Trojany po usunięciu ponownie się pojawiają

[likols]

Avira zwariowala : co chwila wyskakuje jakis trojan
po czym kiedy go usune pojawia sie nastepny i nast...
Zanim przeczytalem nowosci na forum juz uzylem combofixa
oto logi:

Kod: Zaznacz wszystko

DDS (Ver_09-07-30.01) - NTFSx86 
Run by Pan Piotr at 18:00:24,88 on 2009-09-07
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.353.1045.18.3066.2144 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\Installer\MSI46F5.tmp
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pan Piotr\Downloads\dds.pif
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: IEPluginBHO Class: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - c:\users\pan piotr\appdata\roaming\nowe gadu-gadu\_userdata\ggbho.1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nowe Gadu-Gadu] "c:\program files\nowe gadu-gadu\gg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\program files\avira\antivir desktop\avsda.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\panpio~1\appdata\roaming\mozilla\firefox\profiles\0vumbisv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-8-24 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-24 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-8-24 434945]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2009-8-12 13312]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI46F5.tmp [2009-9-3 189696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2009-8-12 242560]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-9-2 24786]
S2 ACDaemonAeLookupSvc;ArcSoft Connect Daemon ACDaemonAeLookupSvc;c:\windows\temp\ufqbimnsid.exe service --> c:\windows\temp\ufqbimnsid.exe service [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-24 38160]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-09-07 17:44   <DIR>   --dsh---   C:\$RECYCLE.BIN
2009-09-07 16:08   230,912   a-------   c:\windows\PEV.exe
2009-09-07 16:08   161,792   a-------   c:\windows\SWREG.exe
2009-09-07 16:08   98,816   a-------   c:\windows\sed.exe
2009-09-07 10:18   <DIR>   --d-----   c:\program files\common files\Yahoo!
2009-09-07 10:18   <DIR>   --d-----   c:\programdata\Pinnacle VideoSpin
2009-09-07 10:18   <DIR>   --d-----   c:\program files\Pinnacle
2009-09-07 10:18   <DIR>   --d-----   c:\progra~2\Pinnacle VideoSpin
2009-09-07 10:16   <DIR>   --d-----   c:\programdata\Pinnacle
2009-09-04 13:52   <DIR>   --d-----   c:\program files\common files\COWON
2009-09-04 13:52   <DIR>   --d-----   c:\program files\JetAudio
2009-09-04 12:40   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\OpenOffice.ux.pl
2009-09-04 12:38   <DIR>   --d-----   c:\program files\OpenOffice.ux.pl 3
2009-09-04 12:09   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\SolidDocuments
2009-09-03 16:14   <DIR>   --d-----   c:\program files\SolidDocuments
2009-09-03 16:13   <DIR>   --d-----   c:\programdata\SolidDocuments
2009-09-03 16:13   <DIR>   --d-----   c:\progra~2\SolidDocuments
2009-09-03 08:02   28,672   a-------   c:\windows\system32\Apphlpdm.dll
2009-09-03 08:02   4,240,384   a-------   c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 09:44   <DIR>   --d-----   C:\Scenes
2009-09-02 09:44   24,786   a-------   c:\windows\system32\drivers\eusk2par.sys
2009-09-02 09:44   <DIR>   --d-----   C:\KD
2009-09-02 09:32   <DIR>   --d-----   c:\program files\NETPLUS
2009-09-02 09:21   <DIR>   --d-----   c:\program files\GIMP-2.0
2009-09-01 12:58   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\PeerNetworking
2009-08-31 19:14   <DIR>   --d-----   c:\programdata\CyberLink
2009-08-31 17:02   <DIR>   --d-----   c:\programdata\WindowsSearch
2009-08-31 14:22   <DIR>   --d-----   c:\programdata\ArcSoft
2009-08-31 14:22   <DIR>   --d-----   c:\progra~2\ArcSoft
2009-08-31 14:21   1,645,320   a-------   c:\windows\system32\gdiplus.dll
2009-08-31 14:21   245,408   a-------   c:\windows\system32\unicows.dll
2009-08-31 14:20   <DIR>   --d-----   C:\Philips
2009-08-31 14:19   <DIR>   --d-----   C:\temp
2009-08-31 13:19   0   a---h---   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-27 20:59   487,820   a-------   c:\windows\system32\controlpcsecuryti.exe
2009-08-26 09:51   2,048   a-------   c:\windows\system32\tzres.dll
2009-08-25 14:25   56   a---h---   c:\windows\system32\ezsidmv.dat
2009-08-25 13:04   <DIR>   --d-----   c:\programdata\SUPERAntiSpyware.com
2009-08-25 13:04   <DIR>   --d-----   c:\progra~2\SUPERAntiSpyware.com
2009-08-25 13:02   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\SUPERAntiSpyware.com
2009-08-25 13:02   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-08-25 13:02   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-08-25 11:44   <DIR>   --d-----   c:\users\pan piotr\.thumbnails
2009-08-24 14:52   <DIR>   --d-----   c:\program files\Cossacks - Back To War
2009-08-24 13:23   0   a---h---   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-24 13:07   <DIR>   --d-----   c:\program files\Yamicsoft
2009-08-24 12:02   168,448   a-------   c:\windows\system32\unrar.dll
2009-08-24 12:02   38   a-------   c:\windows\avisplitter.ini
2009-08-24 12:02   839,680   a-------   c:\windows\system32\lameACM.acm
2009-08-24 12:02   217,088   a-------   c:\windows\system32\yv12vfw.dll
2009-08-24 12:02   118,784   a-------   c:\windows\system32\ac3acm.acm
2009-08-24 12:02   414   a-------   c:\windows\system32\lame_acm.xml
2009-08-24 12:02   3,596,288   a-------   c:\windows\system32\qt-dx331.dll
2009-08-24 12:02   205,824   a-------   c:\windows\system32\xvidvfw.dll
2009-08-24 12:02   90,112   a-------   c:\windows\system32\dpl100.dll
2009-08-24 12:02   685,056   a-------   c:\windows\system32\divx.dll
2009-08-24 12:02   85,504   a-------   c:\windows\system32\ff_vfw.dll
2009-08-24 12:02   547   a-------   c:\windows\system32\ff_vfw.dll.manifest
2009-08-24 12:02   <DIR>   --d-----   c:\program files\K-Lite Codec Pack
2009-08-24 11:51   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\Malwarebytes
2009-08-24 11:50   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 11:50   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-08-24 11:50   <DIR>   --d-----   c:\programdata\Malwarebytes
2009-08-24 11:50   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-08-24 11:50   <DIR>   --d-----   c:\progra~2\Malwarebytes
2009-08-24 08:44   <DIR>   --d-----   c:\program files\Trend Micro
2009-08-24 08:38   55,656   a-------   c:\windows\system32\drivers\avgntflt.sys
2009-08-24 08:23   28,219   a-------   c:\programdata\nvModes.dat
2009-08-24 08:23   28,219   a-------   c:\progra~2\nvModes.dat
2009-08-21 22:30   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\DriverCure
2009-08-21 22:30   <DIR>   --d-----   c:\programdata\ParetoLogic
2009-08-21 22:30   <DIR>   --d-----   c:\programdata\DriverCure
2009-08-21 22:30   <DIR>   --d-----   c:\program files\common files\ParetoLogic
2009-08-21 22:30   <DIR>   --d-----   c:\progra~2\ParetoLogic
