Przeskanowałem kompa kasperskym online wykrył 4 wirusy zainfekowanych plików 6 chciałem zapisać raport ale nie dało rady.Mój system Vista Ultimate
zaczoł swirować mam Bitdefendera co chwila wyskakuje mi okienko o tym ze sterowniki nie sa zgodne coś tam blabla bla (to od bitdefendera)
np gdy instaluje gre mam 10 gb wolnego miejsca na dysku C za chwile patrze a tam na czerwono że jest 1.96 gb lol
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:46, on 2008-05-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gadu-Gadu\gg.exe
F:\EE3AutoRun.exe
C:\Users\Murarz\AppData\Local\Temp\_is4417.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 5122 bytes
System swiruje
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
4 posty(ów)
• Strona 1 z 1
System swiruje
przez murarz777 » 06 Maj 2008, 23:43
UA:
Człowiek, który porusza się w tłumie, nie dojdzie dalej niż inni. Ten, który chodzi samotnie, może znaleźć się tam gdzie jeszcze nikogo nie było.
-
murarz777 - Zacny pisarz
- Posty: 1405
- Dołączenie: 09 Lip 2007, 01:51
- Miejscowość: nie wiem
- Pochwały: 3
przez murarz777 » 07 Maj 2008, 16:41
UA:
Deckard's System Scanner v20071014.68
Run by Murarz on 2008-05-07 16:33:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-05-06 21:46:28 UTC - RP332 - Zainstalowany program DirectX
3: 2008-05-06 21:33:10 UTC - RP330 - Zainstalowane Empire Earth III
2: 2008-05-06 01:12:45 UTC - RP328 - Zaplanowany punkt kontrolny
1: 2008-05-05 01:18:07 UTC - RP327 - Zaplanowany punkt kontrolny
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 3.22 GiB (less than 15%) free.
-- HijackThis (run as Murarz.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:56, on 2008-05-07
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Murarz\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Murarz.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 5240 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080308-030519-450 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
backup-20080308-030523-295 O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
backup-20080308-030523-624 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com ... hcImpl.cab
backup-20080308-030524-754 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
backup-20080308-030530-240 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20080308-030603-155 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
backup-20080314-162300-194 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-218 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
backup-20080314-162300-221 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080314-162300-222 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
backup-20080314-162300-346 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080314-162300-461 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-477 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080314-162300-674 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080314-162300-684 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20080314-162300-686 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
backup-20080314-162300-836 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-881 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080325-024306-470 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080325-024306-491 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080325-024330-279 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
backup-20080325-024345-801 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
backup-20080325-024408-273 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
backup-20080325-024408-525 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20080325-024424-245 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
-- File Associations -----------------------------------------------------------
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bdpredir - \??\c:\program files\softwin\bitdefender10\bdpredir.sys
R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 bdfsfltr - c:\windows\system32\drivers\bdfsfltr.sys <Not Verified; SOFTWIN S.R.L.; BitDefender® Anti-Virus>
