Danyyy utworzono 4 sierpnia 2008 utworzono 4 sierpnia 2008 Ściagnąłem plik z neta i w czasie instalacji komp mi sie zrestartował i po włączeniu koło zegara na dole po prawej pojawiła sie ikonka, okragła czerwona i z białym krzyżykiem. co chwile wyswietla sie komunikat : Your computer is infected! Windows has detected spyware infection... idalej ostrzezenie albo rada zeby uzyc programu antispyware. przeskanowałem komputer Moim antywirem Nod 32 i wykrył on Genetic Trojan po skanowaniu go usunął nastepnie użyłem Ad-Aware, Arca Micro scan, A-squared free i kazdy z nich cos znalazł co oczywiscie usunąłem. / teraz po skanowaniu przez Combo fix komunikat zniknął ale Dam Logi dla 100% pewności Prosze o sprawdzenie ;D z góry dziękuje Log z HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:03, on 2008-08-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EDGE Dialer\Edge.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ljJBqrSK.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5BDFC342-8B82-4CD1-A04B-85954C7982CE}: NameServer = 217.116.100.66 217.116.100.65 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ljJBqrSK - C:\WINDOWS\SYSTEM32\ljJBqrSK.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSv[beeep]) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 7041 bytes log z Silent Runners "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nTrayFw" = "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" ["NVIDIA Corporation"] "JMB36X IDE Setup" = "C:\WINDOWS\JM\JMInsIDE.exe" [null data] "JMB36X Configure" = "C:\WINDOWS\system32\JMRaidSetup.exe boot" ["JMicron Technology Corp."] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "AsusStartupHelp" = "C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [null data] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"] "{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Łucznik335\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DVDDecrypterPlayDVDMovieOnArrival\ "Provider" = "DVD Decrypter" "InvokeProgID" = "DVDDecrypter" "InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt" HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classi" "InvokeProgID" = "MPC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MPC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /Dialog:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Winamp\winamp.exe"" ["Nullsoft"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SYSTEMROOT%\system32\nvappfilter.dll ["NVIDIA"], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{7C5C0F58-E061-457D-9033-77307F5ED00C}" -> {HKLM...CLSID} = "TorrentMan Toolbar" \InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{7C5C0F58-E061-457D-9033-77307F5ED00C}" = "TorrentMan Toolbar" -> {HKLM...CLSID} = "TorrentMan Toolbar" \InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Send to OneNote" "MenuText" = "S&end to OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{7c5c0f58-e061-457d-9033-77307f5ed00c}" = (no title provided) -> {HKLM...CLSID} = "TorrentMan Toolbar" \InProcServer32\(Default) = "C:\Program Files\TorrentMan\tbTorr.dll" ["Conduit Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe" [empty string] ForceWare IP service, nSv[beeep], "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe" ["NVIDIA Corporation"] ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA"] Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"] France Telecom Routing Table Service, FTRTSVC, ""C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"" ["France Telecom SA"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PunkBuster, PnkBstrA, ""D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"" [null data] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-08-04 23:30:44) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 60 seconds. ---------- (total run time: 89 seconds) Log z Combofix ComboFix 08-07-30.02 - Łucznik335 2008-08-04 23:18:26.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.3141 [GMT 2:00] Running from: C:\Documents and Settings\Łucznik335\Pulpit\ComboFix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\ljJBqrSK.dll C:\WINDOWS\system32\tuvSiiji.dll C:\WINDOWS\system32\winivstr.exe . ((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))) . 2008-08-04 21:52 . 2008-08-04 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Babylon 2008-08-04 21:52 . 2008-08-04 21:52 6,509,280 --a------ C:\WINDOWS\system32\Babylon7_setup.exe 2008-08-04 20:15 . 2008-08-04 20:15 <DIR> d-------- C:\Program Files\DoubleDesktop 2008-08-04 11:05 . 2008-08-04 11:05 <DIR> d-------- C:\My Downloads 2008-08-03 01:03 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-08-03 01:03 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll 2008-08-03 01:03 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-08-03 01:03 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll 2008-08-03 01:03 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-08-03 01:03 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-08-03 01:03 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-08-03 01:02 . 2008-08-03 01:02 <DIR> d-------- C:\WINDOWS\Logs 2008-08-01 13:49 . 2008-08-01 13:49 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-01 13:49 . 2008-08-01 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-07-31 13:11 . 2008-07-31 13:11 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-30 20:00 . 2008-08-01 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-07-30 16:34 . 2008-07-30 16:34 <DIR> d-------- C:\Program Files\Switch Off 2008-07-29 15:04 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp361.tmp 2008-07-29 15:04 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp360.tmp 2008-07-29 00:13 . 2008-07-29 00:14 <DIR> d-------- C:\WINDOWS\NV37602608.TMP 2008-07-29 00:13 . 2008-07-29 00:13 <DIR> d-------- C:\NVIDIA 2008-07-29 00:13 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-07-28 22:56 . 2008-07-28 23:03 <DIR> d-------- C:\Program Files\SpeedFan 2008-07-28 22:56 . 2008-07-28 22:56 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-07-28 20:08 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpE7.tmp 2008-07-28 20:08 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpE6.tmp 2008-07-28 15:13 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp20E.tmp 2008-07-28 15:13 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp20D.tmp 2008-07-24 12:38 . 2007-01-15 16:48 122,240 --a------ C:\WINDOWS\system32\drivers\Gtm51Irp.sys 2008-07-24 12:38 . 2007-01-15 16:48 36,992 --a------ C:\WINDOWS\system32\drivers\gtuqbus.sys 2008-07-24 12:38 . 2007-01-15 16:48 17,152 --a------ C:\WINDOWS\system32\drivers\gtffbus.sys 2008-07-24 12:38 . 2007-01-15 16:48 8,064 --a------ C:\WINDOWS\system32\drivers\gtptser.sys 2008-07-24 12:37 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll 2008-07-24 12:37 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys 2008-07-24 12:37 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys 2008-07-24 12:36 . 