2009-08-21 22:30   <DIR>   --d-----   c:\progra~2\DriverCure
2009-08-21 19:54   <DIR>   --d-----   c:\users\pan piotr\DoctorWeb
2009-08-21 16:51   <DIR>   --d-----   c:\programdata\Avira
2009-08-21 16:51   <DIR>   --d-----   c:\program files\Avira
2009-08-21 16:51   <DIR>   --d-----   c:\progra~2\Avira
2009-08-21 11:42   <DIR>   --d-----   c:\program files\Metin2_PL
2009-08-20 11:07   <DIR>   --d-----   c:\users\pan piotr\.gimp-2.6
2009-08-20 11:07   <DIR>   --d-----   c:\users\pan piotr\.gegl-0.0
2009-08-19 18:57   <DIR>   --d-----   c:\program files\NAPI-PROJEKT
2009-08-18 11:43   <DIR>   --d-----   c:\programdata\Lavasoft
2009-08-18 09:05   <DIR>   --d-----   c:\programdata\Real
2009-08-18 09:05   <DIR>   --d-----   c:\program files\Real Alternative
2009-08-17 19:18   <DIR>   --d--r--   c:\program files\Skype
2009-08-17 19:18   <DIR>   --d-----   c:\programdata\Skype
2009-08-17 03:00   <DIR>   --d-----   C:\3bbe6717ca6d1900a71ebc4f
2009-08-17 00:34   428,544   a-------   c:\windows\system32\EncDec.dll
2009-08-17 00:34   217,088   a-------   c:\windows\system32\psisrndr.ax
2009-08-17 00:34   293,376   a-------   c:\windows\system32\psisdecd.dll
2009-08-17 00:34   177,664   a-------   c:\windows\system32\mpg2splt.ax
2009-08-17 00:34   80,896   a-------   c:\windows\system32\MSNP.ax
2009-08-17 00:34   57,856   a-------   c:\windows\system32\MSDvbNP.ax
2009-08-17 00:33   12,240,896   a-------   c:\windows\system32\NlsLexicons0007.dll
2009-08-17 00:33   2,644,480   a-------   c:\windows\system32\NlsLexicons0009.dll
2009-08-17 00:33   801,280   a-------   c:\windows\system32\NaturalLanguage6.dll
2009-08-16 08:45   <DIR>   --d-----   c:\programdata\LightScribe
2009-08-16 08:45   <DIR>   --d-----   c:\progra~2\LightScribe
2009-08-14 10:11   97,800   a-------   c:\windows\system32\infocardapi.dll
2009-08-14 10:11   105,016   a-------   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-14 10:11   622,080   a-------   c:\windows\system32\icardagt.exe
2009-08-14 10:11   37,384   a-------   c:\windows\system32\infocardcpl.cpl
2009-08-14 10:11   43,544   a-------   c:\windows\system32\PresentationHostProxy.dll
2009-08-14 10:11   11,264   a-------   c:\windows\system32\icardres.dll
2009-08-14 10:10   781,344   a-------   c:\windows\system32\PresentationNative_v0300.dll
2009-08-14 10:10   326,160   a-------   c:\windows\system32\PresentationHost.exe
2009-08-14 00:10   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\COWON
2009-08-13 19:54   0   a---h---   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-13 14:32   319,000   a-------   c:\windows\system32\drivers\iaStor.sys
2009-08-13 11:39   <DIR>   --d-----   c:\programdata\HPSSUPPLY
2009-08-13 11:39   <DIR>   --d-----   c:\program files\HP
2009-08-13 11:33   <DIR>   --d-h---   c:\program files\Avago-HP
2009-08-13 11:32   <DIR>   --dsh---   c:\windows\ftpcache
2009-08-12 22:53   3,497,832   a-------   c:\windows\system32\d3dx9_34.dll
2009-08-12 22:53   2,414,360   a-------   c:\windows\system32\d3dx9_31.dll
2009-08-12 22:53   <DIR>   --d-----   c:\programdata\Media Center Programs
2009-08-12 22:53   <DIR>   --d-----   c:\progra~2\Media Center Programs
2009-08-12 22:53   278,728   a-------   c:\windows\system32\drivers\atksgt.sys
2009-08-12 22:53   25,416   a-------   c:\windows\system32\drivers\lirsgt.sys
2009-08-12 18:26   <DIR>   --d-----   c:\program files\GSC Game World
2009-08-12 18:18   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\VSRevoGroup
2009-08-12 18:10   <DIR>   --d-----   c:\program files\PowerISO
2009-08-12 17:50   881,664   a-------   c:\windows\system32\xvidcore.dll
2009-08-12 17:50   <DIR>   --d-----   c:\programdata\ALLPlayer
2009-08-12 17:50   <DIR>   --d-----   c:\progra~2\ALLPlayer
2009-08-12 17:50   892,928   a-------   c:\windows\system32\iconv.dll
2009-08-12 17:50   675,840   a-------   c:\windows\system32\ac3filter.ax
2009-08-12 17:50   <DIR>   --d-----   c:\program files\ALLPlayer
2009-08-12 17:48   <DIR>   --d-----   c:\program files\CCleaner
2009-08-12 17:08   <DIR>   --d-----   c:\programdata\DAEMON Tools Lite
2009-08-12 17:08   <DIR>   --d-----   c:\progra~2\DAEMON Tools Lite
2009-08-12 17:08   <DIR>   --d-----   c:\program files\DAEMON Tools Toolbar
2009-08-12 17:08   <DIR>   --d-----   c:\program files\DAEMON Tools Lite
2009-08-12 16:00   721,904   a-------   c:\windows\system32\drivers\sptd.sys
2009-08-12 16:00   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\DAEMON Tools Lite
2009-08-12 15:57   96,760   a-------   c:\windows\system32\dfshim.dll
2009-08-12 15:57   282,112   a-------   c:\windows\system32\mscoree.dll
2009-08-12 15:57   41,984   a-------   c:\windows\system32\netfxperf.dll
2009-08-12 15:56   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\Nowe Gadu-Gadu
2009-08-12 15:56   <DIR>   --d-----   c:\program files\Nowe Gadu-Gadu
2009-08-12 15:56   158,720   a-------   c:\windows\system32\mscorier.dll
2009-08-12 15:55   83,968   a-------   c:\windows\system32\mscories.dll
2009-08-12 15:49   499,712   a-------   c:\windows\system32\kerberos.dll
2009-08-12 15:49   213,504   a-------   c:\windows\system32\msv1_0.dll
2009-08-12 15:49   175,104   a-------   c:\windows\system32\wdigest.dll
2009-08-12 15:49   1,256,448   a-------   c:\windows\system32\lsasrv.dll
2009-08-12 15:49   270,848   a-------   c:\windows\system32\schannel.dll
2009-08-12 15:49   439,896   a-------   c:\windows\system32\drivers\ksecdd.sys
2009-08-12 15:49   72,704   a-------   c:\windows\system32\secur32.dll
2009-08-12 15:49   9,728   a-------   c:\windows\system32\lsass.exe
2009-08-12 15:45   313,344   a-------   c:\windows\system32\wmpdxm.dll
2009-08-12 15:45   7,680   a-------   c:\windows\system32\spwmp.dll
2009-08-12 15:45   4,096   a-------   c:\windows\system32\msdxm.ocx
2009-08-12 15:45   4,096   a-------   c:\windows\system32\dxmasf.dll
2009-08-12 15:43   562,176   a-------   c:\windows\system32\msdtcprx.dll
2009-08-12 15:42   2,927,104   a-------   c:\windows\explorer.exe
2009-08-12 15:42   738,304   a-------   c:\windows\system32\inetcomm.dll
2009-08-12 15:23   1,645,568   a-------   c:\windows\system32\connect.dll
2009-08-12 15:20   784,896   a-------   c:\windows\system32\rpcrt4.dll
2009-08-12 15:16   1,314,816   a-------   c:\windows\system32\quartz.dll
2009-08-12 15:12   1,334,272   a-------   c:\windows\system32\msxml6.dll
2009-08-12 14:59   1,524,736   a-------   c:\windows\system32\wucltux.dll
2009-08-12 14:59   <DIR>   --d-----   c:\program files\VS Revo Group
2009-08-12 14:58   83,456   a-------   c:\windows\system32\wudriver.dll
2009-08-12 14:58   <DIR>   --d-----   c:\program files\uTorrent
2009-08-12 14:58   162,064   a-------   c:\windows\system32\wuwebv.dll
2009-08-12 14:58   31,232   a-------   c:\windows\system32\wuapp.exe
2009-08-12 14:58   <DIR>   --d-----   c:\users\panpio~1\appdata\roaming\uTorrent
2009-08-12 14:55   <DIR>   --d-----   c:\programdata\NVIDIA
2009-08-12 14:49   <DIR>   --d-----   c:\program files\common files\PX Storage Engine
