Windows Vista ubywajace miejsce z dysku

przez **murarz777** » 16 Maj 2008, 18:41

Witam długo szukałem odpowiedzi na moje pytanie ale jeszcze nie znalazłem bo mam dość dziwną sytuację
Wczoraj wieczorem miałem 7gb wolnego miejsca na dysku C (partycja systemowa)
Gdy rano wstałem miałem 317kb tak KB nie wiem jak to możliwe
używałem programów do czyszczenia sytemu ale nic nie pomagają nie wiem co mam robić czyszczę dysk nawet z (przywracania systemu) bo to dużo miejsca zajmuje ale nadal to samo miejsca ciągle ubywa a ja nic nie instaluję
proszę o pomoc i sugestie co mógłbym zrobić żeby mi miejsca nie "zjadało"
za odpowiedzi +

przez **huber2t** » 16 Maj 2008, 18:50

Daj loga z HijackThis i ComboFix

przez **murarz777** » 16 Maj 2008, 19:04

Dzięki Hubert że chcesz poświecić czas na sprawdzanie mojego loga

P.S tutaj dam loga żeby nie zaśmiecać nowym tematem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:21, on 2008-05-16
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
E:\WoW-enGB-Installer-downloader.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://citynet.serwer.net/w3cache.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [GoD] "C:\Program Files\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5899 bytes
Combofix na Viscie nie chodzi

Tu masz jeszcze loga z Dss

Deckard's System Scanner v20071014.68
Run by Murarz on 2008-05-16 18:59:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.36 GiB (less than 15%) free.

-- HijackThis (run as Murarz.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:36, on 2008-05-16
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
E:\WoW-enGB-Installer-downloader.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Murarz\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Murarz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://citynet.serwer.net/w3cache.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [GoD] "C:\Program Files\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5921 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-14 21:48:27 0 d-------- C:\Program Files\Microsoft Works
2008-05-14 21:47:55 0 d-------- C:\Windows\PCHEALTH
2008-05-14 21:47:55 0 d-------- C:\Program Files\Microsoft.NET
2008-05-14 21:43:20 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-14 21:42:15 0 dr-h----- C:\MSOCache
2008-05-14 19:26:34 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-14 19:26:32 0 d-------- C:\Program Files\ffdshow
2008-05-12 14:48:58 0 d-------- C:\Program Files\cFosSpeed
2008-05-12 14:07:48 0 d-------- C:\Downloaded
2008-05-11 17:56:20 0 d-------- C:\Program Files\Google
2008-05-11 17:27:01 23 --ahs---- C:\Windows\system32\eceaab0_z.dll <ECEAAB~1.DLL>
2008-05-11 17:26:51 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-05-10 03:42:30 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-10 03:42:29 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-10 03:41:41 0 d-------- C:\Windows\system32\X86
2008-05-10 03:41:40 0 d-------- C:\Windows\system32\X64
2008-05-10 02:19:47 104305184 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-05-08 21:01:34 0 d-------- C:\My Documents
2008-05-08 21:01:25 0 d-------- C:\Program Files\Advanced MP3 Sound Recorder
2008-05-08 19:31:34 96645 --a------ C:\Windows\system32\drivers\klin.dat
2008-05-08 19:31:34 87941 --a------ C:\Windows\system32\drivers\klick.dat
2008-05-08 19:30:56 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2008-05-08 18:07:28 35363 --a------ C:\Windows\system32\windrvNT.sys
2008-05-08 18:07:28 110592 --a------ C:\Windows\system32\suppdll.dll
2008-05-08 18:07:27 0 d-------- C:\Program Files\Folder Lock
2008-05-08 17:15:48 0 d-------- C:\Program Files\GoD
2008-05-08 17:03:44 0 d-------- C:\Users\All Users\Kaspersky Lab <KASPER~1>
2008-05-06 23:46:26 0 d-------- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-05-05 22:21:38 0 d-------- C:\Soldat
2008-05-04 18:39:26 0 d-------- C:\Program Files\TrackMania Nations ESWC
2008-05-02 22:56:38 45 ---h----- C:\Windows\dsez3293.dat
2008-05-02 00:38:18 0 d-------- C:\Program Files\ToniArts
2008-05-01 02:33:37 0 d-------- C:\Program Files\Ares
2008-04-30 21:55:17 0 d-------- C:\Users\All Users\Ubisoft
2008-04-30 18:30:17 0 d-------- C:\Program Files\BearShare Applications
2008-04-23 00:32:33 0 d-------- C:\Program Files\MAIET
2008-04-22 21:54:35 0 d-------- C:\Program Files\Valve
2008-04-22 19:49:03 81984 --a------ C:\Windows\system32\bdod.bin
2008-04-20 20:16:41 0 d-------- C:\Program Files\YouTube Video Downloader
2008-04-18 21:55:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2008-04-18 21:30:23 3104768 --a------ C:\Windows\system32\NlsData0049.dll

