--a------	C:\WINDOWS\system32\xactengine3_1.dll2008-08-03 01:03 . 2008-05-30 14:17	65,032	--a------	C:\WINDOWS\system32\XAPOFX1_0.dll2008-08-03 01:03 . 2008-05-30 14:17	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_4.dll2008-08-03 01:02 . 2008-08-03 01:02	<DIR>	d--------	C:\WINDOWS\Logs2008-08-01 13:49 . 2008-08-01 13:49	<DIR>	d--------	C:\Program Files\Apple Software Update2008-08-01 13:49 . 2008-08-01 13:49	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple2008-07-31 13:11 . 2008-07-31 13:11	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-30 20:00 . 2008-08-01 13:49	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-07-30 16:34 . 2008-07-30 16:34	<DIR>	d--------	C:\Program Files\Switch Off2008-07-29 00:13 . 2008-07-29 00:13	<DIR>	d--------	C:\NVIDIA2008-07-29 00:13 . 2008-05-19 18:16	186,407	--a------	C:\WINDOWS\system32\nvapps.nvb2008-07-28 22:56 . 2008-07-28 23:03	<DIR>	d--------	C:\Program Files\SpeedFan2008-07-28 22:56 . 2008-07-28 22:56	45	--a------	C:\WINDOWS\system32\initdebug.nfo2008-07-24 12:38 . 2007-01-15 16:48	122,240	--a------	C:\WINDOWS\system32\drivers\Gtm51Irp.sys2008-07-24 12:38 . 2007-01-15 16:48	36,992	--a------	C:\WINDOWS\system32\drivers\gtuqbus.sys2008-07-24 12:38 . 2007-01-15 16:48	17,152	--a------	C:\WINDOWS\system32\drivers\gtffbus.sys2008-07-24 12:38 . 2007-01-15 16:48	8,064	--a------	C:\WINDOWS\system32\drivers\gtptser.sys2008-07-24 12:37 . 2006-03-01 19:53	94,208	--a------	C:\WINDOWS\system32\w32n50.dll2008-07-24 12:37 . 2003-09-23 11:38	34,688	--a------	C:\WINDOWS\system32\pcampr5.sys2008-07-24 12:37 . 2006-03-01 19:53	32,128	--a------	C:\WINDOWS\system32\pcandis5.sys2008-07-24 12:36 . 2008-07-24 14:43	<DIR>	d--------	C:\Program Files\OrangeBS2008-07-24 12:36 . 2008-07-24 14:42	<DIR>	d--------	C:\Program Files\Common Files\France Telecom2008-07-23 12:28 . 2008-07-29 15:06	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Codemasters2008-07-23 12:27 . 2008-07-23 12:27	<DIR>	d--------	C:\Program Files\OpenAL2008-07-23 12:27 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll2008-07-23 12:27 . 2008-03-05 15:56	1,420,824	--a------	C:\WINDOWS\system32\D3DCompiler_37.dll2008-07-23 12:27 . 2008-03-05 16:03	479,752	--a------	C:\WINDOWS\system32\XAudio2_0.dll2008-07-23 12:27 . 2008-02-05 23:07	462,864	--a------	C:\WINDOWS\system32\d3dx10_37.dll2008-07-23 12:27 . 2008-07-29 15:04	444,952	--a------	C:\WINDOWS\system32\wrap_oal.dll2008-07-23 12:27 . 2008-03-05 16:03	238,088	--a------	C:\WINDOWS\system32\xactengine3_0.dll2008-07-23 12:27 . 2008-07-29 15:04	109,080	--a------	C:\WINDOWS\system32\OpenAL32.dll2008-07-23 12:27 . 2008-03-05 16:00	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_3.dll2008-07-22 21:40 . 2008-07-22 21:40	219,648	--a--c---	C:\WINDOWS\system32\dllcache\uxtheme.dll2008-07-21 20:35 . 2008-07-22 19:51	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\Bioshock2008-07-21 17:38 . 2008-07-21 17:38	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\InstallShield Installation Information2008-07-21 16:48 . 2008-07-21 16:48	<DIR>	d--------	C:\Program Files\Common Files\LightScribe2008-07-21 16:48 . 2008-07-21 16:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-07-21 16:43 . 2008-07-21 16:43	<DIR>	d--------	C:\Program Files\Nero2008-07-21 16:43 . 2008-07-21 16:43	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-07-21 16:40 . 2008-07-21 16:40	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-07-21 16:40 . 2008-07-21 16:40	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-07-21 13:30 . 2008-07-21 13:35	<DIR>	d--------	C:\Program Files\GordianKnot2008-07-21 12:08 . 2008-07-21 12:08	<DIR>	d--------	C:\Program Files\Aud-X2008-07-20 21:34 . 2008-07-20 21:34	<DIR>	d--------	C:\Program Files\DreamCatcher2008-07-20 19:19 . 2008-07-20 19:19	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\Ashampoo2008-07-20 19:18 . 2008-07-20 19:18	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ashampoo2008-07-20 13:13 . 