Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Logi test zabezpieczeń :)
10 Sie 2008, 18:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:16, on 2008-08-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Users\Murarz\Desktop\Nowy folder\Ygoow.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 6937 bytes
C:\Windows\system32\svchost.exe
czy tego nie jest za dużo?
Poprosze o linka do aktualnej wersji Combofixa bo czytałem że on jest bardzo często aktualizowany
Chodzi mi o test moich aktualnych zabezpieczeń mam Kasperskiego 2009 i Spyware Doctor
Scan saved at 18:39:16, on 2008-08-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Users\Murarz\Desktop\Nowy folder\Ygoow.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 6937 bytes
C:\Windows\system32\svchost.exe
czy tego nie jest za dużo?
Poprosze o linka do aktualnej wersji Combofixa bo czytałem że on jest bardzo często aktualizowany
Chodzi mi o test moich aktualnych zabezpieczeń mam Kasperskiego 2009 i Spyware Doctor
10 Sie 2008, 20:25
Dużo procesów svchost jest normalnością
Log ok
Podaj log z Combofix
z tej str. sciągniesz najnowszego
Log ok
Podaj log z Combofix
z tej str. sciągniesz najnowszego
10 Sie 2008, 20:42
ComboFix 08-08-09.06 - Murarz 2008-08-10 20:31:48.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.1431 [GMT 2:00]
Running from: C:\Users\Murarz\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-09 19:21 . 2008-08-09 19:21 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Media Player Classic
2008-08-09 19:20 . 2008-07-04 08:34 860,160 --a------ C:\Windows\System32\lameACM.acm
2008-08-09 19:20 . 2004-01-25 18:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll
2008-08-09 19:20 . 2007-09-04 18:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-08-09 19:20 . 2007-09-21 02:52 118,784 --a------ C:\Windows\System32\ac3acm.acm
2008-08-09 19:20 . 2007-10-03 17:03 414 --a------ C:\Windows\System32\lame_acm.xml
2008-08-09 19:19 . 2008-08-09 19:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-09 19:19 . 2008-05-23 00:22 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-08-09 19:19 . 2008-01-10 14:15 755,027 --a------ C:\Windows\System32\xvidcore.dll
2008-08-09 19:19 . 2008-05-31 01:22 683,520 --a------ C:\Windows\System32\divx.dll
2008-08-09 19:19 . 2008-01-10 14:16 159,839 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-09 19:19 . 2008-05-23 00:19 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-08-09 19:19 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-08-09 19:19 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-08-09 16:05 . 2006-06-20 10:56 225,280 --a------ C:\Windows\System32\rewire.dll
2008-08-09 16:04 . 2002-07-08 00:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm
2008-08-09 16:00 . 2008-08-09 16:00 <DIR> d-------- C:\Program Files\Steinberg
2008-08-09 16:00 . 2008-08-09 16:05 <DIR> d-------- C:\Program Files\Image-Line
2008-08-08 03:19 . 2008-08-09 00:34 <DIR> d-------- C:\Users\All Users\SpeedBit
2008-08-08 03:19 . 2008-08-09 00:34 <DIR> d-------- C:\ProgramData\SpeedBit
2008-08-08 03:19 . 2008-08-09 23:46 <DIR> d-------- C:\Program Files\DAP
2008-08-07 04:08 . 2008-08-07 04:08 <DIR> d-------- C:\Users\All Users\Brontes Processing
2008-08-07 04:08 . 2008-08-07 04:08 <DIR> d-------- C:\ProgramData\Brontes Processing
2008-08-07 04:08 . 2008-08-09 00:35 <DIR> d-------- C:\Program Files\Brontes Processing
2008-08-06 23:36 . 2003-06-20 13:28 1,777,664 --a------ C:\Windows\System32\gdiplus.dll
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-06 23:01 . 2008-08-06 23:01 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-06 23:01 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-06 23:01 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-08-06 23:00 . 2008-08-06 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 22:15 . 2008-08-06 22:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-08-06 16:28 . 2005-02-26 07:34 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-08-06 01:53 . 2008-08-06 01:53 <DIR> d-------- C:\Windows\System32\Futuremark
2008-08-06 01:53 . 2008-08-06 01:53 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-08-06 01:53 . 2008-05-29 12:33 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-08-05 23:52 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-08-05 23:52 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-08-05 23:52 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-08-05 23:52 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-08-05 23:52 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-08-05 23:51 . 2008-08-06 01:25 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-05 15:22 . 2008-08-05 15:26 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-08-05 15:10 . 2008-08-05 15:10 <DIR> d-------- C:\Users\Murarz\DoctorWeb