-- Find3M Report ---------------------------------------------------------------

2008-05-16 15:59:43 0 d-------- C:\Users\Murarz\AppData\Roaming\uTorrent
2008-05-16 01:33:04 661874 --a------ C:\Windows\system32\perfh015.dat
2008-05-16 01:33:04 126702 --a------ C:\Windows\system32\perfc015.dat
2008-05-15 23:04:20 0 d-------- C:\Program Files\Smart Projects
2008-05-14 21:48:17 0 d-------- C:\Program Files\Common Files
2008-05-14 19:03:04 0 d-------- C:\Program Files\Real Alternative
2008-05-14 18:02:54 0 d-------- C:\Program Files\Windows Mail
2008-05-11 22:30:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-11 16:55:08 0 d-------- C:\Program Files\X-Progs
2008-05-11 16:54:18 0 d--hs---- C:\Users\Murarz\AppData\Roaming\.#
2008-05-11 15:26:19 0 d-------- C:\Users\Murarz\AppData\Roaming\Hamachi
2008-05-10 03:03:04 0 d-------- C:\Program Files\Runtime Software
2008-05-10 03:02:38 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-10 02:55:56 0 d-------- C:\Program Files\Astonsoft
2008-05-09 22:23:42 0 d-------- C:\Users\Murarz\AppData\Roaming\Comodo
2008-05-08 23:07:59 0 d-------- C:\Users\Murarz\AppData\Roaming\BearShare
2008-05-08 19:55:25 0 d-------- C:\Users\Murarz\AppData\Roaming\LimeWire
2008-05-08 18:38:43 0 d-------- C:\Program Files\Smarty Uninstaller Pro
2008-05-06 23:59:40 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra Entertainment
2008-05-06 23:46:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 22:21:38 0 d-------- C:\Users\Murarz\AppData\Roaming\Soldat
2008-04-22 19:51:00 0 d-------- C:\Program Files\BitLocker
2008-04-22 16:33:47 0 d-------- C:\Users\Murarz\AppData\Roaming\Tibia
2008-04-18 22:26:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-18 22:19:46 0 d-------- C:\Program Files\Windows Calendar
2008-04-18 22:19:46 0 d-------- C:\Program Files\Movie Maker
2008-04-18 22:19:45 0 d-------- C:\Program Files\Windows Sidebar
2008-04-18 22:19:42 0 d-------- C:\Program Files\Windows Collaboration
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-18 22:19:38 0 d-------- C:\Program Files\Windows Journal
2008-04-18 22:19:33 0 d-------- C:\Program Files\Windows Defender
2008-04-18 00:15:57 0 d-------- C:\Users\Murarz\AppData\Roaming\Sierra
2008-04-12 21:11:58 0 d-------- C:\Program Files\Gadu-Gadu
2008-04-12 15:22:10 0 d-------- C:\Program Files\Last.fm
2008-04-12 00:04:02 0 d-------- C:\Program Files\Total Video Converter
2008-04-11 17:32:39 0 d-------- C:\Program Files\MoorHunt
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <SOUNDS~1.EXE> <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2008-04-10 20:03:35 1 --a------ C:\Windows\system32\SI.bin