2008-07-20 13:13	<DIR>	d--------	C:\Program Files\Lavalys2008-07-19 23:36 . 2008-08-04 22:34	69	--a------	C:\WINDOWS\NeroDigital.ini2008-07-19 23:19 . 2008-07-19 23:19	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\dvdcss2008-07-19 23:01 . 2008-08-01 13:49	<DIR>	d--------	C:\Program Files\QuickTime2008-07-19 23:01 . 2007-09-17 11:34	45,056	--a------	C:\WINDOWS\system32\WNASPI32.DLL2008-07-19 23:01 . 2007-09-17 11:34	16,512	--a------	C:\WINDOWS\system32\drivers\ASPI32.SYS2008-07-19 23:00 . 2008-07-19 23:00	<DIR>	d--------	C:\Program Files\ImTOO2008-07-19 21:21 . 2008-07-27 10:40	<DIR>	d--------	C:\Fraps2008-07-19 20:25 . 2008-07-19 21:00	<DIR>	d--------	C:\Program Files\CamStudio2008-07-19 14:10 . 2008-07-21 16:46	<DIR>	d--------	C:\Program Files\Common Files\Ahead2008-07-19 14:10 . 2008-07-19 23:03	<DIR>	d--------	C:\Program Files\Ahead2008-07-19 00:34 . 2008-07-19 00:35	<DIR>	d--------	C:\Program Files\jv16 PowerTools 20082008-07-18 23:46 . 2008-07-18 23:46	25,992	--a------	C:\WINDOWS\system32\pgdfgsvc.exe2008-07-18 23:36 . 2008-07-18 23:36	<DIR>	d--------	C:\Program Files\CCleaner2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\WINDOWS\system32\AGEIA2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-07-18 18:01 . 2008-07-18 18:01	<DIR>	d--------	C:\Program Files\AGEIA Technologies2008-07-18 16:46 . 2008-07-18 20:09	<DIR>	d--------	C:\Program Files\vghd2008-07-18 16:38 . 2008-07-18 16:38	<DIR>	d--------	C:\Program Files\Common Files\Totem Shared2008-07-18 15:34 . 2008-07-18 15:35	<DIR>	d--------	C:\Program Files\SystemRequirementsLab2008-07-18 15:34 . 2008-07-18 15:34	<DIR>	d--------	C:\Documents and Settings\Łucznik335\SystemRequirementsLab2008-07-18 15:34 . 2008-07-18 15:34	<DIR>	d--------	C:\Documents and Settings\Łucznik335\SystemRequirementsLab2008-07-18 14:44 . 2008-07-18 14:44	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\AdobeUM2008-07-17 16:55 . 2008-07-18 23:31	<DIR>	d--------	C:\Program Files\Free Download Manager2008-07-17 16:22 . 2008-07-17 16:22	<DIR>	d--------	C:\Program Files\Google2008-07-17 16:22 . 2008-07-17 16:54	<DIR>	d--------	C:\Program Files\FlashGet2008-07-17 15:30 . 2008-07-18 10:08	<DIR>	d--------	C:\Downloads2008-07-17 15:27 . 2008-07-17 16:48	<DIR>	d--------	C:\Program Files\Software Informer2008-07-15 20:33 . 2008-07-15 20:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-07-15 20:31 . 2008-07-16 16:37	992	--a------	C:\WINDOWS\unins000.dat2008-07-14 23:36 . 2008-07-16 15:42	<DIR>	d--------	C:\Program Files\ASCPCWK2008-07-14 21:37 . 2008-07-14 21:37	<DIR>	d--------	C:\Program Files\TorrentMan2008-07-14 21:37 . 2008-07-14 21:37	<DIR>	d--------	C:\Program Files\Conduit2008-07-14 21:37 . 2008-07-14 21:38	<DIR>	d--------	C:\Program Files\BitLord2008-07-11 19:58 . 2008-07-22 22:53	<DIR>	d--------	C:\Program Files\Common Files\Native Instruments2008-07-11 19:57 . 2008-07-22 22:53	<DIR>	d--------	C:\Program Files\Native Instruments2008-07-10 18:51 . 2008-07-10 18:51	<DIR>	d--------	C:\Program Files\Play2008-07-10 18:51 . 2008-07-10 18:51	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\Ponys2008-07-09 15:29 . 2008-07-09 15:29	<DIR>	d--------	C:\Program Files\Juz w szkole klasa 2a2008-07-09 15:29 . 2008-07-09 15:29	<DIR>	d--------	C:\Program Files\Common Files\YDP2008-07-09 15:29 . 1998-10-07 12:54	327,168	--a------	C:\WINDOWS\IsUn0415.exe2008-07-08 23:57 . 2006-03-02 14:00	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-07-08 23:33 . 2006-03-02 14:00	219,648	--a------	C:\WINDOWS\system32\uxtheme.tm2008-07-08 22:04 . 2008-07-08 22:33	<DIR>	d--------	C:\Program Files\KM Remote2008-07-08 17:37 . 2008-07-08 17:37	<DIR>	d--------	C:\WINDOWS\system32\pl-PL2008-07-08 17:36 . 2008-07-08 17:37	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer2008-07-08 17:36 . 2008-07-08 17:36	<DIR>	d--------	C:\Program Files\Reference Assemblies2008-07-08 17:36 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll2008-07-08 17:35 . 2008-07-08 17:35	<DIR>	d--------	C:\Program Files\MSXML 6.02008-07-08 14:52 . 