2008-08-05 04:15 . 2008-08-05 04:17 <DIR> d-------- C:\Users\Murarz\vw
2008-08-05 01:19 . 2004-02-23 00:00 1,386,496 --a------ C:\Windows\System32\temp.000
2008-08-05 01:19 . 2004-02-17 00:00 278,581 --a------ C:\Windows\System32\temp.002
2008-08-05 01:19 . 2003-01-14 13:18 147,456 --a------ C:\Windows\System32\temp.001
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-31 12:02 . 2008-07-31 12:02 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-07-31 12:02 . 2008-07-31 12:02 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro
2008-07-31 11:50 . 2008-07-31 11:53 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-31 03:03 . 2008-08-06 22:54 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-31 01:28 . 2008-07-31 01:28 <DIR> d-------- C:\Users\Murarz\SystemRequirementsLab
2008-07-31 01:28 . 2008-07-31 01:28 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-30 19:40 . 2008-07-30 19:40 0 --ah----- C:\miniex.ant
2008-07-30 19:37 . 2008-07-30 19:37 1,896 --ah----- C:\AutoRepair Scrap.tmp
2008-07-30 19:36 . 2008-07-30 19:36 64,512 --ah----- C:\Users\Murarz\AppData\Roaming\dach100.dll
2008-07-30 19:34 . 2008-07-30 19:37 166 --ah----- C:\Windows\winshell.dat
2008-07-30 16:35 . 2008-07-30 16:35 <DIR> dr-h----- C:\Users\Murarz\AppData\Roaming\SecuROM
2008-07-30 03:23 . 2008-07-30 03:23 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\PC Tools
2008-07-30 03:23 . 2008-08-09 23:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-30 03:23 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-30 03:23 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-30 03:23 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-30 03:23 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-30 02:58 . 2008-07-30 03:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-30 02:58 . 2008-07-30 03:29 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-29 14:28 . 2008-07-29 14:28 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Uniblue
2008-07-29 13:40 . 2008-08-05 14:44 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-07-29 13:40 . 2008-08-05 14:44 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-07-29 13:40 . 2008-07-29 14:14 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-29 13:31 . 2008-07-29 13:31 <DIR> d-------- C:\Program Files\CCleaner
2008-07-28 20:06 . 2008-07-28 20:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-28 03:15 . 2008-07-28 03:15 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\ArcaBit
2008-07-28 02:28 . 2008-07-28 03:39 <DIR> d-------- C:\Windows\System32\ArcaMicroScan
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\Users\Default.LOG2
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\Users\Default.LOG1
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\ProgramData.LOG2
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\ProgramData.LOG1
2008-07-28 01:28 . 2008-07-28 01:37 164 --a------ C:\install.dat
2008-07-28 00:59 . 2008-07-28 00:59 350,208 --a------ C:\Windows\System32\d3drm.dll
2008-07-27 18:10 . 2008-07-27 18:10 0 --a------ C:\Windows\nsreg.dat
2008-07-27 14:40 . 2008-07-27 14:40 171,136 -rahs---- C:\loadmgr
2008-07-27 13:49 . 2008-07-27 13:20 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-27 13:49 . 2008-07-27 13:20 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-27 13:22 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-26 22:06 . 2008-07-26 22:11 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-26 22:06 . 2008-07-26 22:11 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-26 13:33 . 2008-08-04 23:17 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-07-26 13:33 . 2008-08-04 23:17 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-07-25 09:50 . 2008-07-25 09:50 <DIR> d-------- C:\Users\All Users\Trymedia
2008-07-25 09:50 . 2008-07-25 09:50 <DIR> d-------- C:\ProgramData\Trymedia
2008-07-24 11:05 . 2008-07-24 11:05 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-07-21 21:56 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-21 19:02 . 2008-07-21 19:02 <DIR> d-------- C:\Program Files\Gadu-Gadu Sekretarka
2008-07-20 15:29 . 2008-07-20 15:29 23 --a------ C:\Windows\BlendSettings.ini
2008-07-19 14:01 . 2008-07-27 14:14 <DIR> d-------- C:\perflogs