2008-07-24 14:43 <DIR> d-------- C:\Program Files\OrangeBS 2008-07-24 12:36 . 2008-07-24 14:42 <DIR> d-------- C:\Program Files\Common Files\France Telecom 2008-07-23 12:28 . 2008-07-29 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters 2008-07-23 12:27 . 2008-07-23 12:27 <DIR> d-------- C:\Program Files\OpenAL 2008-07-23 12:27 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-07-23 12:27 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-07-23 12:27 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD50.tmp 2008-07-23 12:27 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD4F.tmp 2008-07-23 12:27 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-07-23 12:27 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-07-23 12:27 . 2008-07-29 15:04 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-07-23 12:27 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-07-23 12:27 . 2008-07-29 15:04 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-07-23 12:27 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-07-22 21:55 . 2008-07-22 21:58 1,572 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-22 21:54 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-22 21:54 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-22 21:54 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-22 21:54 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-22 21:54 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-22 21:54 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-22 21:40 . 2008-07-22 21:40 219,648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe 2008-07-21 16:43 . 2008-07-21 16:43 <DIR> d-------- C:\Program Files\Nero 2008-07-21 16:43 . 2008-07-21 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-07-21 16:40 . 2008-07-21 16:40 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-07-21 16:40 . 2008-07-21 16:40 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-07-21 13:30 . 2008-07-21 13:35 <DIR> d-------- C:\Program Files\GordianKnot 2008-07-21 12:08 . 2008-07-21 12:08 <DIR> d-------- C:\Program Files\Aud-X 2008-07-20 21:34 . 2008-07-20 21:34 <DIR> d-------- C:\Program Files\DreamCatcher 2008-07-20 20:06 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-07-20 19:18 . 2008-07-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d-------- C:\Program Files\Lavalys 2008-07-19 23:36 . 2008-08-04 22:34 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-19 23:01 . 2008-08-01 13:49 <DIR> d-------- C:\Program Files\QuickTime 2008-07-19 23:01 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-07-19 23:01 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-07-19 23:00 . 2008-07-19 23:00 <DIR> d-------- C:\Program Files\ImTOO 2008-07-19 21:21 . 2008-07-27 10:40 <DIR> d-------- C:\Fraps 2008-07-19 20:25 . 2008-07-19 21:00 <DIR> d-------- C:\Program Files\CamStudio 2008-07-19 14:10 . 2008-07-21 16:46 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-07-19 14:10 . 2008-07-19 23:03 <DIR> d-------- C:\Program Files\Ahead 2008-07-19 00:35 . 2008-07-19 00:35 23 --a------ C:\WINDOWS\system32\feaaa3_z.ocx 2008-07-19 00:34 . 2008-07-19 00:35 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008 2008-07-18 23:46 . 2008-07-18 23:46 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\Program Files\CCleaner 2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-07-18 16:46 . 2008-07-18 20:09 <DIR> d-------- C:\Program Files\vghd 2008-07-18 16:38 . 2008-07-18 16:38 <DIR> d-------- C:\Program Files\Common Files\Totem Shared 2008-07-18 15:34 . 2008-07-18 15:35 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-07-17 16:55 . 2008-07-18 23:31 <DIR> d-------- C:\Program Files\Free Download Manager 2008-07-17 16:22 . 2008-07-17 16:22 <DIR> d-------- C:\Program Files\Google 2008-07-17 16:22 . 2008-07-17 16:54 <DIR> d-------- C:\Program Files\FlashGet 2008-07-17 15:30 . 2008-07-18 10:08 <DIR> d-------- C:\Downloads 2008-07-17 15:27 . 2008-07-17 16:48 <DIR> d-------- C:\Program Files\Software Informer 2008-07-15 20:33 . 2008-07-15 20:33 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-15 20:31 . 2008-07-16 16:37 992 --a------ C:\WINDOWS\unins000.dat 2008-07-15 10:58 . 2008-07-15 12:06 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2008-07-15 10:58 . 2008-07-15 12:06 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2008-07-15 10:58 . 2008-07-15 12:06 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2008-07-14 23:36 . 2008-07-16 15:42 <DIR> d-------- C:\Program Files\ASCPCWK 2008-07-14 21:37 . 2008-07-14 21:37 <DIR> d-------- C:\Program Files\TorrentMan 2008-07-14 21:37 . 2008-07-14 21:37 <DIR> d-------- C:\Program Files\Conduit 2008-07-14 21:37 . 2008-07-14 21:38 <DIR> d-------- C:\Program Files\BitLord 2008-07-11 19:58 . 2008-07-22 22:53 <DIR> d-------- C:\Program Files\Common Files\Native Instruments 2008-07-11 19:57 . 2008-07-22 22:53 <DIR> d-------- C:\Program Files\Native Instruments 2008-07-10 18:51 . 2008-07-10 18:51 <DIR> d-------- C:\Program Files\Play 2008-07-09 15:29 . 2008-07-09 15:29 <DIR> d-------- C:\Program Files\Juz w szkole klasa 2a 2008-07-09 15:29 . 2008-07-09 15:29 <DIR> d-------- C:\Program Files\Common Files\YDP 2008-07-09 15:29 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2008-07-08 23:57 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-08 23:55 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp 2008-07-08 23:33 . 2006-03-02 14:00 219,648 --a------ C:\WINDOWS\system32\uxtheme.tm 2008-07-08 22:04 . 2008-07-08 22:33 <DIR> d-------- C:\Program Files\KM Remote 2008-07-08 17:37 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\system32\pl-PL 2008-07-08 17:36 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-07-08 17:36 . 2008-07-08 17:36 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-07-08 17:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-07-08 17:35 . 2008-07-08 17:35 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-07-08 14:52 . 2008-07-08 14:52 <DIR> d-------- C:\Program Files\Plus! 2008-07-08 14:52 . 2008-07-09 00:00 2,359,350 --a------ C:\WINDOWS\Topthemes wallpaper.bmp 2008-07-08 14:52 . 2008-07-08 14:52 1,129,409 --a------ C:\WINDOWS\system32\New World.scr 2008-07-08 14:20 . 2008-07-08 14:20 <DIR> d-------- C:\cda 2008-07-08 11:03 . 2008-08-04 10:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-08 11:03 . 2008-07-08 11:03 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-07-08 11:03 . 2008-07-08 11:03 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-08 11:03 . 