2008-04-10 20:03:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-10 19:02:44 0 d-------- C:\Program Files\Trojan Remover
2008-04-10 19:02:32 0 d-------- C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-04-08 20:26:53 0 d-------- C:\Users\Murarz\AppData\Roaming\Skype
2008-04-08 20:26:41 0 d-------- C:\Users\Murarz\AppData\Roaming\skypePM
2008-04-08 16:24:24 0 d-------- C:\Users\Murarz\AppData\Roaming\iolo
2008-04-08 16:21:48 0 d-------- C:\Users\Murarz\AppData\Roaming\Systweak
2008-04-08 15:22:32 74703 --a------ C:\Windows\system32\mfc45.dll
2008-04-07 00:48:40 0 d-------- C:\Program Files\Dragonmount Networks
2008-04-04 04:26:19 0 d-------- C:\Program Files\BenchemAll
2008-04-02 23:44:14 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-01 18:44:35 0 d-------- C:\Users\Murarz\AppData\Roaming\ESET
2008-04-01 02:14:56 102400 --a------ C:\Windows\EarthView.scr
2008-04-01 02:14:32 0 d-------- C:\Program Files\EarthView
2008-04-01 02:14:31 0 d-------- C:\Users\Murarz\AppData\Roaming\DeskSoft
2008-03-31 20:25:15 10012 --a------ C:\Users\Murarz\AppData\Roaming\PStrip.ini
2008-03-31 19:31:50 0 d-------- C:\Program Files\Skype
2008-03-31 19:31:47 0 d-------- C:\Program Files\Common Files\Skype
2008-03-29 16:18:12 0 d-------- C:\Program Files\Alcohol Soft
2008-03-27 01:50:42 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-25 04:14:00 0 d-------- C:\Program Files\MSI
2008-03-25 00:15:36 0 d-------- C:\Users\Murarz\AppData\Roaming\dvdcss
2008-03-24 03:44:00 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-24 03:42:24 0 d-------- C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-03-23 21:33:58 0 d-------- C:\Program Files\DiskInternals
2008-03-23 21:32:52 262144 --a------ C:\ntuser.dat
2008-03-23 04:45:12 0 d-------- C:\Users\Murarz\AppData\Roaming\Desktopicon
2008-03-23 04:13:14 0 d-------- C:\Program Files\Ontrack
2008-03-22 21:44:45 0 d-------- C:\Program Files\Deluxe Ski Jump 3
2008-03-21 14:00:32 0 -rahs---- C:\MSDOS.SYS
2008-03-21 14:00:32 0 -rahs---- C:\IO.SYS
2008-03-20 13:55:15 0 d-------- C:\Users\Murarz\AppData\Roaming\Microsoft Games
2008-03-20 12:45:54 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-03-20 11:35:12 0 d-------- C:\Program Files\Microsoft Games
2008-03-18 20:12:46 0 d-------- C:\Program Files\CCleaner
2008-02-17 17:34:52 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-02-17 17:34:49 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 12:31 C:\Windows\RtHDVCpl.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-05-02 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]
"GoD"="C:\Program Files\GoD\GoD.exe" [2008-04-01 21:45]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33]