2008-07-08 14:52	<DIR>	d--------	C:\Program Files\Plus!2008-07-08 14:52 . 2008-07-09 00:00	2,359,350	--a------	C:\WINDOWS\Topthemes wallpaper.bmp2008-07-08 14:52 . 2008-07-08 14:52	1,129,409	--a------	C:\WINDOWS\system32\New World.scr2008-07-08 14:20 . 2008-07-08 14:20	<DIR>	d--------	C:\cda2008-07-08 11:55 . 2008-07-08 11:55	<DIR>	dr-h-----	C:\Documents and Settings\Łucznik335\Dane aplikacji\SecuROM2008-07-08 11:03 . 2008-08-04 10:02	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-07-08 11:03 . 2008-07-08 11:03	669,184	--a------	C:\WINDOWS\system32\pbsvc.exe2008-07-08 11:03 . 2008-07-08 11:03	103,736	--a------	C:\WINDOWS\system32\PnkBstrB.exe2008-07-08 11:03 . 2008-07-08 11:03	103,736	--a------	C:\Documents and Settings\Łucznik335\Dane aplikacji\PnkBstrB.exe2008-07-08 11:03 . 2008-07-08 11:03	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe2008-07-06 21:10 . 2008-07-06 21:10	<DIR>	d--------	C:\Program Files\Ubisoft2008-07-06 14:24 . 2008-07-06 14:24	<DIR>	d--------	C:\WINDOWS\Sun2008-07-06 11:33 . 2008-07-06 13:12	<DIR>	d--------	C:\Program Files\a-squared Free2008-07-06 11:20 . 2008-07-06 11:20	<DIR>	d--------	C:\VirtualDubPortable2008-07-06 11:02 . 2008-07-06 11:02	<DIR>	d--------	C:\Documents and Settings\Łucznik335\Dane aplikacji\WebCompiler32008-07-06 10:53 . 2008-07-06 10:53	<DIR>	d--------	C:\Program Files\Pivot Stickfigure Animator2008-07-05 22:08 . 2008-07-05 22:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-07-05 22:08 . 2008-07-05 22:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\InstallShield.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-04 15:57	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-04 15:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-08-04 09:06	---------	d-----w	C:\Program Files\BearShare2008-07-31 20:19	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll2008-07-22 19:40	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-07-21 11:31	---------	d-----w	C:\Program Files\AviSynth 2.52008-07-21 11:13	---------	d-----w	C:\Program Files\AutoGK2008-07-19 12:10	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-07-15 08:59	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-07-08 15:36	---------	d-----w	C:\Program Files\MSBuild2008-07-06 22:40	---------	d-----w	C:\Program Files\iriverter2008-07-03 21:23	---------	d-----w	C:\Program Files\Sony Ericsson2008-07-03 21:23	---------	d-----w	C:\Program Files\Common Files\Teleca Shared2008-07-03 21:23	---------	d-----w	C:\Program Files\Common Files\Sony Ericsson Shared2008-07-03 21:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Teleca2008-07-03 21:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson2008-07-02 06:56	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Skype2008-07-01 22:02	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\skypePM2008-06-30 11:30	32	----a-w	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat2008-06-30 11:28	---------	d-----w	C:\Program Files\Skype2008-06-30 11:28	---------	d-----w	C:\Program Files\Common Files\Skype2008-06-30 11:28	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-29 14:55	---------	d-----w	C:\Program Files\Real Alternative2008-06-29 14:54	---------	d-----w	C:\Program Files\K-Lite Codec Pack2008-06-29 13:55	---------	d-----w	C:\Program Files\Lavasoft2008-06-29 13:55	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Lavasoft2008-06-29 13:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-29 13:45	---------	d-----w	C:\Program Files\ASUS2008-06-29 13:23	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-29 13:15	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\DAEMON Tools2008-06-29 09:06	43,698	----a-w	C:\WINDOWS\system32\xvid-uninstall.exe2008-06-29 09:06	---------	d-----w	C:\Program Files\Gabest2008-06-29 08:48	---------	d-----w	C:\Program Files\DVD Decrypter2008-06-28 20:01	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Teleca2008-06-28 19:59	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Sony