2008-07-08 11:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-04 15:57 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-04 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-04 09:06 --------- d-----w C:\Program Files\BearShare 2008-07-31 20:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-22 19:40 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-07-21 11:31 --------- d-----w C:\Program Files\AviSynth 2.5 2008-07-21 11:13 --------- d-----w C:\Program Files\AutoGK 2008-07-19 12:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2008-07-15 08:59 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-12 17:00 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll 2008-07-08 15:36 --------- d-----w C:\Program Files\MSBuild 2008-07-06 22:40 --------- d-----w C:\Program Files\iriverter 2008-07-03 21:23 --------- d-----w C:\Program Files\Sony Ericsson 2008-07-03 21:23 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-07-03 21:23 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2008-07-03 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-07-03 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-06-30 11:30 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-06-30 11:28 --------- d-----w C:\Program Files\Skype 2008-06-30 11:28 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-30 11:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-06-29 14:55 --------- d-----w C:\Program Files\Real Alternative 2008-06-29 14:54 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-29 13:55 --------- d-----w C:\Program Files\Lavasoft 2008-06-29 13:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-06-29 13:45 --------- d-----w C:\Program Files\ASUS 2008-06-29 13:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-06-29 09:06 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2008-06-29 09:06 --------- d-----w C:\Program Files\Gabest 2008-06-29 08:48 --------- d-----w C:\Program Files\DVD Decrypter 2008-06-28 13:13 --------- d-----w C:\Program Files\Java 2008-06-28 13:13 --------- d-----w C:\Program Files\Common Files\Java 2008-06-28 12:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2008-06-28 08:47 --------- d-----w C:\Program Files\AVIcodec 2008-06-28 08:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-06-28 08:38 --------- d-----w C:\Program Files\DVD Shrink 2008-06-27 19:57 --------- d-----w C:\Program Files\SubEdit-Player 2008-06-27 19:26 --------- d-----w C:\Program Files\Any DVD Converter Professional 2008-06-27 19:16 --------- d-----w C:\Program Files\ToniArts 2008-06-27 17:41 --------- d-----w C:\Program Files\ivo 2008-06-27 16:37 --------- d-----w C:\Program Files\Microsoft Works 2008-06-27 16:33 --------- d-----w C:\Program Files\MagicDisc 2008-06-27 12:08 --------- d-----w C:\Program Files\Guitar Pro 5 2008-06-27 12:05 --------- d-----w C:\Program Files\PowerISO 2008-06-27 12:01 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-27 11:59 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-27 11:01 --------- d-----w C:\Program Files\ESET 2008-06-27 11:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-06-27 10:27 --------- d-----w C:\Program Files\EDGE Dialer 2008-06-27 10:10 --------- d-----w C:\Program Files\Realtek 2008-06-27 10:06 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-06-27 09:58 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-27 09:57 --------- d-----w C:\Program Files\Usługi online 2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((( snapshot@2008-07-31_14.32.19.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-29 13:04:16 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-08-02 23:02:58 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-07-29 13:04:16 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-08-02 23:02:58 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-07-29 13:04:16 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-08-02 23:02:58 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-07-29 13:04:14 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:15 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:16 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:57 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:17 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-08-02 23:02:58 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-29 13:04:17 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-08-02 23:02:58 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-07-29 13:04:17 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-08-02 23:02:58 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-07-29 13:04:17 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-08-02 23:02:59 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-07-29 13:04:17 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-08-02 23:02:59 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-07-29 13:04:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-08-02 23:02:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-08-01 11:49:26 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe + 2008-08-02 09:07:05 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2005-09-22 23:35:10 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 08:25 363008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.audxacm"= audxacm.acm "msacm.ac3acm4audx"= AC3ACM4AUDX.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Łucznik335^Menu Start^Programy^Autostart^MagicDisc.lnk] path=C:\Documents and Settings\Łucznik335\Menu Start\Programy\Autostart\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-PLSessionManager] --a------ 2007-07-24 19:03 102400 C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\BearShare\\BearShare.exe"= "D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Gadu-Gadu\\gg.exe"= "E:\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "D:\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "D:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"= "C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"= "E:\\Codemasters\\GRID\\GRID.exe"= "D:\\Midway Home Entertainment\\BlackSite Area 51\\Binaries\\Blacksite.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Łucznik335\Dane aplikacji\Mozilla\Firefox\Profiles\pu4kbnsg.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 23:21:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-08-04 23:22:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-04 21:22:13 ComboFix2.txt 2008-07-31 12:32:27 Pre-Run: 45,455,585,280 bajtów wolnych Post-Run: 45,446,848,512 bajt˘w wolnych 382
snip91 komentarz 4 sierpnia 2008 komentarz 4 sierpnia 2008 O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ljJBqrSK.dllO4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exeO4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exeO20 - Winlogon Notify: ljJBqrSK - C:\WINDOWS\SYSTEM32\ljJBqrSK.dll FIX w HJT Do notatnika wklej: File::C:\WINDOWS\system32\braviax.exeC:\WINDOWS\system32\ljJBqrSK.dllC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\unvise32.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\000001_.tmpC:\WINDOWS\system32\BReWErS.dllFolder::C:\WINDOWS\NV37602608.TMP W notatniku zakładka Plik --> Zapisz jako --> zapisz pod nazwą CFScript.txt i zapisz go w tym samym katalogu, w którym jest ComboFix. Wystartuj tryb awaryjny (F8 podczas ładowania systemu). Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt tak, jak na obrazku: Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum. Po restarcie usuń ręcznie folder C:\Qoobox.