C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-12 15:22:08]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuMyGames"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"RestrictWelcomeCenter"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
"C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\AutoLoader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fb69243-f93e-11dc-b230-0090ccd163e7}]
AutoRun\command- F:\setup\rsrc\Autorun.exe
dinstall\command- F:\Directx\dxsetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

-- End of Deckard's System Scanner: finished at 2008-05-16 19:02:42 ------------

przez **huber2t** » 16 Maj 2008, 19:49

Zawsze służe pomocą

Combofix "czasami" działa na viście

Wiesz co to jest za program?
C:\Program Files\GoD\GoD.exe
Jeśli nie to go usuń

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika

Plik

Zapisz jako

Zmień rozszerzenie z .txt na wszystkie pliki

zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Jest problem bo w dss nie widac usuług tak jak w combofix,ale nic więcej nie widzę

przez **murarz777** » 17 Maj 2008, 01:14

Słuchaj Hubert nie wiem jak Ci dziękować

odpaliłem combofixa i działa powtarzam DZIAŁA na VISCIE ^^
usunął pliki

zwolniło sie co nie co miejsca na dysku
teraz jeszcze przeanalizuj loga

ComboFix 08-05-15.3 - Murarz 2008-05-17 1:04:15.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.1116 [GMT 2:00]
Running from: C:\Users\Murarz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Users\Murarz\AppData\Roaming\.#
C:\Windows\system32\eceaab0_z.dll
C:\Windows\system32\X64
C:\Windows\system32\X64\License.rtf
C:\Windows\system32\X64\Readme.txt
C:\Windows\system32\X64\setup.exe
C:\Windows\system32\X86
C:\Windows\system32\X86\License.rtf
C:\Windows\system32\X86\Readme.txt
C:\Windows\system32\X86\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-14 21:50 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-14 21:48 . 2008-05-14 21:48 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-14 21:47 . 2008-05-14 21:47 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-14 21:47 . 2008-05-14 21:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-14 21:43 . 2008-05-14 21:51 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-14 21:43 . 2008-05-14 21:51 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-14 21:42 . 2008-05-14 21:42 <DIR> dr-h----- C:\MSOCache
2008-05-14 19:26 . 2008-05-14 19:26 <DIR> d-------- C:\Program Files\ffdshow
2008-05-14 19:26 . 2008-03-28 19:41 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-05-14 19:26 . 2008-03-28 19:40 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-05-14 19:26 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-05-14 19:06 . 2008-05-15 02:46 524,288 --ahs---- C:\Users\Murarz\ntuser.dat{ef5d2a24-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 19:06 . 2008-05-15 02:46 524,288 --ahs---- C:\Users\Murarz\ntuser.dat{ef5d2a24-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 19:06 . 2008-05-15 02:46 65,536 --ahs---- C:\Users\Murarz\ntuser.dat{ef5d2a24-201b-11dd-8458-001617d47d3f}.TM.blf
2008-05-14 19:05 . 2008-05-15 02:47 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef5d2a20-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 19:05 . 2008-05-15 02:47 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef5d2a20-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 19:05 . 2008-05-15 02:47 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef5d2a1e-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 19:05 . 2008-05-15 02:47 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef5d2a1e-201b-11dd-8458-001617d47d3f}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 19:05 . 2008-05-15 02:47 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef5d2a20-201b-11dd-8458-001617d47d3f}.TM.blf
2008-05-14 19:05 . 2008-05-15 02:47 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef5d2a1e-201b-11dd-8458-001617d47d3f}.TM.blf
2008-05-14 17:15 . 2008-05-14 17:15 262,144 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp.LOG1
2008-05-14 17:15 . 2008-05-14 17:15 262,144 --ah----- C:\Users\Murarz\ntuser.dat.tmp.LOG1
2008-05-14 17:15 . 2008-05-14 17:15 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp.LOG2
2008-05-14 17:15 . 2008-05-14 17:15 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp.LOG2
2008-05-14 17:15 . 2008-05-14 17:15 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp.LOG1
2008-05-14 17:15 . 2008-05-14 17:15 0 --ah----- C:\Users\Murarz\ntuser.dat.tmp.LOG2
2008-05-13 18:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-05-12 14:51 . 2008-05-02 18:31 731,352 -ra------ C:\Windows\System32\drivers\cfosspeed.sys
2008-05-12 14:48 . 2008-05-17 01:08 <DIR> d-------- C:\Program Files\cFosSpeed
2008-05-12 14:48 . 2008-05-02 18:30 285,912 --a------ C:\Windows\System32\cfosspeed.dll