2008-07-18 20:20 . 2008-07-18 20:20 50 --a------ C:\Windows\MegaManager.INI
2008-07-18 06:47 . 2008-07-18 06:47 <DIR> d-------- C:\Users\All Users\ConeXware
2008-07-18 06:47 . 2008-07-18 06:47 <DIR> d-------- C:\ProgramData\ConeXware
2008-07-18 06:27 . 2008-07-19 10:29 <DIR> d-------- C:\Users\All Users\WinZip
2008-07-18 06:27 . 2008-07-19 10:29 <DIR> d-------- C:\ProgramData\WinZip
2008-07-17 16:12 . 1998-10-07 12:54 327,168 --a------ C:\Windows\IsUn0415.exe
2008-07-17 10:21 . 2008-08-09 21:27 <DIR> d-------- C:\Windows\BDOSCAN8
2008-07-16 19:50 . 2008-07-16 19:50 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Megaupload
2008-07-16 13:15 . 2008-07-16 13:15 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-07-16 13:06 . 2008-07-16 13:06 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-07-16 11:54 . 2008-08-10 20:30 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-16 11:54 . 2008-08-10 20:30 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-16 01:17 . 2008-07-16 01:17 <DIR> d-------- C:\Program Files\Budzik
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 18:35 --------- d-----w C:\Program Files\cFosSpeed
2008-08-10 13:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-09 22:00 --------- d-----w C:\Users\Murarz\AppData\Roaming\uTorrent
2008-08-09 21:45 786,464 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-08-09 21:45 5,864 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-08-09 21:45 4,666,400 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-09 21:45 39,632 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-09 17:11 --------- d-----w C:\Program Files\ffdshow
2008-08-07 00:06 --------- d-----w C:\Program Files\Java
2008-08-06 17:26 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-05 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 02:57 --------- d-----w C:\Program Files\Opera
2008-07-27 12:21 174 --sha-w C:\Program Files\desktop.ini
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Journal
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Defender
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Calendar
2008-07-27 12:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-27 12:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-23 17:24 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-21 16:54 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-21 12:10 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-21 12:10 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-14 06:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-08 15:01 --------- d-----w C:\Program Files\directx
2008-07-07 20:42 --------- d-----w C:\Program Files\Ares
2008-07-07 01:52 --------- d-----w C:\Users\Murarz\AppData\Roaming\LimeWire
2008-07-06 20:21 --------- d-----w C:\Program Files\Common Files\Java
2008-07-06 11:48 --------- d-----w C:\Program Files\MarBit
2008-07-06 00:51 --------- d-----w C:\Program Files\COD4 Quick Launcher
2008-07-04 21:21 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-04 21:21 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-04 21:21 --------- d-----w C:\Program Files\Realtek
2008-07-04 20:40 --------- d-----w C:\Program Files\ATI Technologies
2008-07-04 20:35 --------- d-----w C:\Program Files\ATI
2008-07-04 19:51 22,328 ----a-w C:\Users\Murarz\AppData\Roaming\PnkBstrK.sys
2008-07-04 17:18 --------- d-----w C:\Program Files\Intel
2008-07-04 17:16 --------- d-----w C:\Users\Murarz\AppData\Roaming\InstallShield
2008-07-03 19:59 --------- d-----w C:\Program Files\Sunrise Vista Konfigurator
2008-07-03 18:42 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-07-03 18:37 --------- d-----w C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-07-03 16:10 --------- d-----w C:\Program Files\Jufsoft
2008-07-03 12:13 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 21:11 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-07-02 20:46 --------- d-----w C:\Users\Murarz\AppData\Roaming\AdobeUM
2008-07-02 20:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-02 20:34 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-07-02 20:34 --------- d-----w C:\Program Files\BitLocker
2008-07-02 20:33 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-07-02 18:00 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-02 18:00 --------- d-----w C:\Users\Murarz\AppData\Roaming\DAEMON Tools
2008-07-02 16:18 --------- d-----w C:\Program Files\uTorrent
2008-07-02 15:41 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-07-02 15:24 18,048 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-07-02 14:41 --------- d-----w C:\Users\Murarz\AppData\Roaming\ATI