2009-08-12 14:37   148,480   a-------   c:\windows\system32\drivers\nwifi.sys
2009-08-12 14:36   5,888   a-------   c:\windows\system32\drivers\usbd.sys
2009-08-12 14:36   23,552   a-------   c:\windows\system32\drivers\usbuhci.sys
2009-08-12 14:36   226,304   a-------   c:\windows\system32\drivers\usbport.sys
2009-08-12 14:36   194,560   a-------   c:\windows\system32\drivers\usbhub.sys
2009-08-12 14:36   73,216   a-------   c:\windows\system32\drivers\usbccgp.sys
2009-08-12 14:36   39,424   a-------   c:\windows\system32\drivers\usbehci.sys
2009-08-12 14:35   223,288   a-------   c:\windows\system32\drivers\netio.sys
2009-08-12 14:29   6,656   a-------   c:\windows\system32\kbd106n.dll
2009-08-12 14:29   19,000   a-------   c:\windows\system32\kd1394.dll
2009-08-12 14:29   14,848   a-------   c:\windows\system32\srdelayed.exe
2009-08-12 14:29   40,960   a-------   c:\windows\system32\srclient.dll
2009-08-12 14:29   615,992   a-------   c:\windows\system32\ci.dll
2009-08-12 14:28   927,288   a-------   c:\windows\system32\winresume.exe
2009-08-12 14:28   988,216   a-------   c:\windows\system32\winload.exe
2009-08-12 14:28   378,368   a-------   c:\windows\system32\srcore.dll
2009-08-12 14:28   318,464   a-------   c:\windows\system32\rstrui.exe
2009-08-12 14:28   46,592   a-------   c:\windows\system32\setbcdlocale.dll
2009-08-12 14:26   684   a-------   c:\windows\HotFixList.ini
2009-08-12 14:25   172,032   a-------   c:\windows\SMCM.dll
2009-08-12 14:25   2,438   a-------   c:\windows\ebm.reg
2009-08-12 14:24   <DIR>   --d-----   c:\programdata\Adobe
2009-08-12 14:24   <DIR>   --d-----   C:\Samsung
2009-08-12 14:23   <DIR>   --d-----   c:\windows\system32\NetsyncAgent
2009-08-12 14:21   <DIR>   --d-----   c:\program files\common files\MSSoap
2009-08-12 14:17   <DIR>   --d-----   c:\programdata\McAfee
2009-08-12 14:16   9,550   a-------   c:\windows\system32\SetAutoFailover.cmd
2009-08-12 14:16   151   a-------   c:\windows\system32\SamsungSetAutoFailover.cmd
2009-08-12 14:16   <DIR>   --d-----   c:\windows\WinClon
2009-08-12 14:16   0   a---h---   c:\windows\system32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
2009-08-12 14:15   13,312   a-------   c:\windows\system32\drivers\KMDFMEMIO.sys
2009-08-12 14:15   135   a----r--   c:\windows\system32\lngEng.ini
2009-08-12 14:15   117   a-------   c:\windows\system32\lngKor.ini
2009-08-12 14:15   <DIR>   --dsh---   c:\windows\Installer
2009-08-12 14:15   1,066,544   --------   c:\windows\system32\MFC71.dll
2009-08-12 14:15   1,053,232   --------   c:\windows\system32\MFC71u.dll
2009-08-12 14:11   <DIR>   --d-----   C:\MyWorks
2009-08-12 14:11   47,136   a-------   c:\windows\system32\msxmb367.rra
2009-08-12 14:11   27,168   --------   c:\windows\system32\msxml3a.dll
2009-08-12 14:10   <DIR>   --d-----   c:\program files\Samsung
2009-08-12 14:09   <DIR>   --d-----   c:\windows\VMC302
2009-08-12 14:09   503,808   a-------   c:\windows\system32\vmc302.ax
2009-08-12 14:09   242,560   a-------   c:\windows\system32\drivers\vmc302.sys
2009-08-12 14:09   98,304   a-------   c:\windows\system32\VMCtrl.ax
2009-08-12 14:09   73,728   a-------   c:\windows\system32\exvmuvc.ax
2009-08-12 14:09   11,776   a-------   c:\windows\system32\vmc302.dll
2009-08-12 14:09   15,086   a-------   c:\windows\uninstall.ico
2009-08-12 14:09   8,990   a-------   c:\windows\Product.ico
2009-08-12 14:09   <DIR>   --d-----   c:\program files\Vimicro Corporation
2009-08-12 14:09   502,816   --------   c:\windows\system32\msvcp71.dll
2009-08-12 14:09   348,160   --------   c:\windows\system32\msvcr71.dll
2009-08-12 14:09   0   a---h---   c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-12 14:08   <DIR>   --d-----   c:\program files\Synaptics
2009-08-12 14:08   1,060,424   a-------   c:\windows\system32\WdfCoInstaller01000.dll
2009-08-12 14:08   196,608   a-------   c:\windows\system32\SynCtrl.dll
2009-08-12 14:08   193,456   a-------   c:\windows\system32\drivers\SynTP.sys
2009-08-12 14:08   163,840   a-------   c:\windows\system32\SynCOM.dll
2009-08-12 14:08   147,456   a-------   c:\windows\system32\SynTPAPI.dll
2009-08-12 14:08   110,592   a-------   c:\windows\system32\SynTPCo4.dll
2009-08-12 14:08   45,056   a-------   c:\windows\system32\RmWLAN.exe
2009-08-12 14:08   42,496   a-------   c:\windows\system32\RmWLAN64.exe
2009-08-12 14:08   40,960   a-------   c:\windows\system32\IhDEV.exe
2009-08-12 14:08   24,576   a-------   c:\windows\system32\IhINF.exe
2009-08-12 14:08   <DIR>   --d-----   c:\program files\Atheros WLAN Client
2009-08-12 14:07   298,496   a-------   c:\windows\system32\drivers\yk60x86.sys
2009-08-12 14:07   50,752   --------   c:\windows\system32\agrsmdel.exe
2009-08-12 14:07   1,161,888   a-------   c:\windows\system32\drivers\AGRSM.sys
2009-08-12 14:07   50,752   a-------   c:\windows\agrsmdel.exe
2009-08-12 14:07   13,312   a-------   c:\windows\system32\agrscoin.dll
2009-08-12 14:07   9,216   a-------   c:\windows\system32\agrsmsvc.exe
2009-08-12 14:07   <DIR>   --d-----   c:\windows\Options
2009-08-12 14:06   <DIR>   --d-----   c:\program files\Realtek
2009-08-12 14:05   485,920   a-------   c:\windows\system32\NVUNINST.EXE
2009-08-12 14:04   1,034,776   a-------   c:\windows\system32\imsmudlg.exe
2009-08-12 14:04   319,456   a-------   c:\windows\system32\difxapi.dll
2009-08-12 14:04   <DIR>   --d-----   c:\windows\system32\Lang
2009-08-12 14:01   53,248   a-------   c:\windows\system32\CSVer.dll
2009-08-12 14:01   <DIR>   --d-----   C:\Intel
2009-08-12 13:59   <DIR>   --dsh---   c:\users\pan piotr\Ustawienia lokalne
2009-08-12 13:59   <DIR>   --dsh---   c:\users\pan piotr\Szablony
2009-08-12 13:59   <DIR>   --dsh---   c:\users\pan piotr\Moje dokumenty
2009-08-12 13:59   <DIR>   --dsh---   c:\users\pan piotr\Menu Start
2009-08-12 13:59   <DIR>   --dsh---   c:\users\pan piotr\Dane aplikacji
2009-08-12 13:59   <DIR>   --d-----   c:\users\Pan Piotr
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Ulubione
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Szablony
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Pulpit
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Menu Start
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Dokumenty
2009-08-12 13:57   <DIR>   --dsh---   c:\programdata\Dane aplikacji
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Ulubione
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Szablony
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Pulpit
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Menu Start
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Dokumenty
2009-08-12 13:57   <DIR>   --dsh---   c:\progra~2\Dane aplikacji
2009-08-12 13:34   <DIR>   --d-----   c:\windows\Panther
2009-08-12 13:33   8,192   a--s-r--   C:\BOOTSECT.BAK
2009-08-12 13:33   333,203   a--shr--   C:\bootmgr
2009-08-12 13:33   <DIR>   --dsh---   C:\Boot
2009-08-12 13:33   <DIR>   --d-----   c:\windows\system32\OEM