Danyyy komentarz 4 sierpnia 2008 Autor komentarz 4 sierpnia 2008 ale mam to wkleic do notatnika z logiem od HiJackThis? czy nowy poprostu zrobic i go nazwac CFScript? a cop do fixów w hi Jackthis to szukałem tych wpisów ale ich tam nie ma.
snip91 komentarz 4 sierpnia 2008 komentarz 4 sierpnia 2008 Zrób nowy log w HJT, zaznacz te wpisy, które podałem i wciśnij Fix Checked. Resztę wklejasz do normalnego nowego notatnika.
Danyyy komentarz 4 sierpnia 2008 Autor komentarz 4 sierpnia 2008 ok tamto juz rozumiem ale teraz dalej z tymi fixami, nzrobiłem nopwy log i jest lista wpisów po lewej sa kwadraciki do zaznaczenia ale wśród tych nie ma tych wpisów rozumiem ze powinny byc ale nie ma.
Danyyy komentarz 4 sierpnia 2008 Autor komentarz 4 sierpnia 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:05, on 2008-08-05Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeD:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\Program Files\EDGE Dialer\Edge.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Gadu-Gadu\gg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dllO3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exeO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exeO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe bootO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5BDFC342-8B82-4CD1-A04B-85954C7982CE}: NameServer = 217.116.100.66 217.116.100.65O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ForceWare IP service (nSv[beeep]) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSv[beeep].exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe--End of file - 6985 bytes
snip91 komentarz 4 sierpnia 2008 komentarz 4 sierpnia 2008 Log już jest czysty. Pewnie ComboFix usunął te zagrożenia, bo skanowałeś nim po wykonaniu loga w HJT. Wykonaj te czynności w CFX.
Danyyy komentarz 4 sierpnia 2008 Autor komentarz 4 sierpnia 2008 ok zrobiłem to w tym stanie awaryjnym i teraz zawartosc którego loga mam wkleic? tego RHD Setup? w tym własnie logu nie ma zadnych wpisów tylko jakies dane pare linijek tylko jak cos.
snip91 komentarz 4 sierpnia 2008 komentarz 4 sierpnia 2008 Log będzie w pliku ComboFix.txt Ale to już sprawdzę rano
Danyyy komentarz 4 sierpnia 2008 Autor komentarz 4 sierpnia 2008 ComboFix 08-07-30.02 - Łucznik335 2008-08-05 1:05:31.4 - NTFSx86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.3297 [GMT 2:00]Running from: C:\Documents and Settings\Łucznik335\Pulpit\ComboFix.exeCommand switches used :: C:\CFScript.txt[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]FILE ::C:\WINDOWS\[u]0[/u]00001_.tmpC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\braviax.exeC:\WINDOWS\system32\BReWErS.dllC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\ljJBqrSK.dllC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\unvise32.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\[u]0[/u]00001_.tmpC:\WINDOWS\NV37602608.TMPC:\WINDOWS\NV37602608.TMP\nv3d.chmC:\WINDOWS\NV37602608.TMP\nv3dara.chmC:\WINDOWS\NV37602608.TMP\nv3dchs.chmC:\WINDOWS\NV37602608.TMP\nv3dcht.chmC:\WINDOWS\NV37602608.TMP\nv3dcsy.chmC:\WINDOWS\NV37602608.TMP\nv3ddan.chmC:\WINDOWS\NV37602608.TMP\nv3ddeu.chmC:\WINDOWS\NV37602608.TMP\nv3dell.chmC:\WINDOWS\NV37602608.TMP\nv3deng.chmC:\WINDOWS\NV37602608.TMP\nv3desm.chmC:\WINDOWS\NV37602608.TMP\nv3desn.chmC:\WINDOWS\NV37602608.TMP\nv3dfin.chmC:\WINDOWS\NV37602608.TMP\nv3dfra.chmC:\WINDOWS\NV37602608.TMP\nv3dheb.chmC:\WINDOWS\NV37602608.TMP\nv3dhun.chmC:\WINDOWS\NV37602608.TMP\nv3dita.chmC:\WINDOWS\NV37602608.TMP\nv3djpn.chmC:\WINDOWS\NV37602608.TMP\nv3dkor.chmC:\WINDOWS\NV37602608.TMP\nv3dnld.chmC:\WINDOWS\NV37602608.TMP\nv3dnor.chmC:\WINDOWS\NV37602608.TMP\nv3dplk.chmC:\WINDOWS\NV37602608.TMP\nv3dptb.chmC:\WINDOWS\NV37602608.TMP\nv3dptg.chmC:\WINDOWS\NV37602608.TMP\nv3drus.chmC:\WINDOWS\NV37602608.TMP\nv3dsky.chmC:\WINDOWS\NV37602608.TMP\nv3dslv.chmC:\WINDOWS\NV37602608.TMP\nv3dsve.chmC:\WINDOWS\NV37602608.TMP\nv3dtha.chmC:\WINDOWS\NV37602608.TMP\nv3dtrk.chmC:\WINDOWS\NV37602608.TMP\nvcpl.chmC:\WINDOWS\NV37602608.TMP\nvcplara.chmC:\WINDOWS\NV37602608.TMP\nvcplchs.chmC:\WINDOWS\NV37602608.TMP\nvcplcht.chmC:\WINDOWS\NV37602608.TMP\nvcplcsy.chmC:\WINDOWS\NV37602608.TMP\nvcpldan.chmC:\WINDOWS\NV37602608.TMP\nvcpldeu.chmC:\WINDOWS\NV37602608.TMP\nvcplell.chmC:\WINDOWS\NV37602608.TMP\nvcpleng.chmC:\WINDOWS\NV37602608.TMP\nvcplesm.chmC:\WINDOWS\NV37602608.TMP\nvcplesn.chmC:\WINDOWS\NV37602608.TMP\nvcplfin.chmC:\WINDOWS\NV37602608.TMP\nvcplfra.chmC:\WINDOWS\NV37602608.TMP\nvcplheb.chmC:\WINDOWS\NV37602608.TMP\nvcplhun.chmC:\WINDOWS\NV37602608.TMP\nvcplita.chmC:\WINDOWS\NV37602608.TMP\nvcpljpn.chmC:\WINDOWS\NV37602608.TMP\nvcplkor.chmC:\WINDOWS\NV37602608.TMP\nvcplnld.chmC:\WINDOWS\NV37602608.TMP\nvcplnor.chmC:\WINDOWS\NV37602608.TMP\nvcplplk.chmC:\WINDOWS\NV37602608.TMP\nvcplptb.chmC:\WINDOWS\NV37602608.TMP\nvcplptg.chmC:\WINDOWS\NV37602608.TMP\nvcplrus.chmC:\WINDOWS\NV37602608.TMP\nvcplsky.chmC:\WINDOWS\NV37602608.TMP\nvcplslv.chmC:\WINDOWS\NV37602608.TMP\nvcplsve.chmC:\WINDOWS\NV37602608.TMP\nvcpltha.chmC:\WINDOWS\NV37602608.TMP\nvcpltrk.chmC:\WINDOWS\NV37602608.TMP\nvdsp.chmC:\WINDOWS\NV37602608.TMP\nvdspara.chmC:\WINDOWS\NV37602608.TMP\nvdspchs.chmC:\WINDOWS\NV37602608.TMP\nvdspcht.chmC:\WINDOWS\NV37602608.TMP\nvdspcsy.chmC:\WINDOWS\NV37602608.TMP\nvdspdan.chmC:\WINDOWS\NV37602608.TMP\nvdspdeu.chmC:\WINDOWS\NV37602608.TMP\nvdspell.chmC:\WINDOWS\NV37602608.TMP\nvdspeng.chmC:\WINDOWS\NV37602608.TMP\nvdspesm.chmC:\WINDOWS\NV37602608.TMP\nvdspesn.chmC:\WINDOWS\NV37602608.TMP\nvdspfin.chmC:\WINDOWS\NV37602608.TMP\nvdspfra.chmC:\WINDOWS\NV37602608.TMP\nvdspheb.chmC:\WINDOWS\NV37602608.TMP\nvdsphun.chmC:\WINDOWS\NV37602608.TMP\nvdspita.chmC:\WINDOWS\NV37602608.TMP\nvdspjpn.chmC:\WINDOWS\NV37602608.TMP\nvdspkor.chmC:\WINDOWS\NV37602608.TMP\nvdspnld.chmC:\WINDOWS\NV37602608.TMP\nvdspnor.chmC:\WINDOWS\NV37602608.TMP\nvdspplk.chmC:\WINDOWS\NV37602608.TMP\nvdspptb.chmC:\WINDOWS\NV37602608.TMP\nvdspptg.chmC:\WINDOWS\NV37602608.TMP\nvdsprus.chmC:\WINDOWS\NV37602608.TMP\nvdspsky.chmC:\WINDOWS\NV37602608.TMP\nvdspslv.chmC:\WINDOWS\NV37602608.TMP\nvdspsve.chmC:\WINDOWS\NV37602608.TMP\nvdsptha.chmC:\WINDOWS\NV37602608.TMP\nvdsptrk.chmC:\WINDOWS\NV37602608.TMP\nvmob.chmC:\WINDOWS\NV37602608.TMP\nvmobara.chmC:\WINDOWS\NV37602608.TMP\nvmobchs.chmC:\WINDOWS\NV37602608.TMP\nvmobcht.chmC:\WINDOWS\NV37602608.TMP\nvmobcsy.chmC:\WINDOWS\NV37602608.TMP\nvmobdan.chmC:\WINDOWS\NV37602608.TMP\nvmobdeu.chmC:\WINDOWS\NV37602608.TMP\nvmobell.chmC:\WINDOWS\NV37602608.TMP\nvmobeng.chmC:\WINDOWS\NV37602608.TMP\nvmobesm.chmC:\WINDOWS\NV37602608.TMP\nvmobesn.chmC:\WINDOWS\NV37602608.TMP\nvmobfin.chmC:\WINDOWS\NV37602608.TMP\nvmobfra.chmC:\WINDOWS\NV37602608.TMP\nvmobheb.chmC:\WINDOWS\NV37602608.TMP\nvmobhun.chmC:\WINDOWS\NV37602608.TMP\nvmobita.chmC:\WINDOWS\NV37602608.TMP\nvmobjpn.chmC:\WINDOWS\NV37602608.TMP\nvmobkor.chmC:\WINDOWS\NV37602608.TMP\nvmobnld.chmC:\WINDOWS\NV37602608.TMP\nvmobnor.chmC:\WINDOWS\NV37602608.TMP\nvmobplk.chmC:\WINDOWS\NV37602608.TMP\nvmobptb.chmC:\WINDOWS\NV37602608.TMP\nvmobptg.chmC:\WINDOWS\NV37602608.TMP\nvmobrus.chmC:\WINDOWS\NV37602608.TMP\nvmobsky.chmC:\WINDOWS\NV37602608.TMP\nvmobslv.chmC:\WINDOWS\NV37602608.TMP\nvmobsve.chmC:\WINDOWS\NV37602608.TMP\nvmobtha.chmC:\WINDOWS\NV37602608.TMP\nvmobtrk.chmC:\WINDOWS\system32\404Fix.exeC:\WINDOWS\system32\BReWErS.dllC:\WINDOWS\system32\dumphive.exeC:\WINDOWS\system32\feaaa3_z.ocxC:\WINDOWS\system32\SIntf16.dllC:\WINDOWS\system32\SIntf32.dllC:\WINDOWS\system32\SIntfNT.dllC:\WINDOWS\system32\SrchSTS.exeC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\tmp20D.tmpC:\WINDOWS\system32\tmp20E.tmpC:\WINDOWS\system32\tmp360.tmpC:\WINDOWS\system32\tmp361.tmpC:\WINDOWS\system32\tmpD4F.tmpC:\WINDOWS\system32\tmpD50.tmpC:\WINDOWS\system32\tmpE6.tmpC:\WINDOWS\system32\tmpE7.tmpC:\WINDOWS\system32\VACFix.exeC:\WINDOWS\system32\VCCLSID.exeC:\WINDOWS\system32\WS2Fix.exeC:\WINDOWS\unvise32.exe.((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))).2008-08-05 01:02 . 2008-08-05 01:02 <DIR> d-------- C:\Documents and Settings\Administrator2008-08-04 23:22 . 2008-08-04 23:22 <DIR> d-------- C:\Documents and Settings\úucznik3352008-08-04 21:52 . 2008-08-04 21:52 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\Babylon2008-08-04 21:52 . 2008-08-04 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Babylon2008-08-04 21:52 . 2008-08-04 21:52 6,509,280 --a------ C:\WINDOWS\system32\Babylon7_setup.exe2008-08-04 20:15 . 2008-08-04 20:15 <DIR> d-------- C:\Program Files\DoubleDesktop2008-08-04 11:05 . 2008-08-04 11:05 <DIR> d-------- C:\My Downloads2008-08-03 14:44 . 2008-08-03 14:44 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\ArcaBit2008-08-03 01:03 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll2008-08-03 01:03 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll2008-08-03 01:03 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll2008-08-03 01:03 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll2008-08-03 01:03 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll2008-08-03 01:03 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll2008-08-03 01:03 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll2008-08-03 01:02 . 2008-08-03 01:02 <DIR> d-------- C:\WINDOWS\Logs2008-08-01 13:49 . 2008-08-01 13:49 <DIR> d-------- C:\Program Files\Apple Software Update2008-08-01 13:49 . 2008-08-01 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple2008-07-31 13:11 . 2008-07-31 13:11 <DIR> d-------- C:\Program Files\Trend Micro2008-07-30 20:00 . 2008-08-01 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-07-30 16:34 . 2008-07-30 16:34 <DIR> d-------- C:\Program Files\Switch Off2008-07-29 00:13 . 