2008-07-02 14:00 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-02 13:36 --------- d-----w C:\Users\Murarz\AppData\Roaming\Gadu-Gadu
2008-07-02 13:11 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-07-02 13:04 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-02 13:03 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-02 13:00 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-02 13:00 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-02 12:59 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 12:59 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 12:59 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 12:59 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 12:59 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 12:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 12:59 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-02 12:57 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-02 12:57 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-02 12:57 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-02 12:56 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-05-02 18:30 863448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-30 15:00 909904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-07 10:24 5369856 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Murarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Budzik.lnk]
path=C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Budzik.lnk
backup=C:\Windows\pss\Budzik.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{47A5E0A7-972E-4C82-8E8F-5FF3078BED66}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{4F6E1397-0CB6-4D40-9A1E-6F49FD4B571A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"{317207CB-D3A7-48A5-BD29-8F1F304F40A0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DBFABB07-85FC-4DD7-A668-AB18DA4BCE88}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{132EECA7-3E67-4994-A4F1-53391CD7E96B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F637CE35-26D9-428B-80FF-A2FAAEF9D853}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{95225771-E29A-44D0-AA15-FC020A8FE2C9}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{643E3991-C1B1-4917-B412-1B412CD15DA5}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{6E883C07-3998-406A-A47C-40B819EB5A99}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BC94EA47-4F4D-4840-B7E8-6842EB76BA99}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{69113610-B5D7-4D59-BF5C-FB1B60B89367}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{42C1FE5B-D4E5-425F-B7A1-7CB87C20F0B2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A874FD39-2E46-4891-82C9-61A859549E9A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E2963232-1FED-43C9-BCB3-5F358A541A31}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{55EF7253-580C-4510-A00B-4AFBC259EFA2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{17E46C4B-0965-4356-98D1-63832B5EE8B9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{554F8986-21B2-44B6-93B8-8B21A6F8E5C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D717F461-AC6B-423F-AA83-02051E65A525}"= UDP:D:\World In Conflict\wic.exe:World in Conflict
"{34CE92F9-2E18-414C-BFCB-4584E55D72AB}"= TCP:D:\World In Conflict\wic.exe:World in Conflict
"{D8A10060-AFDB-43CD-B2B6-294B54BBAA9A}"= UDP:D:\World In Conflict\wic_online.exe:World in Conflict - Tylko online
"{69AE4876-10F5-4801-8C08-A17DBE15CF70}"= TCP:D:\World In Conflict\wic_online.exe:World in Conflict - Tylko online
"{12C86A5F-FA6F-4414-90B0-9888E0B69EED}"= UDP:D:\World In Conflict\wic_ds.exe:World in Conflict - Serwer
"{EBE03AED-753B-4F2C-9D2B-803F235D3ADA}"= TCP:D:\World In Conflict\wic_ds.exe:World in Conflict - Serwer
"TCP Query User{C84B578E-9671-4C29-A53F-1204F54A8358}D:\\nowy folder (8)\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= UDP:D:\nowy folder (8)\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{1EAA571F-6B74-4FEE-A99B-D7D9008B73A8}D:\\nowy folder (8)\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= TCP:D:\nowy folder (8)\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2003-02-01 15:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-06 23:01]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6584990c-5178-11dd-9fa4-0090ccd163e7}]
\shell\AutoRun\command - K:\OblivionLauncher.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-08-10 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-08-09 C:\Windows\Tasks\User_Feed_Synchronization-{D50C6F72-D000-4E6A-8E42-AB54B54C29C3}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = about:blank