==================== Find3M  ====================

2009-08-28 13:39   173,056   a-------   c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38   2,153,984   a-------   c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38   541,696   a-------   c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38   459,776   a-------   c:\windows\apppatch\AcSpecfc.dll
2009-08-24 13:22   86,016   a-------   c:\windows\inf\infstrng.dat
2009-08-24 13:22   51,200   a-------   c:\windows\inf\infpub.dat
2009-08-24 13:22   86,016   a-------   c:\windows\inf\infstor.dat
2009-08-17 10:01   653,534   a-------   c:\windows\system32\perfh015.dat
2009-08-17 10:01   126,792   a-------   c:\windows\system32\perfc015.dat
2009-08-13 12:41   665,600   a-------   c:\windows\inf\drvindex.dat
2009-08-12 14:06   319,456   a-------   c:\windows\DIFxAPI.dll
2009-08-12 14:06   315,392   a-------   c:\windows\HideWin.exe
2009-07-27 03:43   58,908   a-------   c:\windows\system32\drivers\scdemu.sys
2009-07-21 22:52   915,456   a-------   c:\windows\system32\wininet.dll
2009-07-21 22:47   109,056   a-------   c:\windows\system32\iesysprep.dll
2009-07-21 22:47   71,680   a-------   c:\windows\system32\iesetup.dll
2009-07-21 21:13   133,632   a-------   c:\windows\system32\ieUnatt.exe
2009-07-17 15:35   71,680   a-------   c:\windows\system32\atl.dll
2009-07-14 11:59   8,147,456   a-------   c:\windows\system32\wmploc.DLL
2009-06-26 22:54   57,344   a-------   c:\windows\system32\nvapo32v.dll
2009-06-26 22:54   19,456   a-------   c:\windows\system32\nvhdap32.dll
2009-06-24 22:07   151,552   a-------   c:\windows\system32\nvcohda.dll
2009-06-24 22:07   485,920   a-------   c:\windows\system32\nvuhda.exe
2009-06-15 16:24   156,672   a-------   c:\windows\system32\t2embed.dll
2009-06-15 16:20   72,704   a-------   c:\windows\system32\fontsub.dll
2009-06-15 16:20   10,240   a-------   c:\windows\system32\dciman32.dll
2009-06-15 13:52   289,792   a-------   c:\windows\system32\atmfd.dll
2009-06-10 13:12   160,256   a-------   c:\windows\system32\wkssvc.dll
2009-06-10 13:07   91,136   a-------   c:\windows\system32\avifil32.dll
2008-01-21 07:23   332,832   a-------   c:\windows\inf\perflib\0415\perfi.dat
2008-01-21 07:23   332,832   a-------   c:\windows\inf\perflib\0415\perfh.dat
2008-01-21 07:23   37,468   a-------   c:\windows\inf\perflib\0415\perfd.dat
2008-01-21 07:23   37,468   a-------   c:\windows\inf\perflib\0415\perfc.dat
2008-01-21 03:43   174   a--sh---   c:\program files\desktop.ini
2006-11-02 10:20   287,440   a-------   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20   287,440   a-------   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20   30,674   a-------   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20   30,674   a-------   c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:01:12,88 ===============