S0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
S0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
S3 PROCEXP90 - \??\c:\windows\system32\drivers\procexp90.sys
S3 RushTopDevice - \??\c:\program files\msi\core center\rushtop.sys
S3 TVICHW32 - \??\c:\windows\system32\drivers\tvichw32.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-07 16:35:00 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{99932CAA-4B9E-44FC-93D9-B6FFBF46329C}.job
2008-05-07 16:34:59 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{03C58126-383B-415F-ADB4-F7AB67D238DB}.job
2008-05-07 14:52:05 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{AFBF26B5-D0E4-480D-BA83-BEF6935EC92E}.job
-- Files created between 2008-04-07 and 2008-05-07 -----------------------------
2008-05-06 23:46:26 0 d-------- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-05-05 22:21:38 0 d-------- C:\Soldat
2008-05-04 18:39:26 0 d-------- C:\Program Files\TrackMania Nations ESWC
2008-05-04 18:24:29 0 d-------- C:\Program Files\GoldWave
2008-05-02 22:56:38 45 ---h----- C:\Windows\dsez3293.dat
2008-05-02 00:38:18 0 d-------- C:\Program Files\ToniArts
2008-05-01 02:33:37 0 d-------- C:\Program Files\Ares
2008-04-30 21:55:17 0 d-------- C:\Users\All Users\Ubisoft
2008-04-30 18:30:17 0 d-------- C:\Program Files\BearShare Applications
2008-04-25 15:00:23 0 d-------- C:\Program Files\WinPcap
2008-04-24 01:53:36 0 d-------- C:\Program Files\Wireshark
2008-04-23 00:32:33 0 d-------- C:\Program Files\MAIET
2008-04-22 21:54:35 0 d-------- C:\Program Files\Valve
2008-04-22 19:49:03 81984 --a------ C:\Windows\system32\bdod.bin
2008-04-22 19:43:31 0 d-------- C:\Users\All Users\BitDefender
2008-04-22 16:25:00 0 d-------- C:\Program Files\Tibia
2008-04-20 20:16:41 0 d-------- C:\Program Files\YouTube Video Downloader
2008-04-19 21:02:12 0 d-------- C:\Program Files\CamStudio
2008-04-18 23:57:39 0 d-------- C:\Python25
2008-04-18 21:55:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2008-04-17 22:53:07 0 d--hs---- C:\found.000
2008-04-12 21:27:39 0 d-------- C:\Program Files\Real Alternative
2008-04-12 15:22:48 0 d-------- C:\Users\All Users\Last.fm
2008-04-12 15:22:08 0 d-------- C:\Program Files\Last.fm
2008-04-12 00:03:56 0 d-------- C:\Program Files\Total Video Converter
2008-04-11 23:24:04 0 d-------- C:\Program Files\AtomixMP3
2008-04-11 23:17:20 0 d-------- C:\Program Files\Audacity
2008-04-11 22:47:11 0 d-------- C:\Program Files\LimeWire
2008-04-11 21:54:32 0 d-------- C:\Windows\Downloaded Installations
2008-04-11 17:32:27 0 d-------- C:\Program Files\MoorHunt
2008-04-10 20:03:35 1 --a------ C:\Windows\system32\SI.bin
2008-04-10 19:02:43 162304 --a------ C:\Windows\system32\ztvunrar36.dll <ZTVUNR~1.DLL>
2008-04-10 19:02:43 77312 --a------ C:\Windows\system32\ztvunace26.dll <ZTVUNA~1.DLL>
2008-04-10 19:02:43 69632 --a------ C:\Windows\system32\ztvcabinet.dll <ZTVCAB~1.DLL> <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-10 19:02:43 153088 --a------ C:\Windows\system32\UNRAR3.dll
2008-04-10 19:02:43 75264 --a------ C:\Windows\system32\unacev2.dll
2008-04-10 19:02:32 0 d-------- C:\Users\All Users\Simply Super Software
2008-04-10 19:02:32 0 d-------- C:\Program Files\Trojan Remover
2008-04-08 16:22:07 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-04-08 16:21:51 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-04-08 16:21:40 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-04-08 16:21:10 38912 --a------ C:\Windows\system32\smrgdf.exe
2008-04-08 16:21:10 32768 --a------ C:\Windows\system32\iolobtdfg.exe <IOLOBT~1.EXE>
2008-04-08 16:20:58 0 d-------- C:\Program Files\iolo
2008-04-08 15:22:32 74703 --a------ C:\Windows\system32\mfc45.dll
2008-04-08 15:00:37 0 d-------- C:\Users\All Users\iolo
2008-04-07 00:57:02 0 d-------- C:\Temp
2008-04-07 00:48:40 0 d-------- C:\Program Files\Dragonmount Networks
-- Find3M Report ---------------------------------------------------------------
2008-05-07 14:57:24 661874 --a------ C:\Windows\system32\perfh015.dat
2008-05-07 14:57:24 126702 --a------ C:\Windows\system32\perfc015.dat
2008-05-07 14:51:22 0 d-------- C:\Program Files\cFosSpeed