2008-05-12 14:07 . 2008-05-12 14:07 <DIR> d-------- C:\Downloaded
2008-05-11 21:19 . 2008-05-11 21:19 274 --a------ C:\Windows\game.ini
2008-05-11 17:56 . 2008-05-11 17:56 <DIR> d-------- C:\Program Files\Google
2008-05-11 17:27 . 2008-05-11 17:27 23 --a------ C:\Windows\System32\cbcdddbe6_z.ocx
2008-05-11 17:26 . 2008-05-11 17:26 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008
2008-05-10 03:42 . 2008-05-10 03:42 <DIR> d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-10 03:42 . 2008-05-10 03:42 <DIR> d-------- C:\ProgramData\Diskeeper Corporation
2008-05-10 03:42 . 2008-05-10 03:42 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-05-10 02:19 . 2008-05-17 01:08 106,486,048 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-05-10 02:19 . 2008-05-15 02:47 1,278,860 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-05-08 21:01 . 2008-05-10 02:58 <DIR> d-------- C:\Program Files\Advanced MP3 Sound Recorder
2008-05-08 21:01 . 2008-05-08 21:01 <DIR> d-------- C:\My Documents
2008-05-08 19:31 . 2008-05-08 19:43 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-05-08 19:31 . 2008-05-08 19:43 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-05-08 19:30 . 2008-05-08 19:30 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-08 18:21 . 2008-05-09 22:23 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Comodo
2008-05-08 18:07 . 2008-05-08 18:07 <DIR> d-------- C:\Program Files\Folder Lock
2008-05-08 18:07 . 2004-05-10 12:42 110,592 --a------ C:\Windows\System32\suppdll.dll
2008-05-08 18:07 . 2008-03-09 16:01 81,632 --a------ C:\Windows\System32\FLKill.exe
2008-05-08 18:07 . 2004-05-10 22:42 35,363 --a------ C:\Windows\System32\windrvNT.sys
2008-05-08 17:15 . 2008-05-14 19:07 <DIR> d-------- C:\Program Files\GoD
2008-05-08 17:03 . 2008-05-16 16:26 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-08 17:03 . 2008-05-16 16:26 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-07 16:32 . 2008-05-07 16:32 <DIR> d-------- C:\Deckard
2008-05-06 23:59 . 2008-05-06 23:59 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Sierra Entertainment
2008-05-06 23:46 . 2008-05-06 23:46 <DIR> d-------- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-05-05 22:21 . 2008-05-05 22:21 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Soldat
2008-05-05 22:21 . 2008-05-05 22:21 <DIR> d-------- C:\Soldat
2008-05-04 18:39 . 2008-05-04 18:41 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2008-05-03 23:58 . 2008-05-03 23:58 216 --a------ C:\Temp\DebugTrace-RockallDLL.log
2008-05-02 22:56 . 2008-05-02 22:56 45 ---h----- C:\Windows\dsez3293.dat
2008-05-02 00:38 . 2008-05-02 00:38 <DIR> d-------- C:\Program Files\ToniArts
2008-05-01 02:33 . 2008-05-01 02:33 <DIR> d-------- C:\Program Files\Ares
2008-04-30 21:55 . 2008-04-30 21:55 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-30 21:55 . 2008-04-30 21:55 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-30 18:30 . 2008-05-08 23:07 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\BearShare
2008-04-30 18:30 . 2008-04-30 18:30 <DIR> d-------- C:\Program Files\BearShare Applications
2008-04-30 18:30 . 2007-11-22 17:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-04-25 16:45 . 2008-04-25 16:45 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-23 00:32 . 2008-05-10 03:03 <DIR> d-------- C:\Program Files\MAIET
2008-04-22 21:54 . 2008-04-22 21:57 <DIR> d-------- C:\Program Files\Valve
2008-04-22 19:50 . 2007-02-22 04:26 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll
2008-04-22 19:50 . 2006-12-21 02:58 711 --a------ C:\Windows\System32\CPSOKBTasks.xml
2008-04-22 19:49 . 2008-05-08 16:45 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-22 19:42 . 2008-05-08 16:46 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-04-22 16:25 . 2008-04-22 16:33 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Tibia
2008-04-21 15:41 . 2008-04-21 15:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 20:16 . 2008-04-20 21:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2008-04-18 23:58 . 2008-04-18 23:58 <DIR> d-------- C:\Users\Murarz\.idlerc
2008-04-18 21:55 . 2008-04-18 21:25 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-04-18 21:55 . 2008-04-18 21:25 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-04-18 21:36 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-18 21:36 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-04-18 21:36 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-04-18 21:35 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-04-18 21:35 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-04-18 21:26 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-04-18 21:25 . 2008-04-18 21:59 196,608 --a------ C:\Windows\SPInstall.etl
2008-04-18 00:15 . 2008-04-18 00:15 <DIR> d-------- C:\Users\Murarz\AppData\Roaming\Sierra