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 20:35:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-10 20:37:10
ComboFix-quarantined-files.txt 2008-08-10 18:37:07
Pre-Run: 9,472,315,392 bajtów wolnych
Post-Run: 9,424,019,456 bajtów wolnych
349 --- E O F --- 2008-08-08 13:48:13
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.1431 [GMT 2:00]
Running from: C:\Users\Murarz\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-09 19:21 . 2008-08-09 19:21 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Media Player Classic
2008-08-09 19:20 . 2008-07-04 08:34 860,160 --a------ C:\Windows\System32\lameACM.acm
2008-08-09 19:20 . 2004-01-25 18:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll
2008-08-09 19:20 . 2007-09-04 18:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-08-09 19:20 . 2007-09-21 02:52 118,784 --a------ C:\Windows\System32\ac3acm.acm
2008-08-09 19:20 . 2007-10-03 17:03 414 --a------ C:\Windows\System32\lame_acm.xml
2008-08-09 19:19 . 2008-08-09 19:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-09 19:19 . 2008-05-23 00:22 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-08-09 19:19 . 2008-01-10 14:15 755,027 --a------ C:\Windows\System32\xvidcore.dll
2008-08-09 19:19 . 2008-05-31 01:22 683,520 --a------ C:\Windows\System32\divx.dll
2008-08-09 19:19 . 2008-01-10 14:16 159,839 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-09 19:19 . 2008-05-23 00:19 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-08-09 19:19 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-08-09 19:19 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-08-09 16:05 . 2006-06-20 10:56 225,280 --a------ C:\Windows\System32\rewire.dll
2008-08-09 16:04 . 2002-07-08 00:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm
2008-08-09 16:00 . 2008-08-09 16:00 <DIR> d-------- C:\Program Files\Steinberg
2008-08-09 16:00 . 2008-08-09 16:05 <DIR> d-------- C:\Program Files\Image-Line
2008-08-08 03:19 . 2008-08-09 00:34 <DIR> d-------- C:\Users\All Users\SpeedBit
2008-08-08 03:19 . 2008-08-09 00:34 <DIR> d-------- C:\ProgramData\SpeedBit
2008-08-08 03:19 . 2008-08-09 23:46 <DIR> d-------- C:\Program Files\DAP
2008-08-07 04:08 . 2008-08-07 04:08 <DIR> d-------- C:\Users\All Users\Brontes Processing
2008-08-07 04:08 . 2008-08-07 04:08 <DIR> d-------- C:\ProgramData\Brontes Processing
2008-08-07 04:08 . 2008-08-09 00:35 <DIR> d-------- C:\Program Files\Brontes Processing
2008-08-06 23:36 . 2003-06-20 13:28 1,777,664 --a------ C:\Windows\System32\gdiplus.dll
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-08-06 23:01 . 2008-08-06 23:01 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-06 23:01 . 2008-08-06 23:01 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-06 23:01 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-06 23:01 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-08-06 23:00 . 2008-08-06 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 22:15 . 2008-08-06 22:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-08-06 16:28 . 2005-02-26 07:34 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-08-06 01:53 . 2008-08-06 01:53 <DIR> d-------- C:\Windows\System32\Futuremark
2008-08-06 01:53 . 2008-08-06 01:53 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-08-06 01:53 . 2008-05-29 12:33 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-08-05 23:52 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-08-05 23:52 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-08-05 23:52 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-08-05 23:52 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-08-05 23:52 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-08-05 23:51 . 2008-08-05 23:51 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-08-05 23:51 . 2008-08-06 01:25 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-05 15:22 . 2008-08-05 15:26 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-08-05 15:10 . 2008-08-05 15:10 <DIR> d-------- C:\Users\Murarz\DoctorWeb
2008-08-05 04:15 . 2008-08-05 04:17 <DIR> d-------- C:\Users\Murarz\vw
2008-08-05 01:19 . 2004-02-23 00:00 1,386,496 --a------ C:\Windows\System32\temp.000
2008-08-05 01:19 . 2004-02-17 00:00 278,581 --a------ C:\Windows\System32\temp.002
2008-08-05 01:19 . 2003-01-14 13:18 147,456 --a------ C:\Windows\System32\temp.001