Kod: Zaznacz wszystko

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2009-08-12 13:39:11
System Uptime: 2009-09-07 17:53:57 (1 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | R510/P510                 
Processor: Intel(R) Pentium(R) Dual  CPU  T3200  @ 2.00GHz | U2E1 | 2000/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 98,522 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 53,536 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_ROTSCXXIQCPFMO_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_ROTSCXXIQCPFMO_XX
Service: rotscxxiqcpfmo

==== System Restore Points ===================

RP139: 2009-09-03 16:17:21 - Installed Microsoft Office Word Viewer 2003
RP140: 2009-09-04 08:55:44 - Windows Update
RP142: 2009-09-04 10:25:52 - Configured COWON Media Center - jetAudio Plus VX
RP144: 2009-09-04 12:04:07 - Revo Uninstaller's restore point - COWON Media Center - jetAudio Plus VX
RP146: 2009-09-04 12:04:35 - Removed COWON Media Center - jetAudio Plus VX
RP147: 2009-09-04 12:38:07 - Zainstalowano: OpenOffice.ux.pl 3.1
RP149: 2009-09-04 13:52:29 - Installed COWON Media Center - jetAudio Plus VX
RP151: 2009-09-04 13:53:24 - Configured COWON Media Center - jetAudio Plus VX
RP152: 2009-09-05 10:20:32 - Zaplanowany punkt kontrolny
RP153: 2009-09-06 11:29:12 - Zaplanowany punkt kontrolny
RP154: 2009-09-07 00:41:18 - Zaplanowany punkt kontrolny
RP155: 2009-09-07 10:17:13 - Installed Pinnacle VideoSpin.

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8 - Polish
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Agere Systems HDA Modem
ALLPlayer V4.X
Archiwizator WinRAR
Atheros WLAN Client
µTorrent
Avira AntiVir Premium
Call of Juarez - Bound in Blood
CCleaner (remove only)
Cossacks - Back To War
Cossacks II
COWON Media Center - jetAudio Plus VX
CyberLink Power2Go
DAEMON Tools Toolbar
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
GIMP 2.6.7
GoGear VIBE Device Manager
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPSSupply
imagine digital freedom - Samsung
Intel(R) Matrix Storage Manager
K-Lite Codec Pack 5.0.5 (Full)
LabelPrint
Malwarebytes' Anti-Malware
Media Converter for Philips
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft Office Word Viewer 2003
Microsoft SOAP Toolkit 2.0 SP2
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.2)
MrvlUsgTracking
Nowe Gadu-Gadu
NVIDIA Drivers
OpenOffice.ux.pl 3.1
Pakiet jezykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
Pinnacle VideoSpin
Play AVStation
PlayCamera
PowerDirector
PowerDVD
PowerISO
PowerProducer
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Skype™ 4.1
Solid Converter PDF
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
THE SETTLERS - Rise of an Empire
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vimicro UVC Camera
Vista Manager
Winamp

==== End Of File ===========================


[wojtas]

jak uzyles to daj juz z niego loga

[likols]

Kod: Zaznacz wszystko

ComboFix 09-09-06.06 - Pan Piotr 2009-09-07 17:22.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.353.1045.18.3066.2260 [GMT 1:00]
Running from: c:\users\Pan Piotr\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\rotscxmilyjamc.sys
c:\windows\system32\drivers\rotscxmnpvwwqp.sys
c:\windows\system32\drivers\rotscxvppufxjw.sys
c:\windows\system32\rotscxeiosdvtq.dll
c:\windows\system32\rotscxrgscnlvf.dat
c:\windows\system32\rotscxstwrbqvw.dll
c:\windows\system32\rotscxtioitiub.dat
c:\windows\system32\rotscxtpsqhtxv.dll
c:\windows\system32\rotscxwrewnoij.dat
c:\windows\system32\rotscxxkpoiwbt.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxxiqcpfmo
-------\Service_rotscxxiqcpfmo


(((((((((((((((((((((((((   Files Created from 2009-08-07 to 2009-09-07  )))))))))))))))))))))))))))))))
.