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 13:59 --------- d-----w C:\Users\Murarz\AppData\Roaming\uTorrent
2008-05-15 21:04 --------- d-----w C:\Program Files\Smart Projects
2008-05-15 12:02 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-15 12:02 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-14 17:03 --------- d-----w C:\Program Files\Real Alternative
2008-05-14 16:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 00:15 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-12 00:12 22,328 ----a-w C:\Users\Murarz\AppData\Roaming\PnkBstrK.sys
2008-05-11 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 14:55 --------- d-----w C:\Program Files\X-Progs
2008-05-11 13:26 --------- d-----w C:\Users\Murarz\AppData\Roaming\Hamachi
2008-05-10 01:03 --------- d-----w C:\ProgramData\iolo
2008-05-10 01:03 --------- d-----w C:\Program Files\Runtime Software
2008-05-10 01:02 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-10 00:55 --------- d-----w C:\Program Files\Astonsoft
2008-05-08 17:55 --------- d-----w C:\Users\Murarz\AppData\Roaming\LimeWire
2008-05-08 16:38 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-05-08 16:36 --------- d---a-w C:\ProgramData\TEMP
2008-05-08 15:01 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-05-06 21:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 17:51 --------- d-----w C:\Program Files\BitLocker
2008-04-18 20:26 174 --sha-w C:\Program Files\desktop.ini
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Journal
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Defender
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-18 20:19 --------- d-----w C:\Program Files\Windows Calendar
2008-04-18 20:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-18 20:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-12 19:11 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-12 13:22 --------- d-----w C:\ProgramData\Last.fm
2008-04-12 13:22 --------- d-----w C:\Program Files\Last.fm
2008-04-11 22:04 --------- d-----w C:\Program Files\Total Video Converter
2008-04-11 15:32 --------- d-----w C:\Program Files\MoorHunt
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-10 18:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-10 17:02 --------- d-----w C:\Users\Murarz\AppData\Roaming\Simply Super Software
2008-04-10 17:02 --------- d-----w C:\ProgramData\Simply Super Software
2008-04-10 17:02 --------- d-----w C:\Program Files\Trojan Remover
2008-04-08 18:26 --------- d-----w C:\Users\Murarz\AppData\Roaming\skypePM
2008-04-08 18:26 --------- d-----w C:\Users\Murarz\AppData\Roaming\Skype
2008-04-08 14:24 --------- d-----w C:\Users\Murarz\AppData\Roaming\iolo
2008-04-08 14:21 --------- d-----w C:\Users\Murarz\AppData\Roaming\Systweak
2008-04-08 13:22 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-04-06 22:48 --------- d-----w C:\Program Files\Dragonmount Networks
2008-04-04 02:26 --------- d-----w C:\Program Files\BenchemAll
2008-04-02 21:44 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-04-01 16:44 --------- d-----w C:\Users\Murarz\AppData\Roaming\ESET
2008-04-01 16:42 --------- d-----w C:\ProgramData\ESET
2008-04-01 00:14 102,400 ----a-w C:\Windows\EarthView.scr
2008-04-01 00:14 --------- d-----w C:\Users\Murarz\AppData\Roaming\DeskSoft
2008-04-01 00:14 --------- d-----w C:\Program Files\EarthView
2008-03-31 17:34 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-31 17:34 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-31 17:31 --------- d-----w C:\ProgramData\Skype
2008-03-31 17:31 --------- d-----w C:\Program Files\Skype
2008-03-31 17:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 14:18 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-28 23:57 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-26 23:50 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-03-26 17:17 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-26 14:36 --------- d-----w C:\ProgramData\DAEMON Tools Pro
2008-03-25 02:14 --------- d-----w C:\Program Files\MSI
2008-03-24 22:15 --------- d-----w C:\Users\Murarz\AppData\Roaming\dvdcss
2008-03-24 01:57 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-03-24 01:57 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-03-24 01:44 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-24 01:42 --------- d-----w C:\Users\Murarz\AppData\Roaming\DAEMON Tools Pro
2008-03-24 00:20 23,600 ----a-w C:\Windows\system32\drivers\tvichw32.sys
2008-03-23 19:33 --------- d-----w C:\Program Files\DiskInternals
2008-03-23 19:32 262,144 ----a-w C:\ntuser.dat
2008-03-23 02:45 --------- d-----w C:\Users\Murarz\AppData\Roaming\Desktopicon
2008-03-23 02:45 --------- d-----w C:\Program Files\Unlocker
2008-03-23 02:13 --------- d-----w C:\Program Files\Ontrack
2008-03-22 19:44 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-03-20 11:55 --------- d-----w C:\Users\Murarz\AppData\Roaming\Microsoft Games
2008-03-20 10:45 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-20 09:35 --------- d-----w C:\Program Files\Microsoft Games
2008-03-19 23:40 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-03-18 18:12 --------- d-----w C:\Program Files\CCleaner
2008-03-04 03:53 78,336 ----a-w C:\Windows\System32\ieencode.dll
2008-03-04 03:52 830,464 ----a-w C:\Windows\System32\wininet.dll
2008-03-04 03:52 47,616 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-04 03:52 41,984 ----a-w C:\Windows\System32\licmgr10.dll
2008-03-04 03:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-04 03:52 20,480 ----a-w C:\Windows\System32\PDMSetup.exe
2008-03-04 03:52 17,920 ----a-w C:\Windows\System32\corpol.dll
2008-03-04 03:52 142,848 ----a-w C:\Windows\System32\IESetting.dll
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetDepNx.exe
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\iesetup.dll
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\admparse.dll
2008-03-04 03:51 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-03-04 03:51 168,448 ----a-w C:\Windows\System32\iexpress.exe
2008-03-04 03:50 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-03-04 03:50 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-03-04 03:50 36,352 ----a-w C:\Windows\System32\imgutil.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"GoD"="C:\Program Files\GoD\GoD.exe" [2008-04-01 21:45 2464768]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51 873040]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 12:31 4710400 C:\Windows\RtHDVCpl.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-05-02 18:30 863448]