2008-07-29 00:13 <DIR> d-------- C:\NVIDIA2008-07-29 00:13 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb2008-07-28 22:56 . 2008-07-28 23:03 <DIR> d-------- C:\Program Files\SpeedFan2008-07-28 22:56 . 2008-07-28 22:56 45 --a------ C:\WINDOWS\system32\initdebug.nfo2008-07-24 12:38 . 2007-01-15 16:48 122,240 --a------ C:\WINDOWS\system32\drivers\Gtm51Irp.sys2008-07-24 12:38 . 2007-01-15 16:48 36,992 --a------ C:\WINDOWS\system32\drivers\gtuqbus.sys2008-07-24 12:38 . 2007-01-15 16:48 17,152 --a------ C:\WINDOWS\system32\drivers\gtffbus.sys2008-07-24 12:38 . 2007-01-15 16:48 8,064 --a------ C:\WINDOWS\system32\drivers\gtptser.sys2008-07-24 12:37 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll2008-07-24 12:37 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys2008-07-24 12:37 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys2008-07-24 12:36 . 2008-07-24 14:43 <DIR> d-------- C:\Program Files\OrangeBS2008-07-24 12:36 . 2008-07-24 14:42 <DIR> d-------- C:\Program Files\Common Files\France Telecom2008-07-23 12:28 . 2008-07-29 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters2008-07-23 12:27 . 2008-07-23 12:27 <DIR> d-------- C:\Program Files\OpenAL2008-07-23 12:27 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll2008-07-23 12:27 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll2008-07-23 12:27 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll2008-07-23 12:27 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll2008-07-23 12:27 . 2008-07-29 15:04 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll2008-07-23 12:27 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll2008-07-23 12:27 . 2008-07-29 15:04 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll2008-07-23 12:27 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll2008-07-22 21:40 . 2008-07-22 21:40 219,648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll2008-07-21 20:35 . 2008-07-22 19:51 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\Bioshock2008-07-21 17:38 . 2008-07-21 17:38 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\InstallShield Installation Information2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-07-21 16:43 . 2008-07-21 16:43 <DIR> d-------- C:\Program Files\Nero2008-07-21 16:43 . 2008-07-21 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-07-21 16:40 . 2008-07-21 16:40 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys2008-07-21 16:40 . 2008-07-21 16:40 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys2008-07-21 13:30 . 2008-07-21 13:35 <DIR> d-------- C:\Program Files\GordianKnot2008-07-21 12:08 . 2008-07-21 12:08 <DIR> d-------- C:\Program Files\Aud-X2008-07-20 21:34 . 2008-07-20 21:34 <DIR> d-------- C:\Program Files\DreamCatcher2008-07-20 19:19 . 2008-07-20 19:19 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\Ashampoo2008-07-20 19:18 . 2008-07-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d-------- C:\Program Files\Lavalys2008-07-19 23:36 . 2008-08-04 22:34 69 --a------ C:\WINDOWS\NeroDigital.ini2008-07-19 23:19 . 2008-07-19 23:19 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\dvdcss2008-07-19 23:01 . 2008-08-01 13:49 <DIR> d-------- C:\Program Files\QuickTime2008-07-19 23:01 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL2008-07-19 23:01 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS2008-07-19 23:00 . 2008-07-19 23:00 <DIR> d-------- C:\Program Files\ImTOO2008-07-19 21:21 . 2008-07-27 10:40 <DIR> d-------- C:\Fraps2008-07-19 20:25 . 2008-07-19 21:00 <DIR> d-------- C:\Program Files\CamStudio2008-07-19 14:10 . 2008-07-21 16:46 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-07-19 14:10 . 2008-07-19 23:03 <DIR> d-------- C:\Program Files\Ahead2008-07-19 00:34 . 2008-07-19 00:35 <DIR> d-------- C:\Program Files\jv16 PowerTools 20082008-07-18 23:46 . 2008-07-18 23:46 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\Program Files\CCleaner2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\WINDOWS\system32\AGEIA2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-07-18 18:01 . 2008-07-18 18:01 <DIR> d-------- C:\Program Files\AGEIA Technologies2008-07-18 16:46 . 2008-07-18 20:09 <DIR> d-------- C:\Program Files\vghd2008-07-18 16:38 . 2008-07-18 16:38 <DIR> d-------- C:\Program Files\Common Files\Totem Shared2008-07-18 15:34 . 2008-07-18 15:35 <DIR> d-------- C:\Program Files\SystemRequirementsLab2008-07-18 15:34 . 2008-07-18 15:34 <DIR> d-------- C:\Documents and Settings\Łucznik335\SystemRequirementsLab2008-07-18 15:34 . 2008-07-18 15:34 <DIR> d-------- C:\Documents and Settings\Łucznik335\SystemRequirementsLab2008-07-18 14:44 . 2008-07-18 14:44 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\AdobeUM2008-07-17 16:55 . 2008-07-18 23:31 <DIR> d-------- C:\Program Files\Free Download Manager2008-07-17 16:22 . 