2009-09-07 16:43 . 2009-09-07 16:45   --------   d-----w-   c:\users\Pan Piotr\AppData\Local\temp
2009-09-07 09:18 . 2009-09-07 09:18   --------   d-----w-   c:\program files\Common Files\Yahoo!
2009-09-07 09:18 . 2009-09-07 09:18   --------   d-----w-   c:\program files\Pinnacle
2009-09-07 09:18 . 2009-09-07 09:18   --------   d-----w-   c:\programdata\Pinnacle VideoSpin
2009-09-07 09:16 . 2009-09-07 09:16   --------   d-----w-   c:\programdata\Pinnacle
2009-09-07 09:16 . 2009-09-07 09:16   --------   d-----w-   c:\users\Pan Piotr\AppData\Local\Downloaded Installations
2009-09-04 12:52 . 2009-09-04 12:52   --------   d-----w-   c:\program files\Common Files\COWON
2009-09-04 12:52 . 2009-09-04 12:53   --------   d-----w-   c:\program files\JetAudio
2009-09-04 11:40 . 2009-09-04 11:40   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\OpenOffice.ux.pl
2009-09-04 11:38 . 2009-09-04 11:38   --------   d-----w-   c:\program files\OpenOffice.ux.pl 3
2009-09-04 11:09 . 2009-09-04 11:10   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\SolidDocuments
2009-09-03 15:17 . 2009-09-03 15:17   --------   d--h--r-   C:\MSOCache
2009-09-03 15:14 . 2009-09-03 15:14   --------   d-----w-   c:\program files\SolidDocuments
2009-09-03 15:13 . 2009-09-03 15:13   --------   d-----w-   c:\programdata\SolidDocuments
2009-09-03 07:02 . 2009-08-28 12:39   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2009-09-03 07:02 . 2009-08-28 10:15   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 08:44 . 2009-09-02 09:01   --------   d-----w-   C:\Scenes
2009-09-02 08:44 . 2004-11-18 10:49   24786   ----a-w-   c:\windows\system32\drivers\eusk2par.sys
2009-09-02 08:44 . 2009-09-02 09:06   --------   d-----w-   C:\KD
2009-09-02 08:32 . 2009-09-02 08:32   --------   d-----w-   c:\program files\NETPLUS
2009-09-02 08:22 . 2009-09-02 08:22   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\gtk-2.0
2009-09-02 08:21 . 2009-09-02 08:21   --------   d-----w-   c:\program files\GIMP-2.0
2009-09-01 11:58 . 2009-09-01 11:58   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\PeerNetworking
2009-08-31 18:14 . 2009-08-31 18:14   --------   d-----w-   c:\users\Public\CyberLink
2009-08-31 18:14 . 2009-08-31 18:14   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\CyberLink
2009-08-31 18:14 . 2009-08-31 18:14   --------   d-----w-   c:\programdata\CyberLink
2009-08-31 16:02 . 2009-08-31 16:02   --------   d-----w-   c:\programdata\WindowsSearch
2009-08-31 13:22 . 2009-08-31 13:22   --------   d-----w-   c:\users\Pan Piotr\AppData\Local\ArcSoft
2009-08-31 13:22 . 2009-08-31 13:22   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\ArcSoft
2009-08-31 13:22 . 2009-08-31 13:22   --------   d-----w-   c:\programdata\ArcSoft
2009-08-31 13:21 . 2004-05-04 10:53   1645320   ----a-w-   c:\windows\system32\gdiplus.dll
2009-08-31 13:21 . 2009-08-31 13:21   --------   d-----w-   c:\program files\Common Files\ArcSoft
2009-08-31 13:21 . 2009-08-31 13:21   --------   d-----w-   c:\program files\ArcSoft
2009-08-31 13:21 . 2005-04-27 15:36   245408   ----a-w-   c:\windows\system32\unicows.dll
2009-08-31 13:20 . 2009-08-31 13:20   --------   d-----w-   C:\Philips
2009-08-31 13:19 . 2009-08-31 13:22   --------   d-----w-   C:\temp
2009-08-27 19:59 . 2009-08-27 19:54   487820   ----a-w-   c:\windows\system32\controlpcsecuryti.exe
2009-08-26 08:51 . 2009-06-22 10:22   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-08-25 13:25 . 2009-08-25 13:25   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-08-25 13:23 . 2009-08-25 13:23   --------   d-----w-   c:\program files\Common Files\Skype
2009-08-25 12:04 . 2009-08-25 12:04   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2009-08-25 12:02 . 2009-08-25 12:02   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-08-25 12:02 . 2009-08-25 12:02   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\SUPERAntiSpyware.com
2009-08-25 12:02 . 2009-08-25 12:02   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-08-25 10:44 . 2009-08-25 10:44   --------   d-----w-   c:\users\Pan Piotr\.thumbnails
2009-08-24 13:52 . 2009-08-30 20:50   --------   d-----w-   c:\program files\Cossacks - Back To War
2009-08-24 12:07 . 2009-08-24 12:07   --------   d-----w-   c:\program files\Yamicsoft
2009-08-24 11:02 . 2008-09-16 19:23   168448   ----a-w-   c:\windows\system32\unrar.dll
2009-08-24 11:02 . 2004-01-25 16:18   217088   ----a-w-   c:\windows\system32\yv12vfw.dll
2009-08-24 11:02 . 2009-05-29 21:37   205824   ----a-w-   c:\windows\system32\xvidvfw.dll
2009-08-24 11:02 . 2009-05-01 21:02   90112   ----a-w-   c:\windows\system32\dpl100.dll
2009-08-24 11:02 . 2008-11-06 16:37   3596288   ----a-w-   c:\windows\system32\qt-dx331.dll
2009-08-24 11:02 . 2009-05-01 21:02   685056   ----a-w-   c:\windows\system32\divx.dll
2009-08-24 11:02 . 2009-06-02 16:11   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2009-08-24 11:02 . 2009-08-24 11:02   --------   d-----w-   c:\program files\K-Lite Codec Pack
2009-08-24 10:51 . 2009-08-24 10:51   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\Malwarebytes
2009-08-24 10:50 . 2009-08-03 12:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 10:50 . 2009-08-24 10:51   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-08-24 10:50 . 2009-08-24 10:50   --------   d-----w-   c:\programdata\Malwarebytes
2009-08-24 10:50 . 2009-08-03 12:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-08-24 07:44 . 2009-08-24 07:44   --------   d-----w-   c:\program files\Trend Micro
2009-08-24 07:38 . 2009-07-28 15:33   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-08-24 07:38 . 2009-03-30 09:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2009-08-21 21:43 . 2009-08-21 21:43   --------   d-----w-   c:\windows\Sun
2009-08-21 21:37 . 2009-08-21 21:37   --------   d-----w-   c:\program files\Java
2009-08-21 21:30 . 2009-08-21 21:31   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\DriverCure
2009-08-21 21:30 . 2009-08-21 21:33   --------   d-----w-   c:\programdata\DriverCure
2009-08-21 21:30 . 2009-08-21 21:30   --------   d-----w-   c:\programdata\ParetoLogic
2009-08-21 21:30 . 2009-08-21 21:30   --------   d-----w-   c:\program files\Common Files\ParetoLogic
2009-08-21 18:54 . 2009-08-21 18:54   --------   d-----w-   c:\users\Pan Piotr\DoctorWeb
2009-08-21 15:51 . 2009-08-24 07:38   --------   d-----w-   c:\programdata\Avira