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-02 18:58 . 2008-08-02 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-31 12:02 . 2008-07-31 12:02 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-07-31 12:02 . 2008-07-31 12:02 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro
2008-07-31 11:50 . 2008-07-31 11:53 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-31 03:03 . 2008-08-06 22:54 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-31 01:28 . 2008-07-31 01:28 <DIR> d-------- C:\Users\Murarz\SystemRequirementsLab
2008-07-31 01:28 . 2008-07-31 01:28 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-30 19:40 . 2008-07-30 19:40 0 --ah----- C:\miniex.ant
2008-07-30 19:37 . 2008-07-30 19:37 1,896 --ah----- C:\AutoRepair Scrap.tmp
2008-07-30 19:36 . 2008-07-30 19:36 64,512 --ah----- C:\Users\Murarz\AppData\Roaming\dach100.dll
2008-07-30 19:34 . 2008-07-30 19:37 166 --ah----- C:\Windows\winshell.dat
2008-07-30 16:35 . 2008-07-30 16:35 <DIR> dr-h----- C:\Users\Murarz\AppData\Roaming\SecuROM
2008-07-30 03:23 . 2008-07-30 03:23 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\PC Tools
2008-07-30 03:23 . 2008-08-09 23:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-30 03:23 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-30 03:23 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-30 03:23 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-30 03:23 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-30 02:58 . 2008-07-30 03:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-30 02:58 . 2008-07-30 03:29 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-29 14:28 . 2008-07-29 14:28 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Uniblue
2008-07-29 13:40 . 2008-08-05 14:44 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-07-29 13:40 . 2008-08-05 14:44 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-07-29 13:40 . 2008-07-29 14:14 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-29 13:31 . 2008-07-29 13:31 <DIR> d-------- C:\Program Files\CCleaner
2008-07-28 20:06 . 2008-07-28 20:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-28 03:15 . 2008-07-28 03:15 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\ArcaBit
2008-07-28 02:28 . 2008-07-28 03:39 <DIR> d-------- C:\Windows\System32\ArcaMicroScan
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\Users\Default.LOG2
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\Users\Default.LOG1
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\ProgramData.LOG2
2008-07-28 02:15 . 2008-07-28 02:15 0 --ah----- C:\ProgramData.LOG1
2008-07-28 01:28 . 2008-07-28 01:37 164 --a------ C:\install.dat
2008-07-28 00:59 . 2008-07-28 00:59 350,208 --a------ C:\Windows\System32\d3drm.dll
2008-07-27 18:10 . 2008-07-27 18:10 0 --a------ C:\Windows\nsreg.dat
2008-07-27 14:40 . 2008-07-27 14:40 171,136 -rahs---- C:\loadmgr
2008-07-27 13:49 . 2008-07-27 13:20 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-27 13:49 . 2008-07-27 13:20 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-27 13:22 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-26 22:06 . 2008-07-26 22:11 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-26 22:06 . 2008-07-26 22:11 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-26 13:33 . 2008-08-04 23:17 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-07-26 13:33 . 2008-08-04 23:17 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-07-25 09:50 . 2008-07-25 09:50 <DIR> d-------- C:\Users\All Users\Trymedia
2008-07-25 09:50 . 2008-07-25 09:50 <DIR> d-------- C:\ProgramData\Trymedia
2008-07-24 11:05 . 2008-07-24 11:05 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-07-21 21:56 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-21 19:02 . 2008-07-21 19:02 <DIR> d-------- C:\Program Files\Gadu-Gadu Sekretarka
2008-07-20 15:29 . 2008-07-20 15:29 23 --a------ C:\Windows\BlendSettings.ini
2008-07-19 14:01 . 2008-07-27 14:14 <DIR> d-------- C:\perflogs
2008-07-18 20:20 . 2008-07-18 20:20 50 --a------ C:\Windows\MegaManager.INI
2008-07-18 06:47 . 2008-07-18 06:47 <DIR> d-------- C:\Users\All Users\ConeXware
2008-07-18 06:47 . 2008-07-18 06:47 <DIR> d-------- C:\ProgramData\ConeXware
2008-07-18 06:27 . 2008-07-19 10:29 <DIR> d-------- C:\Users\All Users\WinZip
2008-07-18 06:27 . 2008-07-19 10:29 <DIR> d-------- C:\ProgramData\WinZip
2008-07-17 16:12 . 1998-10-07 12:54 327,168 --a------ C:\Windows\IsUn0415.exe
2008-07-17 10:21 . 2008-08-09 21:27 <DIR> d-------- C:\Windows\BDOSCAN8
2008-07-16 19:50 . 2008-07-16 19:50 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Megaupload