C:\Users\Murarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-12 15:22:08 106496]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
C:\Program Files\iolo\Common\Lib\ioloLManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:37 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F07412D0-A053-4B0E-A64E-3A984F642DCC}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{754E605E-8B27-466B-B142-54EF0AB6C4DF}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{4DF10BD6-1AC4-4BCF-8BFD-8CCBEE5C369C}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{52C83ADB-081D-4BB3-9E1D-497915D68C2F}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{91BF9434-1BF1-4D57-B030-34A63CD25900}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{7C154475-EE97-45DA-83AF-A78A40444BE8}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{63B0B259-3C79-4552-8EE4-1FD99F1A9EBA}"= UDP:E:\Nowy folder (8)\age3y.exe:Age of Empires III - The Asian Dynasties
"{2151D012-97BF-4206-8194-E52C6033A0C6}"= TCP:E:\Nowy folder (8)\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{7FB12C20-8838-4521-B7E1-4E4F6FA66E1C}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{93B14022-E818-4BE7-B1A7-70091BAB338C}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{237F8D49-350D-4145-B519-ED1DA86108E7}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{0A02B3EB-A1E1-49BD-9311-53DBA4141F8A}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A8D93B69-5A08-4AC5-A6E5-D61BAA265438}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91BF4B7E-518C-4CE7-B04D-B54F12626C5B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{6B9E2E2C-4C4C-48BC-B950-D6D4BFD3F097}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4DCD6E10-BE0F-4CF5-BDB0-6D09760C5220}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7DB4F332-C4AB-423E-8B87-3CA1ABB62364}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{878F6FF8-4F44-45DF-99B7-AED081CCCF87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{09B94522-B0AF-4CBF-9468-F3F79F98F797}"= UDP:E:\Nowy folder (11)\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{10BB8679-FA8A-4D4A-B56A-E4DF63FF5959}"= TCP:E:\Nowy folder (11)\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{5DEB762B-42EF-4899-A008-5CDF779486CE}"= UDP:E:\Nowy folder (11)\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{15D084F1-124F-47D9-AEDE-B82274C4FEBB}"= TCP:E:\Nowy folder (11)\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{5BDB107F-93A2-4099-BBC0-EC3758D25F54}"= UDP:E:\Nowy folder (11)\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{27B60B3B-5D2D-4A98-9BA1-5C73BD7691AF}"= TCP:E:\Nowy folder (11)\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A8CD5BE6-65D9-46E4-89A3-924076611053}"= UDP:D:\Nowy folder (2)\Binaries\WarGame-G4WLive.exe:Gears of War
"{14C33589-71D9-426D-9C42-96D42EAEF26E}"= TCP:D:\Nowy folder (2)\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{186B3F3A-68B9-40A7-A7F1-37C3BB8874E9}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{3DDF9525-1932-4C99-B86F-E6C198CEAC21}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{3A76FCDF-B278-405A-9EDA-1642822B27BF}D:\\nowy folder (4)\\testdriveunlimited.exe"= UDP:D:\nowy folder (4)\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{68A7F708-7B5E-4137-90A2-7C4B44297A12}D:\\nowy folder (4)\\testdriveunlimited.exe"= TCP:D:\nowy folder (4)\testdriveunlimited.exe:Test Drive Unlimited