2009-08-21 15:51 . 2009-08-21 15:51   --------   d-----w-   c:\program files\Avira
2009-08-21 10:42 . 2009-09-07 14:23   --------   d-----w-   c:\program files\Metin2_PL
2009-08-20 10:07 . 2009-09-02 08:21   --------   d-----w-   c:\users\Pan Piotr\.gimp-2.6
2009-08-20 10:07 . 2009-08-20 10:07   --------   d-----w-   c:\users\Pan Piotr\.gegl-0.0
2009-08-19 17:57 . 2009-08-19 17:58   --------   d-----w-   c:\program files\NAPI-PROJEKT
2009-08-18 10:46 . 2009-08-19 12:04   --------   dc----w-   c:\windows\system32\DRVSTORE
2009-08-18 10:43 . 2009-08-19 12:04   --------   d-----w-   c:\programdata\Lavasoft
2009-08-18 08:06 . 2009-08-18 08:06   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\Media Player Classic
2009-08-18 08:05 . 2009-08-24 11:01   --------   d-----w-   c:\program files\Real Alternative
2009-08-18 08:05 . 2009-08-18 08:05   --------   d-----w-   c:\users\Pan Piotr\AppData\Local\Real
2009-08-17 18:21 . 2009-09-05 13:25   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\skypePM
2009-08-17 18:19 . 2009-09-05 14:10   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\Skype
2009-08-17 18:18 . 2009-08-25 13:23   --------   d-----r-   c:\program files\Skype
2009-08-17 18:18 . 2009-08-25 13:23   --------   d-----w-   c:\programdata\Skype
2009-08-17 02:00 . 2009-08-17 02:00   --------   d-----w-   C:\3bbe6717ca6d1900a71ebc4f
2009-08-16 23:34 . 2009-04-30 12:37   428544   ----a-w-   c:\windows\system32\EncDec.dll
2009-08-16 23:34 . 2009-04-30 12:37   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2009-08-16 23:33 . 2008-06-26 01:45   12240896   ----a-w-   c:\windows\system32\NlsLexicons0007.dll
2009-08-16 23:33 . 2008-06-26 01:45   2644480   ----a-w-   c:\windows\system32\NlsLexicons0009.dll
2009-08-16 23:33 . 2008-06-26 03:29   801280   ----a-w-   c:\windows\system32\NaturalLanguage6.dll
2009-08-16 07:45 . 2009-08-16 07:45   --------   d-----w-   c:\programdata\LightScribe
2009-08-14 09:11 . 2008-06-20 01:14   97800   ----a-w-   c:\windows\system32\infocardapi.dll
2009-08-14 09:11 . 2008-06-20 01:14   105016   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-14 09:11 . 2008-06-20 01:14   622080   ----a-w-   c:\windows\system32\icardagt.exe
2009-08-14 09:11 . 2008-06-20 01:14   43544   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2009-08-14 09:11 . 2008-06-20 01:14   11264   ----a-w-   c:\windows\system32\icardres.dll
2009-08-14 09:10 . 2008-06-20 01:14   781344   ----a-w-   c:\windows\system32\PresentationNative_v0300.dll
2009-08-14 09:10 . 2008-06-20 01:14   326160   ----a-w-   c:\windows\system32\PresentationHost.exe
2009-08-13 23:10 . 2009-09-04 12:55   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\COWON
2009-08-13 13:32 . 2008-07-22 14:33   319000   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-08-13 10:39 . 2009-08-13 10:39   --------   d-----w-   c:\programdata\HPSSUPPLY
2009-08-13 10:39 . 2009-08-13 10:39   --------   d-----w-   c:\program files\HP
2009-08-13 10:33 . 2009-08-13 10:39   --------   d--h--w-   c:\program files\Avago-HP
2009-08-13 10:32 . 2009-08-13 10:32   --------   d-sh--w-   c:\windows\ftpcache
2009-08-12 21:53 . 2007-05-16 15:45   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2009-08-12 21:53 . 2006-09-28 15:05   2414360   ----a-w-   c:\windows\system32\d3dx9_31.dll
2009-08-12 21:53 . 2009-08-12 21:53   --------   d-----w-   c:\programdata\Media Center Programs
2009-08-12 21:53 . 2009-08-12 21:53   278728   ----a-w-   c:\windows\system32\drivers\atksgt.sys
2009-08-12 21:53 . 2009-08-12 21:53   25416   ----a-w-   c:\windows\system32\drivers\lirsgt.sys
2009-08-12 21:46 . 2009-08-31 15:49   --------   d-----w-   c:\program files\Ubisoft
2009-08-12 17:26 . 2009-08-12 17:26   --------   d-----w-   c:\program files\GSC Game World
2009-08-12 17:18 . 2009-08-12 17:18   --------   d-----w-   c:\users\Pan Piotr\AppData\Roaming\VSRevoGroup
2009-08-12 17:10 . 2009-08-12 17:11   --------   d-----w-   c:\program files\PowerISO
2009-08-12 16:50 . 2009-08-18 13:37   --------   d-----w-   c:\programdata\ALLPlayer
2009-08-12 16:50 . 2009-05-29 21:31   881664   ----a-w-   c:\windows\system32\xvidcore.dll
2009-08-12 16:50 . 2007-07-05 03:33   892928   ----a-w-   c:\windows\system32\iconv.dll
2009-08-12 16:50 . 2009-08-18 13:43   --------   d-----w-   c:\program files\ALLPlayer
2009-08-12 16:48 . 2009-08-12 16:48   --------   d-----w-   c:\program files\CCleaner
2009-08-12 16:09 . 2009-08-12 16:09   0   ----a-w-   c:\windows\nsreg.dat
2009-08-12 16:08 . 2009-08-12 16:08   --------   d-----w-   c:\users\Pan Piotr\AppData\Local\Mozilla
2009-08-12 16:08 . 2009-08-12 16:08   --------   d-----w-   c:\programdata\DAEMON Tools Lite
2009-08-12 16:08 . 2009-08-12 16:08   --------   d-----w-   c:\program files\DAEMON Tools Toolbar
2009-08-12 16:08 . 2009-08-12 16:08   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-08-12 15:00 . 2009-08-12 15:00   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 16:45 . 2009-08-24 07:23   28219   ----a-w-   c:\programdata\nvModes.dat
2009-09-07 15:25 . 2009-08-12 12:59   1356   ----a-w-   c:\users\Pan Piotr\AppData\Local\d3d9caps.dat
2009-09-07 14:17 . 2009-08-12 12:59   60224   ----a-w-   c:\users\Pan Piotr\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 12:19 . 2009-08-31 12:19   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-24 12:23 . 2009-08-24 12:23   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-17 09:01 . 2008-01-21 06:24   653534   ----a-w-   c:\windows\system32\perfh015.dat
2009-08-17 09:01 . 2008-01-21 06:24   126792   ----a-w-   c:\windows\system32\perfc015.dat
2009-08-13 18:54 . 2009-08-13 18:54   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-12 15:05 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-08-12 13:16 . 2009-08-12 13:16   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
2009-08-12 13:09 . 2009-08-12 13:09   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-12 13:06 . 2009-08-12 13:06   319456   ----a-w-   c:\windows\DIFxAPI.dll
2009-08-12 13:06 . 2009-08-12 13:06   --------   d-----w-   c:\program files\Realtek
2009-08-12 13:06 . 2009-08-12 13:06   315392   ----a-w-   c:\windows\HideWin.exe
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Ulubione
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Szablony
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Pulpit