2008-07-16 13:15 . 2008-07-16 13:15 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-07-16 13:06 . 2008-07-16 13:06 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-07-16 11:54 . 2008-08-10 20:30 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-16 11:54 . 2008-08-10 20:30 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-16 01:17 . 2008-07-16 01:17 <DIR> d-------- C:\Program Files\Budzik
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 18:35 --------- d-----w C:\Program Files\cFosSpeed
2008-08-10 13:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-09 22:00 --------- d-----w C:\Users\Murarz\AppData\Roaming\uTorrent
2008-08-09 21:45 786,464 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-08-09 21:45 5,864 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-08-09 21:45 4,666,400 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-09 21:45 39,632 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-09 17:11 --------- d-----w C:\Program Files\ffdshow
2008-08-07 00:06 --------- d-----w C:\Program Files\Java
2008-08-06 17:26 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-05 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 02:57 --------- d-----w C:\Program Files\Opera
2008-07-27 12:21 174 --sha-w C:\Program Files\desktop.ini
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Journal
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Defender
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-27 12:15 --------- d-----w C:\Program Files\Windows Calendar
2008-07-27 12:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-27 12:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-23 17:24 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-21 16:54 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-21 12:10 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-21 12:10 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-14 06:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-08 15:01 --------- d-----w C:\Program Files\directx
2008-07-07 20:42 --------- d-----w C:\Program Files\Ares
2008-07-07 01:52 --------- d-----w C:\Users\Murarz\AppData\Roaming\LimeWire
2008-07-06 20:21 --------- d-----w C:\Program Files\Common Files\Java
2008-07-06 11:48 --------- d-----w C:\Program Files\MarBit
2008-07-06 00:51 --------- d-----w C:\Program Files\COD4 Quick Launcher
2008-07-04 21:21 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-04 21:21 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-04 21:21 --------- d-----w C:\Program Files\Realtek
2008-07-04 20:40 --------- d-----w C:\Program Files\ATI Technologies
2008-07-04 20:35 --------- d-----w C:\Program Files\ATI
2008-07-04 19:51 22,328 ----a-w C:\Users\Murarz\AppData\Roaming\PnkBstrK.sys
2008-07-04 17:18 --------- d-----w C:\Program Files\Intel
2008-07-04 17:16 --------- d-----w C:\Users\Murarz\AppData\Roaming\InstallShield
2008-07-03 19:59 --------- d-----w C:\Program Files\Sunrise Vista Konfigurator
2008-07-03 18:42 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-07-03 18:37 --------- d-----w C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-07-03 16:10 --------- d-----w C:\Program Files\Jufsoft
2008-07-03 12:13 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 21:11 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-07-02 20:46 --------- d-----w C:\Users\Murarz\AppData\Roaming\AdobeUM
2008-07-02 20:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-02 20:34 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-07-02 20:34 --------- d-----w C:\Program Files\BitLocker
2008-07-02 20:33 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-07-02 18:00 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-02 18:00 --------- d-----w C:\Users\Murarz\AppData\Roaming\DAEMON Tools
2008-07-02 16:18 --------- d-----w C:\Program Files\uTorrent
2008-07-02 15:41 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-07-02 15:24 18,048 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-07-02 14:41 --------- d-----w C:\Users\Murarz\AppData\Roaming\ATI
2008-07-02 14:00 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-02 13:36 --------- d-----w C:\Users\Murarz\AppData\Roaming\Gadu-Gadu