2008-07-17 16:22 <DIR> d-------- C:\Program Files\Google2008-07-17 16:22 . 2008-07-17 16:54 <DIR> d-------- C:\Program Files\FlashGet2008-07-17 15:30 . 2008-07-18 10:08 <DIR> d-------- C:\Downloads2008-07-17 15:27 . 2008-07-17 16:48 <DIR> d-------- C:\Program Files\Software Informer2008-07-15 20:33 . 2008-07-15 20:33 <DIR> d-------- C:\Program Files\Common Files\Adobe2008-07-15 20:31 . 2008-07-16 16:37 992 --a------ C:\WINDOWS\unins000.dat2008-07-14 23:36 . 2008-07-16 15:42 <DIR> d-------- C:\Program Files\ASCPCWK2008-07-14 21:37 . 2008-07-14 21:37 <DIR> d-------- C:\Program Files\TorrentMan2008-07-14 21:37 . 2008-07-14 21:37 <DIR> d-------- C:\Program Files\Conduit2008-07-14 21:37 . 2008-07-14 21:38 <DIR> d-------- C:\Program Files\BitLord2008-07-11 19:58 . 2008-07-22 22:53 <DIR> d-------- C:\Program Files\Common Files\Native Instruments2008-07-11 19:57 . 2008-07-22 22:53 <DIR> d-------- C:\Program Files\Native Instruments2008-07-10 18:51 . 2008-07-10 18:51 <DIR> d-------- C:\Program Files\Play2008-07-10 18:51 . 2008-07-10 18:51 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\Ponys2008-07-09 15:29 . 2008-07-09 15:29 <DIR> d-------- C:\Program Files\Juz w szkole klasa 2a2008-07-09 15:29 . 2008-07-09 15:29 <DIR> d-------- C:\Program Files\Common Files\YDP2008-07-09 15:29 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe2008-07-08 23:57 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll2008-07-08 23:33 . 2006-03-02 14:00 219,648 --a------ C:\WINDOWS\system32\uxtheme.tm2008-07-08 22:04 . 2008-07-08 22:33 <DIR> d-------- C:\Program Files\KM Remote2008-07-08 17:37 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\system32\pl-PL2008-07-08 17:36 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer2008-07-08 17:36 . 2008-07-08 17:36 <DIR> d-------- C:\Program Files\Reference Assemblies2008-07-08 17:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll2008-07-08 17:35 . 2008-07-08 17:35 <DIR> d-------- C:\Program Files\MSXML 6.02008-07-08 14:52 . 2008-07-08 14:52 <DIR> d-------- C:\Program Files\Plus!2008-07-08 14:52 . 2008-07-09 00:00 2,359,350 --a------ C:\WINDOWS\Topthemes wallpaper.bmp2008-07-08 14:52 . 2008-07-08 14:52 1,129,409 --a------ C:\WINDOWS\system32\New World.scr2008-07-08 14:20 . 2008-07-08 14:20 <DIR> d-------- C:\cda2008-07-08 11:55 . 2008-07-08 11:55 <DIR> dr-h----- C:\Documents and Settings\Łucznik335\Dane aplikacji\SecuROM2008-07-08 11:03 . 2008-08-04 10:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-07-08 11:03 . 2008-07-08 11:03 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe2008-07-08 11:03 . 2008-07-08 11:03 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe2008-07-08 11:03 . 2008-07-08 11:03 103,736 --a------ C:\Documents and Settings\Łucznik335\Dane aplikacji\PnkBstrB.exe2008-07-08 11:03 . 2008-07-08 11:03 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe2008-07-06 21:10 . 2008-07-06 21:10 <DIR> d-------- C:\Program Files\Ubisoft2008-07-06 14:24 . 2008-07-06 14:24 <DIR> d-------- C:\WINDOWS\Sun2008-07-06 11:33 . 2008-07-06 13:12 <DIR> d-------- C:\Program Files\a-squared Free2008-07-06 11:20 . 2008-07-06 11:20 <DIR> d-------- C:\VirtualDubPortable2008-07-06 11:02 . 2008-07-06 11:02 <DIR> d-------- C:\Documents and Settings\Łucznik335\Dane aplikacji\WebCompiler32008-07-06 10:53 . 2008-07-06 10:53 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator2008-07-05 22:08 . 2008-07-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-07-05 22:08 . 2008-07-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-04 15:57 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-04 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-08-04 09:06 --------- d-----w C:\Program Files\BearShare2008-07-31 20:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-07-22 19:40 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll2008-07-21 11:31 --------- d-----w C:\Program Files\AviSynth 2.52008-07-21 11:13 --------- d-----w C:\Program Files\AutoGK2008-07-19 12:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-07-15 08:59 --------- d-----w C:\Program Files\Common Files\InstallShield2008-07-08 15:36 --------- d-----w C:\Program Files\MSBuild2008-07-06 22:40 --------- d-----w C:\Program Files\iriverter2008-07-03 21:23 --------- d-----w C:\Program Files\Sony Ericsson2008-07-03 21:23 --------- d-----w C:\Program Files\Common Files\Teleca Shared2008-07-03 21:23 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared2008-07-03 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca2008-07-03 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson2008-07-02 06:56 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Skype2008-07-01 22:02 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\skypePM2008-06-30 11:30 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat2008-06-30 11:28 --------- d-----w C:\Program