2008-05-06 23:59:40 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra Entertainment
2008-05-06 23:46:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 23:33:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 22:24:55 0 d-------- C:\Users\Murarz\AppData\Roaming\Hamachi
2008-05-05 22:21:38 0 d-------- C:\Users\Murarz\AppData\Roaming\Soldat
2008-05-05 00:28:47 0 d-------- C:\Users\Murarz\AppData\Roaming\BearShare
2008-05-02 19:09:12 0 d-------- C:\Users\Murarz\AppData\Roaming\uTorrent
2008-05-01 22:58:59 0 d-------- C:\Users\Murarz\AppData\Roaming\LimeWire
2008-04-25 15:02:21 0 d-------- C:\Users\Murarz\AppData\Roaming\Wireshark
2008-04-22 19:55:03 0 d-------- C:\Users\Murarz\AppData\Roaming\Bitdefender
2008-04-22 19:51:00 0 d-------- C:\Program Files\BitLocker
2008-04-22 19:42:32 0 d-------- C:\Program Files\Common Files
2008-04-22 16:33:47 0 d-------- C:\Users\Murarz\AppData\Roaming\Tibia
2008-04-20 19:53:27 0 d-------- C:\Users\Murarz\AppData\Roaming\InstallShield Installation Information
2008-04-18 22:26:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-18 22:19:46 0 d-------- C:\Program Files\Windows Calendar
2008-04-18 22:19:46 0 d-------- C:\Program Files\Movie Maker
2008-04-18 22:19:45 0 d-------- C:\Program Files\Windows Sidebar
2008-04-18 22:19:44 0 d-------- C:\Program Files\Windows Mail
2008-04-18 22:19:42 0 d-------- C:\Program Files\Windows Collaboration
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Journal
2008-04-18 22:19:33 0 d-------- C:\Program Files\Windows Defender
2008-04-18 00:15:57 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra
2008-04-12 21:11:58 0 d-------- C:\Program Files\Gadu-Gadu
2008-04-10 20:03:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-10 19:02:32 0 d-------- C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-04-08 20:26:53 0 d-------- C:\Users\Murarz\AppData\Roaming\Skype
2008-04-08 20:26:41 0 d-------- C:\Users\Murarz\AppData\Roaming\skypePM
2008-04-08 16:24:24 0 d-------- C:\Users\Murarz\AppData\Roaming\iolo
2008-04-08 16:21:48 0 d-------- C:\Users\Murarz\AppData\Roaming\Systweak
2008-04-04 04:26:19 0 d-------- C:\Program Files\BenchemAll
2008-04-02 23:44:14 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-01 18:44:35 0 d-------- C:\Users\Murarz\AppData\Roaming\ESET
2008-04-01 02:14:56 102400 --a------ C:\Windows\EarthView.scr
2008-04-01 02:14:32 0 d-------- C:\Program Files\EarthView
2008-04-01 02:14:31 0 d-------- C:\Users\Murarz\AppData\Roaming\DeskSoft
2008-03-31 20:25:15 10012 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.ini
2008-03-31 20:24:50 9923 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bak
2008-03-31 19:31:50 0 d-------- C:\Program Files\Skype
2008-03-31 19:31:47 0 d-------- C:\Program Files\Common Files\Skype
2008-03-31 13:56:14 10857 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bk!
2008-03-31 13:02:18 9923 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bko
2008-03-29 16:18:12 0 d-------- C:\Program Files\Alcohol Soft
2008-03-27 18:44:39 0 d-------- C:\Program Files\X-Progs
2008-03-27 01:50:42 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-26 19:18:55 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-25 04:14:00 0 d-------- C:\Program Files\MSI
2008-03-25 00:15:36 0 d-------- C:\Users\Murarz\AppData\Roaming\dvdcss
2008-03-24 23:55:59 0 d-------- C:\Users\Murarz\AppData\Roaming\Xfire
2008-03-24 03:44:00 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-24 03:42:24 0 d-------- C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-03-23 21:33:58 0 d-------- C:\Program Files\DiskInternals
2008-03-23 21:32:52 262144 --a------ C:\ntuser.dat
2008-03-23 04:45:12 0 d-------- C:\Users\Murarz\AppData\Roaming\Desktopicon
2008-03-23 04:13:14 0 d-------- C:\Program Files\Ontrack
2008-03-23 03:57:35 0 d-------- C:\Program Files\Smart Projects
2008-03-23 03:03:01 0 d-------- C:\Program Files\Runtime Software
2008-03-22 21:44:45 0 d-------- C:\Program Files\Deluxe Ski Jump 3
2008-03-21 14:00:32 0 -rahs---- C:\MSDOS.SYS
2008-03-21 14:00:32 0 -rahs---- C:\IO.SYS
2008-03-20 17:09:06 0 d-------- C:\Program Files\Xfire
2008-03-20 15:49:40 0 d-------- C:\Program Files\GameSpy Arcade