2008-07-02 13:11 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-07-02 13:04 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-02 13:03 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-02 13:00 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-02 13:00 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-02 12:59 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 12:59 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 12:59 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 12:59 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 12:59 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 12:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 12:59 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-02 12:57 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-02 12:57 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-02 12:57 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-02 12:56 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-05-02 18:30 863448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-30 15:00 909904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-07 10:24 5369856 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Murarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Budzik.lnk]
path=C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Budzik.lnk
backup=C:\Windows\pss\Budzik.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{47A5E0A7-972E-4C82-8E8F-5FF3078BED66}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{4F6E1397-0CB6-4D40-9A1E-6F49FD4B571A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"{317207CB-D3A7-48A5-BD29-8F1F304F40A0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DBFABB07-85FC-4DD7-A668-AB18DA4BCE88}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{132EECA7-3E67-4994-A4F1-53391CD7E96B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F637CE35-26D9-428B-80FF-A2FAAEF9D853}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{95225771-E29A-44D0-AA15-FC020A8FE2C9}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{643E3991-C1B1-4917-B412-1B412CD15DA5}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{6E883C07-3998-406A-A47C-40B819EB5A99}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BC94EA47-4F4D-4840-B7E8-6842EB76BA99}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{69113610-B5D7-4D59-BF5C-FB1B60B89367}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{42C1FE5B-D4E5-425F-B7A1-7CB87C20F0B2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A874FD39-2E46-4891-82C9-61A859549E9A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E2963232-1FED-43C9-BCB3-5F358A541A31}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{55EF7253-580C-4510-A00B-4AFBC259EFA2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{17E46C4B-0965-4356-98D1-63832B5EE8B9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{554F8986-21B2-44B6-93B8-8B21A6F8E5C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D717F461-AC6B-423F-AA83-02051E65A525}"= UDP:D:\World In Conflict\wic.exe:World in Conflict
"{34CE92F9-2E18-414C-BFCB-4584E55D72AB}"= TCP:D:\World In Conflict\wic.exe:World in Conflict
"{D8A10060-AFDB-43CD-B2B6-294B54BBAA9A}"= UDP:D:\World In Conflict\wic_online.exe:World in Conflict - Tylko online
"{69AE4876-10F5-4801-8C08-A17DBE15CF70}"= TCP:D:\World In Conflict\wic_online.exe:World in Conflict - Tylko online
"{12C86A5F-FA6F-4414-90B0-9888E0B69EED}"= UDP:D:\World In Conflict\wic_ds.exe:World in Conflict - Serwer
"{EBE03AED-753B-4F2C-9D2B-803F235D3ADA}"= TCP:D:\World In Conflict\wic_ds.exe:World in Conflict - Serwer
"TCP Query User{C84B578E-9671-4C29-A53F-1204F54A8358}D:\\nowy folder (8)\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= UDP:D:\nowy folder (8)\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{1EAA571F-6B74-4FEE-A99B-D7D9008B73A8}D:\\nowy folder (8)\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= TCP:D:\nowy folder (8)\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2003-02-01 15:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-06 23:01]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6584990c-5178-11dd-9fa4-0090ccd163e7}]
\shell\AutoRun\command - K:\OblivionLauncher.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-08-10 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-08-09 C:\Windows\Tasks\User_Feed_Synchronization-{D50C6F72-D000-4E6A-8E42-AB54B54C29C3}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = about:blank
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 20:35:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-10 20:37:10
ComboFix-quarantined-files.txt 2008-08-10 18:37:07
Pre-Run: 9,472,315,392 bajtów wolnych
Post-Run: 9,424,019,456 bajtów wolnych
349 --- E O F --- 2008-08-08 13:48:13
10 Sie 2008, 20:46
Log czysty
Jeśli chcesz to przesknauj dla pewności jeszcze antywirusem
Jeśli chcesz to przesknauj dla pewności jeszcze antywirusem