Ericsson2008-06-28 13:13	---------	d-----w	C:\Program Files\Java2008-06-28 13:13	---------	d-----w	C:\Program Files\Common Files\Java2008-06-28 12:22	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Ubisoft2008-06-28 12:22	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-06-28 12:06	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\InstallShield2008-06-28 08:47	---------	d-----w	C:\Program Files\AVIcodec2008-06-28 08:40	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink2008-06-28 08:38	---------	d-----w	C:\Program Files\DVD Shrink2008-06-27 20:34	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Microsoft Games2008-06-27 19:57	---------	d-----w	C:\Program Files\SubEdit-Player2008-06-27 19:26	---------	d-----w	C:\Program Files\Any DVD Converter Professional2008-06-27 19:26	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Any DVD Converter Professional2008-06-27 19:16	---------	d-----w	C:\Program Files\ToniArts2008-06-27 17:41	---------	d-----w	C:\Program Files\ivo2008-06-27 16:37	---------	d-----w	C:\Program Files\Microsoft Works2008-06-27 16:33	---------	d-----w	C:\Program Files\MagicDisc2008-06-27 14:13	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Ahead2008-06-27 12:08	---------	d-----w	C:\Program Files\Guitar Pro 52008-06-27 12:05	---------	d-----w	C:\Program Files\PowerISO2008-06-27 12:01	---------	d-----w	C:\Program Files\DAEMON Tools Lite2008-06-27 11:59	715,248	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-06-27 11:59	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Gadu-Gadu2008-06-27 11:28	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Media Player Classic2008-06-27 11:24	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\Winamp2008-06-27 11:02	---------	d-----w	C:\Documents and Settings\Łucznik335\Dane aplikacji\EDGEDialer2008-06-27 11:01	---------	d-----w	C:\Program Files\ESET2008-06-27 11:01	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-06-27 10:27	---------	d-----w	C:\Program Files\EDGE Dialer2008-06-27 10:10	---------	d-----w	C:\Program Files\Realtek2008-06-27 10:06	---------	d-----w	C:\Program Files\NVIDIA Corporation2008-06-27 09:58	---------	d-----w	C:\Program Files\microsoft frontpage2008-06-27 09:57	---------	d-----w	C:\Program Files\Usługi online2008-05-16 09:48	446,464	----a-w	C:\WINDOWS\system32\NVUNINST.EXE.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 08:25 363008]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.audxacm"= audxacm.acm"msacm.ac3acm4audx"= AC3ACM4AUDX.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Łucznik335^Menu Start^Programy^Autostart^MagicDisc.lnk]path=C:\Documents and Settings\Łucznik335\Menu Start\Programy\Autostart\MagicDisc.lnkbackup=C:\WINDOWS\pss\MagicDisc.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-PLSessionManager]--a------ 2007-07-24 19:03 102400 C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]-ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\Gadu-Gadu\\gg.exe"="E:\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BitLord\\BitLord.exe"="D:\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="D:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"="E:\\Codemasters\\GRID\\GRID.exe"="D:\\Midway Home Entertainment\\BlackSite Area 51\\Binaries\\Blacksite.exe"=S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]*Newly Created Service* - CATCHME[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".Contents of the 'Scheduled Tasks' folder2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-05 01:07:03Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-05  1:07:29ComboFix-quarantined-files.txt  2008-08-04 23:07:28ComboFix2.txt  2008-08-04 21:22:16ComboFix3.txt  2008-07-31 12:32:27Pre-Run: 45,450,514,432 bajtów wolnychPost-Run: 45,430,800,384 bajtów wolnych489
snip91
komentarz
komentarz

Nic groźnego już nie widzę.

Danyyy
komentarz
komentarz

Dzięki wielkie :) plusik leci ;D

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.