2008-03-20 14:19:41 0 d-------- C:\Program Files\Smarty Uninstaller Pro
2008-03-20 13:55:15 0 d-------- C:\Users\Murarz\AppData\Roaming\Microsoft Games
2008-03-20 12:45:54 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-03-20 11:35:12 0 d-------- C:\Program Files\Microsoft Games
2008-03-18 20:12:46 0 d-------- C:\Program Files\CCleaner
2008-03-15 15:59:14 0 d-------- C:\Users\Murarz\AppData\Roaming\Ubisoft
2008-03-15 03:00:37 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-15 00:29:20 0 d-------- C:\Program Files\Jufsoft
2008-03-11 20:59:12 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-10 18:11:21 0 dr-h----- C:\Users\Murarz\AppData\Roaming\SecuROM
2008-03-09 23:47:59 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-08 23:28:18 0 d-------- C:\Users\Murarz\AppData\Roaming\teamspeak2
2008-03-08 22:51:08 0 d-------- C:\Program Files\kRk Software
2008-03-07 19:08:02 0 d-------- C:\Program Files\The All-Seeing Eye
2008-03-07 01:10:56 0 d-------- C:\Users\Murarz\AppData\Roaming\ArcaBit
2008-03-07 00:12:16 0 d-------- C:\Users\Murarz\AppData\Roaming\HouseCall 6.6 <HOUSEC~1.6>
2008-02-17 17:34:52 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-02-17 17:34:49 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-13 01:39:19 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-13 01:12:20 0 --a------ C:\Windows\nsreg.dat
2008-02-13 00:00:59 0 --a------ C:\Windows\ativpsrm.bin
2008-02-12 00:06:41 17089 --a------ C:\Users\Murarz\AppData\Roaming\UserTile.png
2008-02-11 22:16:32 171136 -rahs---- C:\loadmgr
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 12:31 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 C:\Windows\SkyTel.exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33]
C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-12 15:22:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuMyGames"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"RestrictWelcomeCenter"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
"C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c436ae0-d8ee-11dc-95c6-001617d47d3f}]
AutoRun\command- K:\CDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{629d2088-e7cd-11dc-ade4-806e6f6e6963}]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7c4c4b-d8da-11dc-ba58-806e6f6e6963}]
AutoRun\command- I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ceb639-ebc1-11dc-8ff7-001617d47d3f}]
AutoRun\command- F:\launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-07 16:39:23 ------------
Run by Murarz on 2008-05-07 16:33:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-05-06 21:46:28 UTC - RP332 - Zainstalowany program DirectX
3: 2008-05-06 21:33:10 UTC - RP330 - Zainstalowane Empire Earth III
2: 2008-05-06 01:12:45 UTC - RP328 - Zaplanowany punkt kontrolny
1: 2008-05-05 01:18:07 UTC - RP327 - Zaplanowany punkt kontrolny
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 3.22 GiB (less than 15%) free.
-- HijackThis (run as Murarz.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:56, on 2008-05-07
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Murarz\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Murarz.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 5240 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080308-030519-450 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
backup-20080308-030523-295 O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
backup-20080308-030523-624 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com ... hcImpl.cab
backup-20080308-030524-754 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
backup-20080308-030530-240 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20080308-030603-155 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
backup-20080314-162300-194 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-218 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
backup-20080314-162300-221 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080314-162300-222 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