Files\Skype2008-06-30 11:28 --------- d-----w C:\Program Files\Common Files\Skype2008-06-30 11:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-29 14:55 --------- d-----w C:\Program Files\Real Alternative2008-06-29 14:54 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-06-29 13:55 --------- d-----w C:\Program Files\Lavasoft2008-06-29 13:55 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Lavasoft2008-06-29 13:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-29 13:45 --------- d-----w C:\Program Files\ASUS2008-06-29 13:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-29 13:15 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\DAEMON Tools2008-06-29 09:06 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe2008-06-29 09:06 --------- d-----w C:\Program Files\Gabest2008-06-29 08:48 --------- d-----w C:\Program Files\DVD Decrypter2008-06-28 20:01 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Teleca2008-06-28 19:59 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Sony Ericsson2008-06-28 13:13 --------- d-----w C:\Program Files\Java2008-06-28 13:13 --------- d-----w C:\Program Files\Common Files\Java2008-06-28 12:22 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Ubisoft2008-06-28 12:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-06-28 12:06 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\InstallShield2008-06-28 08:47 --------- d-----w C:\Program Files\AVIcodec2008-06-28 08:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink2008-06-28 08:38 --------- d-----w C:\Program Files\DVD Shrink2008-06-27 20:34 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Microsoft Games2008-06-27 19:57 --------- d-----w C:\Program Files\SubEdit-Player2008-06-27 19:26 --------- d-----w C:\Program Files\Any DVD Converter Professional2008-06-27 19:26 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Any DVD Converter Professional2008-06-27 19:16 --------- d-----w C:\Program Files\ToniArts2008-06-27 17:41 --------- d-----w C:\Program Files\ivo2008-06-27 16:37 --------- d-----w C:\Program Files\Microsoft Works2008-06-27 16:33 --------- d-----w C:\Program Files\MagicDisc2008-06-27 14:13 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Ahead2008-06-27 12:08 --------- d-----w C:\Program Files\Guitar Pro 52008-06-27 12:05 --------- d-----w C:\Program Files\PowerISO2008-06-27 12:01 --------- d-----w C:\Program Files\DAEMON Tools Lite2008-06-27 11:59 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-06-27 11:59 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Gadu-Gadu2008-06-27 11:28 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Media Player Classic2008-06-27 11:24 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\Winamp2008-06-27 11:02 --------- d-----w C:\Documents and Settings\Łucznik335\Dane aplikacji\EDGEDialer2008-06-27 11:01 --------- d-----w C:\Program Files\ESET2008-06-27 11:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-06-27 10:27 --------- d-----w C:\Program Files\EDGE Dialer2008-06-27 10:10 --------- d-----w C:\Program Files\Realtek2008-06-27 10:06 --------- d-----w C:\Program Files\NVIDIA Corporation2008-06-27 09:58 --------- d-----w C:\Program Files\microsoft frontpage2008-06-27 09:57 --------- d-----w C:\Program Files\Usługi online2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-21 00:43 1526296][HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 08:25 363008]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.audxacm"= audxacm.acm"msacm.ac3acm4audx"= AC3ACM4AUDX.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Łucznik335^Menu Start^Programy^Autostart^MagicDisc.lnk]path=C:\Documents and Settings\Łucznik335\Menu Start\Programy\Autostart\MagicDisc.lnkbackup=C:\WINDOWS\pss\MagicDisc.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-PLSessionManager]--a------ 2007-07-24 19:03 102400 C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]-ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\Gadu-Gadu\\gg.exe"="E:\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BitLord\\BitLord.exe"="D:\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="D:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"="E:\\Codemasters\\GRID\\GRID.exe"="D:\\Midway Home Entertainment\\BlackSite Area 51\\Binaries\\Blacksite.exe"=S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]*Newly Created Service* - CATCHME[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".Contents of the 'Scheduled Tasks' folder2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-05 01:07:03Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-05 1:07:29ComboFix-quarantined-files.txt 2008-08-04 23:07:28ComboFix2.txt 2008-08-04 21:22:16ComboFix3.txt 2008-07-31 12:32:27Pre-Run: 45,450,514,432 bajtów wolnychPost-Run: 45,430,800,384 bajtów wolnych489
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.