2007-07-23 19:37 <DIR> d-------- C:\Program Files\Lavalys
2007-07-23 17:51 <DIR> d-------- C:\Program Files\SpeedFan
2007-07-23 17:48 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-23 08:53 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\Buena Vista Games
2007-07-23 08:50 <DIR> d-------- C:\Program Files\Buena Vista Games
2007-07-22 18:14 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\Activision
2007-07-22 17:59 <DIR> d-------- C:\Program Files\Activision
2007-07-17 08:49 <DIR> d-------- C:\Program Files\KONAMI
2007-07-17 08:47 <DIR> d-------- C:\bb
2007-07-14 12:29 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-13 12:46 <DIR> d-------- C:\Program Files\The Hulk
2007-07-12 21:48 <DIR> d-------- C:\Program Files\directx
2007-07-12 21:41 <DIR> d-------- C:\Universal Interactive
2007-07-11 22:48 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2007-07-11 19:55 <DIR> d-------- C:\Program Files\MarBit
2007-07-11 12:11 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2007-07-11 12:11 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2007-07-09 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TomTom
2007-07-09 11:10 <DIR> d-------- C:\Program Files\TomTom HOME
2007-07-07 14:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Disney Interactive
2007-07-07 10:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-07 10:50 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-07 10:50 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-07 10:50 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-07 10:50 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-06 16:11 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\Media Player Classic
2007-07-06 12:49 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-06 12:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-06 12:49 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-06 12:49 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-06 12:49 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-06 12:49 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-06 12:49 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-06 12:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-07-05 22:50 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\InstallShield
2007-07-05 13:34 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-05 13:34 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-05 00:13 <DIR> d--h----- C:\.LOCK
2007-07-04 22:00 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\Help
2007-07-04 20:17 545 --a------ C:\WINDOWS\UC.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\RAR.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\LHA.PIF
2007-07-04 20:17 545 --a------ C:\WINDOWS\ARJ.PIF
2007-07-04 12:20 <DIR> d-------- C:\Files
2007-07-03 22:01 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-07-03 22:01 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-07-02 19:39 <DIR> d-------- C:\Program Files\PANZERS - Faza 2
2007-06-30 00:44 <DIR> d-------- C:\Program Files\CS Corporation
2007-06-29 20:55 <DIR> d-------- C:\DOCUME~1\Andrzej\DANEAP~1\CyberLink
2007-06-27 22:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\CyberLink
2007-06-27 22:00 <DIR> d-------- C:\Program Files\CyberLink
2007-06-24 16:47 <DIR> d-------- C:\Program Files\ivo
2007-06-24 10:44 <DIR> d-------- C:\WINDOWS\speech
2007-06-24 09:27 <DIR> d-------- C:\Program Files\DivX
2007-06-23 10:07 <DIR> d-------- C:\Program Files\Kazaa Lite Rewolucja
2007-06-23 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kazaa Lite
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-23 15:48:37 2,359 ----a-w C:\WINDOWS\mozver.dat
2007-07-23 06:52:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-22 17:13:43 -------- d-----w C:\DOCUME~1\Andrzej\DANEAP~1\Ahead
2007-07-22 16:14:52 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-20 17:02:49 -------- d-----w C:\DOCUME~1\Andrzej\DANEAP~1\Skype
2007-07-15 20:36:53 10 ----a-w C:\WINDOWS\popcinfo.dat
2007-07-12 07:42:46 -------- d-----w C:\Program Files\Common Files\Ahead
2007-07-07 02:40:56 -------- d-----w C:\Program Files\Picasa2
2007-07-04 10:58:48 -------- d-----w C:\Program Files\TransDeu2
2007-06-27 20:00:31 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-21 10:20:01 -------- d-----w C:\Program Files\Microsoft.NET
2007-06-20 14:25:08 -------- d-----w C:\DOCUME~1\Andrzej\DANEAP~1\Tlen.pl
2007-06-20 14:19:52 -------- d-----w C:\Program Files\Tlen.pl
2007-06-20 10:20:58 -------- d-----w C:\Program Files\Gadu-Gadu
2007-06-20 10:20:58 -------- d-----w C:\DOCUME~1\Andrzej\DANEAP~1\Gadu-Gadu
2007-06-19 14:09:58 -------- d-----w C:\DOCUME~1\Andrzej\DANEAP~1\AdobeUM
2007-06-19 01:15:00 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 01:15:00 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-19 01:13:32 -------- d-----w C:\Program Files\Messenger
2007-06-17 11:35:31 -------- d-----w C:\Program Files\Google
2007-06-17 10:48:06 -------- d-----w C:\Program Files\Common Files\mapserv
2007-06-17 10:48:06 -------- d-----w C:\Program Files\Common Files\GIS
2007-06-17 09:59:07 -------- d-----w C:\Program Files\Nero
2007-06-16 21:34:22 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-06-16 21:20:48 -------- d-----w C:\Program Files\Lavasoft
2007-06-16 21:13:29 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-16 21:13:26 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-16 19:58:09 -------- d-----w C:\Program Files\Alcohol Soft
2007-06-16 19:55:29 -------- d-----w C:\Program Files\Skype
2007-06-16 19:55:27 -------- d-----w C:\Program Files\Common Files\Skype
2007-06-16 19:49:48 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-16 19:25:49 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-16 19:25:28 0 --sha-r C:\MSDOS.SYS
2007-06-16 19:25:28 0 --sha-r C:\IO.SYS
2007-06-16 19:25:28 0 ----a-w C:\CONFIG.SYS
2007-06-16 19:25:28 0 ----a-w C:\AUTOEXEC.BAT
2007-06-16 19:24:13 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-16 19:24:08 -------- d-----w C:\Program Files\Usługi online
2007-06-16 19:23:10 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-16 19:22:59 -------- d-----w C:\Program Files\Movie Maker
2007-06-16 19:21:58 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-16 19:21:19 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-16 19:21:08 -------- d-----w C:\Program Files\Windows NT
2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-08-02 10:35 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"NWEReboot"="" []
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"svchost"="C:\Program Files\Internet Explorer\Setup\svchost.exe" [2007-05-19 11:38]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 12:01]
"Total Uninstall Agent"="C:\Program Files\Total Uninstall 4\TuAgent.exe" []
"Expressivo"="C:\Program Files\ivo\Expressivo\expressivo.exe" [2006-12-04 22:03]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 ACEDRV07;ACEDRV07;\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 hwpsgt;hwpsgt;C:\WINDOWS\system32\DRIVERS\hwpsgt.sys
R2 lemsgt;lemsgt;C:\WINDOWS\system32\DRIVERS\lemsgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
R3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf092143-2aeb-11dc-b9be-0004619f9561}]
AutoRun\command- G:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccb59fe3-304c-11dc-b9ca-0004619f9561}]
AutoRun\command- H:\autoplay.exe
*Newly Created Service* - EVERESTDRIVER
*Newly Created Service* - SPEEDFAN
*Newly Created Service* - TVICHW32
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 20:47:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-23 20:48:23
C:\ComboFix-quarantined-files.txt ... 2007-07-23 20:48
--- E O F ---[url][/url][url][list=][/list]
- Kod: Zaznacz wszystko
[quote][u][/u][u][i][/i][b][/b][/u][/quote]