backup-20080314-162300-346 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080314-162300-461 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-477 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080314-162300-674 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080314-162300-684 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20080314-162300-686 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
backup-20080314-162300-836 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080314-162300-881 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080325-024306-470 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080325-024306-491 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080325-024330-279 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
backup-20080325-024345-801 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
backup-20080325-024408-273 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
backup-20080325-024408-525 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20080325-024424-245 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
-- File Associations -----------------------------------------------------------
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bdpredir - \??\c:\program files\softwin\bitdefender10\bdpredir.sys
R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 bdfsfltr - c:\windows\system32\drivers\bdfsfltr.sys <Not Verified; SOFTWIN S.R.L.; BitDefender® Anti-Virus>
S0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
S0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
S3 PROCEXP90 - \??\c:\windows\system32\drivers\procexp90.sys
S3 RushTopDevice - \??\c:\program files\msi\core center\rushtop.sys
S3 TVICHW32 - \??\c:\windows\system32\drivers\tvichw32.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-07 16:35:00 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{99932CAA-4B9E-44FC-93D9-B6FFBF46329C}.job
2008-05-07 16:34:59 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{03C58126-383B-415F-ADB4-F7AB67D238DB}.job
2008-05-07 14:52:05 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{AFBF26B5-D0E4-480D-BA83-BEF6935EC92E}.job
-- Files created between 2008-04-07 and 2008-05-07 -----------------------------
2008-05-06 23:46:26 0 d-------- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-05-05 22:21:38 0 d-------- C:\Soldat
2008-05-04 18:39:26 0 d-------- C:\Program Files\TrackMania Nations ESWC
2008-05-04 18:24:29 0 d-------- C:\Program Files\GoldWave
2008-05-02 22:56:38 45 ---h----- C:\Windows\dsez3293.dat
2008-05-02 00:38:18 0 d-------- C:\Program Files\ToniArts
2008-05-01 02:33:37 0 d-------- C:\Program Files\Ares
2008-04-30 21:55:17 0 d-------- C:\Users\All Users\Ubisoft
2008-04-30 18:30:17 0 d-------- C:\Program Files\BearShare Applications
2008-04-25 15:00:23 0 d-------- C:\Program Files\WinPcap
2008-04-24 01:53:36 0 d-------- C:\Program Files\Wireshark
2008-04-23 00:32:33 0 d-------- C:\Program Files\MAIET
2008-04-22 21:54:35 0 d-------- C:\Program Files\Valve
2008-04-22 19:49:03 81984 --a------ C:\Windows\system32\bdod.bin
2008-04-22 19:43:31 0 d-------- C:\Users\All Users\BitDefender
2008-04-22 16:25:00 0 d-------- C:\Program Files\Tibia
2008-04-20 20:16:41 0 d-------- C:\Program Files\YouTube Video Downloader
2008-04-19 21:02:12 0 d-------- C:\Program Files\CamStudio
2008-04-18 23:57:39 0 d-------- C:\Python25
2008-04-18 21:55:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2008-04-17 22:53:07 0 d--hs---- C:\found.000
2008-04-12 21:27:39 0 d-------- C:\Program Files\Real Alternative
2008-04-12 15:22:48 0 d-------- C:\Users\All Users\Last.fm
2008-04-12 15:22:08 0 d-------- C:\Program Files\Last.fm
2008-04-12 00:03:56 0 d-------- C:\Program Files\Total Video Converter
2008-04-11 23:24:04 0 d-------- C:\Program Files\AtomixMP3
2008-04-11 23:17:20 0 d-------- C:\Program Files\Audacity
2008-04-11 22:47:11 0 d-------- C:\Program Files\LimeWire
2008-04-11 21:54:32 0 d-------- C:\Windows\Downloaded Installations
2008-04-11 17:32:27 0 d-------- C:\Program Files\MoorHunt
2008-04-10 20:03:35 1 --a------ C:\Windows\system32\SI.bin
2008-04-10 19:02:43 162304 --a------ C:\Windows\system32\ztvunrar36.dll <ZTVUNR~1.DLL>
2008-04-10 19:02:43 77312 --a------ C:\Windows\system32\ztvunace26.dll <ZTVUNA~1.DLL>