"{E6648B85-2382-4C3A-B33A-9411A6025622}"= UDP:E:\Crysis\Bin32\Crysis.exe:Crysis_32
"{4EB347B6-18C3-4A82-A2B9-55F0F17DF99A}"= TCP:E:\Crysis\Bin32\Crysis.exe:Crysis_32
"{FDBDCD7F-0044-4A4A-8D11-3D465C1DF478}"= UDP:E:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{3BC71E99-3E48-41A0-B156-E1F4FD0B5083}"= TCP:E:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{ADC89E3B-DEEF-4531-93D3-9585170CF0E5}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{BF975750-BF09-4694-B11D-8A64D9E2C5EF}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{6A7D08BB-1377-492B-B9C9-2B29501D6F34}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{A0E9B9C6-A360-4B94-A121-BA21628A69BE}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"{9182547F-F69C-4251-97FD-1D32EEB83FAE}"= UDP:E:\Nowy folder (8)\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DA5970C9-CDF3-4E87-A0B5-AF5F69DC09F1}"= TCP:E:\Nowy folder (8)\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{6FD43DA4-9412-4D50-B88F-608E7CE7FC73}"= UDP:E:\Nowy folder (8)\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A43BD8CE-5E04-42E3-9B31-4C7F52EA8D72}"= TCP:E:\Nowy folder (8)\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A5C5EB1F-0150-45A1-BCB2-F55C62640A81}"= UDP:E:\Nowy folder (8)\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{18CDB589-09CF-4474-B2BD-CAFC7D3CE8F4}"= TCP:E:\Nowy folder (8)\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A497D62C-73FB-47DE-9821-88759ED95991}"= UDP:E:\Nowy folder (2)\EE3.exe:Empire Earth III
"{E652126B-90E7-41E6-A9FA-3742B33859CB}"= TCP:E:\Nowy folder (2)\EE3.exe:Empire Earth III
"{FCC1EAD4-6E14-41D5-8F59-03A87857FB2B}"= UDP:E:\Nowy folder\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5BBF7F80-DBCB-4E1E-8407-9D8231722C06}"= TCP:E:\Nowy folder\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{759B854C-996F-420C-BB37-C5DF57191D43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B57941CB-0B62-433E-AA97-5B75EC2B43C0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55]
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2006-06-22 17:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 23:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{03C58126-383B-415F-ADB4-F7AB67D238DB}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-16 23:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{99932CAA-4B9E-44FC-93D9-B6FFBF46329C}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-16 23:05:12 C:\Windows\Tasks\User_Feed_Synchronization-{AFBF26B5-D0E4-480D-BA83-BEF6935EC92E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 01:08:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-17 1:09:53
ComboFix-quarantined-files.txt 2008-05-16 23:09:48

Pre-Run: 3,607,465,984 bajtów wolnych
Post-Run: 6,452,068,352 bajtów wolnych

367 --- E O F --- 2008-05-13 22:05:53

przez **huber2t** » 17 Maj 2008, 04:41

W logu nic nie widzę

przez **murarz777** » 21 Maj 2008, 14:29

Dobra temat zamknięty system down (padł)
porostu resetowałem kompa a tu info DMI pool data a pod tym
(jakiś plik dll) Compresed
ctrl+alt+del to restart
zrobiłem reinstall siedzę na xp

Windows Vista ubywajace miejsce z dysku

Windows Vista ubywajace miejsce z dysku

Kto jest na forum