2008-04-10 19:02:43 69632 --a------ C:\Windows\system32\ztvcabinet.dll <ZTVCAB~1.DLL> <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-10 19:02:43 153088 --a------ C:\Windows\system32\UNRAR3.dll
2008-04-10 19:02:43 75264 --a------ C:\Windows\system32\unacev2.dll
2008-04-10 19:02:32 0 d-------- C:\Users\All Users\Simply Super Software
2008-04-10 19:02:32 0 d-------- C:\Program Files\Trojan Remover
2008-04-08 16:22:07 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-04-08 16:21:51 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-04-08 16:21:40 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-04-08 16:21:10 38912 --a------ C:\Windows\system32\smrgdf.exe
2008-04-08 16:21:10 32768 --a------ C:\Windows\system32\iolobtdfg.exe <IOLOBT~1.EXE>
2008-04-08 16:20:58 0 d-------- C:\Program Files\iolo
2008-04-08 15:22:32 74703 --a------ C:\Windows\system32\mfc45.dll
2008-04-08 15:00:37 0 d-------- C:\Users\All Users\iolo
2008-04-07 00:57:02 0 d-------- C:\Temp
2008-04-07 00:48:40 0 d-------- C:\Program Files\Dragonmount Networks
-- Find3M Report ---------------------------------------------------------------
2008-05-07 14:57:24 661874 --a------ C:\Windows\system32\perfh015.dat
2008-05-07 14:57:24 126702 --a------ C:\Windows\system32\perfc015.dat
2008-05-07 14:51:22 0 d-------- C:\Program Files\cFosSpeed
2008-05-06 23:59:40 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra Entertainment
2008-05-06 23:46:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 23:33:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 22:24:55 0 d-------- C:\Users\Murarz\AppData\Roaming\Hamachi
2008-05-05 22:21:38 0 d-------- C:\Users\Murarz\AppData\Roaming\Soldat
2008-05-05 00:28:47 0 d-------- C:\Users\Murarz\AppData\Roaming\BearShare
2008-05-02 19:09:12 0 d-------- C:\Users\Murarz\AppData\Roaming\uTorrent
2008-05-01 22:58:59 0 d-------- C:\Users\Murarz\AppData\Roaming\LimeWire
2008-04-25 15:02:21 0 d-------- C:\Users\Murarz\AppData\Roaming\Wireshark
2008-04-22 19:55:03 0 d-------- C:\Users\Murarz\AppData\Roaming\Bitdefender
2008-04-22 19:51:00 0 d-------- C:\Program Files\BitLocker
2008-04-22 19:42:32 0 d-------- C:\Program Files\Common Files
2008-04-22 16:33:47 0 d-------- C:\Users\Murarz\AppData\Roaming\Tibia
2008-04-20 19:53:27 0 d-------- C:\Users\Murarz\AppData\Roaming\InstallShield Installation Information
2008-04-18 22:26:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-18 22:19:46 0 d-------- C:\Program Files\Windows Calendar
2008-04-18 22:19:46 0 d-------- C:\Program Files\Movie Maker
2008-04-18 22:19:45 0 d-------- C:\Program Files\Windows Sidebar
2008-04-18 22:19:44 0 d-------- C:\Program Files\Windows Mail
2008-04-18 22:19:42 0 d-------- C:\Program Files\Windows Collaboration
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Journal
2008-04-18 22:19:33 0 d-------- C:\Program Files\Windows Defender
2008-04-18 00:15:57 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra
2008-04-12 21:11:58 0 d-------- C:\Program Files\Gadu-Gadu
2008-04-10 20:03:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-10 19:02:32 0 d-------- C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-04-08 20:26:53 0 d-------- C:\Users\Murarz\AppData\Roaming\Skype
2008-04-08 20:26:41 0 d-------- C:\Users\Murarz\AppData\Roaming\skypePM
2008-04-08 16:24:24 0 d-------- C:\Users\Murarz\AppData\Roaming\iolo
2008-04-08 16:21:48 0 d-------- C:\Users\Murarz\AppData\Roaming\Systweak
2008-04-04 04:26:19 0 d-------- C:\Program Files\BenchemAll
2008-04-02 23:44:14 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-01 18:44:35 0 d-------- C:\Users\Murarz\AppData\Roaming\ESET
2008-04-01 02:14:56 102400 --a------ C:\Windows\EarthView.scr
2008-04-01 02:14:32 0 d-------- C:\Program Files\EarthView
2008-04-01 02:14:31 0 d-------- C:\Users\Murarz\AppData\Roaming\DeskSoft
2008-03-31 20:25:15 10012 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.ini
2008-03-31 20:24:50 9923 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bak
2008-03-31 19:31:50 0 d-------- C:\Program Files\Skype
2008-03-31 19:31:47 0 d-------- C:\Program Files\Common Files\Skype
2008-03-31 13:56:14 10857 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bk!
2008-03-31 13:02:18 9923 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.bko
2008-03-29 16:18:12 0 d-------- C:\Program Files\Alcohol Soft
2008-03-27 18:44:39 0 d-------- C:\Program Files\X-Progs
2008-03-27 01:50:42 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-26 19:18:55 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-25 04:14:00 0 d-------- C:\Program Files\MSI
2008-03-25 00:15:36 0 d-------- C:\Users\Murarz\AppData\Roaming\dvdcss
2008-03-24 23:55:59 0 d-------- C:\Users\Murarz\AppData\Roaming\Xfire
2008-03-24 03:44:00 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-24 03:42:24 0 d-------- C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-03-23 21:33:58 0 d-------- C:\Program Files\DiskInternals
2008-03-23 21:32:52 262144 --a------ C:\ntuser.dat
2008-03-23 04:45:12 0 d-------- C:\Users\Murarz\AppData\Roaming\Desktopicon
2008-03-23 04:13:14 0 d-------- C:\Program Files\Ontrack
2008-03-23 03:57:35 0 d-------- C:\Program Files\Smart Projects
2008-03-23 03:03:01 0 d-------- C:\Program Files\Runtime Software
2008-03-22 21:44:45 0 d-------- C:\Program Files\Deluxe Ski Jump 3
2008-03-21 14:00:32 0 -rahs---- C:\MSDOS.SYS
2008-03-21 14:00:32 0 -rahs---- C:\IO.SYS
2008-03-20 17:09:06 0 d-------- C:\Program Files\Xfire
2008-03-20 15:49:40 0 d-------- C:\Program Files\GameSpy Arcade
2008-03-20 14:19:41 0 d-------- C:\Program Files\Smarty Uninstaller Pro
2008-03-20 13:55:15 0 d-------- C:\Users\Murarz\AppData\Roaming\Microsoft Games
2008-03-20 12:45:54 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-03-20 11:35:12 0 d-------- C:\Program Files\Microsoft Games
2008-03-18 20:12:46 0 d-------- C:\Program Files\CCleaner
2008-03-15 15:59:14 0 d-------- C:\Users\Murarz\AppData\Roaming\Ubisoft
2008-03-15 03:00:37 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-15 00:29:20 0 d-------- C:\Program Files\Jufsoft
2008-03-11 20:59:12 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-10 18:11:21 0 dr-h----- C:\Users\Murarz\AppData\Roaming\SecuROM
2008-03-09 23:47:59 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-08 23:28:18 0 d-------- C:\Users\Murarz\AppData\Roaming\teamspeak2
2008-03-08 22:51:08 0 d-------- C:\Program Files\kRk Software
2008-03-07 19:08:02 0 d-------- C:\Program Files\The All-Seeing Eye
2008-03-07 01:10:56 0 d-------- C:\Users\Murarz\AppData\Roaming\ArcaBit
2008-03-07 00:12:16 0 d-------- C:\Users\Murarz\AppData\Roaming\HouseCall 6.6 <HOUSEC~1.6>
2008-02-17 17:34:52 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-02-17 17:34:49 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-13 01:39:19 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-13 01:12:20 0 --a------ C:\Windows\nsreg.dat
2008-02-13 00:00:59 0 --a------ C:\Windows\ativpsrm.bin
2008-02-12 00:06:41 17089 --a------ C:\Users\Murarz\AppData\Roaming\UserTile.png
2008-02-11 22:16:32 171136 -rahs---- C:\loadmgr
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 12:31 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 C:\Windows\SkyTel.exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33]
C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-12 15:22:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuMyGames"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"RestrictWelcomeCenter"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
"C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c436ae0-d8ee-11dc-95c6-001617d47d3f}]
AutoRun\command- K:\CDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{629d2088-e7cd-11dc-ade4-806e6f6e6963}]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7c4c4b-d8da-11dc-ba58-806e6f6e6963}]
AutoRun\command- I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ceb639-ebc1-11dc-8ff7-001617d47d3f}]
AutoRun\command- F:\launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-07 16:39:23 ------------
Człowiek, który porusza się w tłumie, nie dojdzie dalej niż inni. Ten, który chodzi samotnie, może znaleźć się tam gdzie jeszcze nikogo nie było.
-
murarz777 - Zacny pisarz
- Posty: 1405
- Dołączenie: 09 Lip 2007, 01:51
- Miejscowość: nie wiem
- Pochwały: 3
przez huber2t » 07 Maj 2008, 16:47
UA:
Pobierz Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
otwórz notatnik i wklej
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Daj nowy log z deckard
wklej do niego ten tekst:
- Kod: Zaznacz wszystko
Files to delete:
C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
Folders to delete:
C:\found.000
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
otwórz notatnik i wklej
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg Uruchom ten plik, uruchom ponownie komputer
Daj nowy log z deckard
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
4 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot], Google [Bot]