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Menu Start
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Dokumenty
2009-08-12 12:57 . 2009-08-12 12:57   --------   d-sh--we   c:\programdata\Dane aplikacji
2009-07-27 02:43 . 2009-07-27 02:43   58908   ----a-w-   c:\windows\system32\drivers\scdemu.sys
2009-07-21 21:52 . 2009-08-16 07:34   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-16 07:34   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-16 07:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-16 07:34   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 14:43   71680   ----a-w-   c:\windows\system32\atl.dll
2009-07-14 10:59 . 2009-08-12 14:44   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2009-06-26 21:55 . 2009-06-26 21:55   66080   ----a-w-   c:\windows\system32\drivers\nvhda32v.sys
2009-06-26 21:54 . 2009-06-26 21:54   57344   ----a-w-   c:\windows\system32\nvapo32v.dll
2009-06-26 21:54 . 2009-06-26 21:54   19456   ----a-w-   c:\windows\system32\nvhdap32.dll
2009-06-24 21:07 . 2008-08-02 00:46   151552   ----a-w-   c:\windows\system32\nvcohda.dll
2009-06-24 21:07 . 2009-06-24 21:07   485920   ----a-w-   c:\windows\system32\nvuhda.exe
2009-06-15 15:24 . 2009-08-12 14:43   156672   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-12 14:43   72704   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-12 14:43   10240   ----a-w-   c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-12 14:43   289792   ----a-w-   c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-12 14:43   160256   ----a-w-   c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-12 14:44   91136   ----a-w-   c:\windows\system32\avifil32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1604F15C-408F-421C-AF37-3392647B9867}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8AECEFC6-7A68-4EA6-8A17-27713916515E}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C5D4AF35-D042-4C13-88FB-4ED02709940A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F924C05F-2C08-4C78-B90F-6E00FC3D7C1A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7DBEC0CD-D914-4765-9E6A-4DE6A5D8A877}"= UDP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{7737DF77-0A9C-4687-B09F-E056CB7186F8}"= TCP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{F1172E03-7D1C-4CFE-9CB9-F2888CE235E3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{59E602F8-6329-4417-8415-814C19E1D046}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"TCP Query User{C4EA457E-756F-4AF0-8C36-0F5EE30D2337}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{08B4B928-DAA8-49FC-8DFF-26B2D0276145}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"TCP Query User{868960FC-7E12-4EB9-BDAD-AC7D3DC03595}c:\\program files\\metin2_pl\\metin2.bin"= UDP:c:\program files\metin2_pl\metin2.bin:metin2.bin
"UDP Query User{2841851D-A42A-4DEA-93D4-C33453456CF0}c:\\program files\\metin2_pl\\metin2.bin"= TCP:c:\program files\metin2_pl\metin2.bin:metin2.bin
"{1286663B-2DCD-4FBA-A5DF-C06D7B5215F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{069D9B65-53CD-4BF8-950D-DC20CE842AC9}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{84514C2A-6B53-46B1-8DB2-BE920B66E599}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{AF1EC650-6CBB-463C-8FFA-F0510C991392}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{C4B59E86-AA35-481A-A38A-0571EFC893A2}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{B35FA8D2-7EB8-4AE3-800D-5E93C095FFDE}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3F6003BA-7A65-4C6B-8720-EFC4A4A379CA}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{4808162A-1102-4AE3-8D89-21F2DBECC65B}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{55F312F6-2A2D-413A-9D16-6A32F2264B84}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-08-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-08-05 74480]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-08-24 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-24 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-08-24 434945]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2009-08-12 13312]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI46F5.tmp [2009-09-03 189696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [2009-08-12 242560]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\System32\drivers\eusk2par.sys [2009-09-02 24786]
S2 ACDaemonAeLookupSvc;ArcSoft Connect Daemon ACDaemonAeLookupSvc;c:\windows\TEMP\ufqbimnsid.exe service --> c:\windows\TEMP\ufqbimnsid.exe service [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-08-24 38160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Pan Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\0vumbisv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 17:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\PANPIO~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI46F5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,47,2f,d6,55,90,
   c0,3b,cf,c8,28,51,af,b0,29,a3,98,04,91,f0,39,9e,18,bf,f1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,45,6b,cb,a3,bc,
   00,a0,c0,71,3b,04,66,8b,46,0d,96,1d,ee,c8,70,a9,46,9b,c0,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f3,c3,44,20,71,
   e1,b4,6f,25,da,ec,7e,55,20,c9,26,8d,eb,68,5d,9d,58,62,5e,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,24,77,7e,ec,b6,
   ef,5f,07,3e,1e,9e,e0,57,5a,93,61,08,b0,49,1f,2d,d8,a1,cd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,13,bd,e9,08,
   53,33,93,cd,44,cd,b9,a6,33,6c,cd,90,20,aa,93,f6,6c,56,1b,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f6,36,76,d6,83,
   92,59,48,b0,18,ed,a7,3f,8d,37,a4,87,43,32,0d,6a,2b,6d,3b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b8,66,9d,2c,39,
   b4,e3,1f,31,77,e1,ba,b1,f8,68,02,02,df,0c,be,c2,ce,d9,47,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e9,96,8c,05,41,
   1f,d4,27,83,6c,56,8b,a0,85,96,ab,60,0a,0a,84,1c,6d,41,f4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,16,83,b0,6a,d9,
   62,2d,6a,51,fa,6e,91,28,9e,14,cc,f7,87,88,25,4e,d8,0d,ca,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,eb,10,f2,97,f1,
   f5,98,ba,b1,cd,45,5a,a8,c4,f8,b9,3b,7f,8c,27,34,b7,ae,42,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b1,6c,1c,7b,53,
   28,68,70,e3,0e,66,d5,eb,bc,2f,6b,aa,5b,75,b9,82,a2,85,82,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,83,3f,05,5b,75,
   d1,de,8f,fa,ea,66,7f,d4,3b,6b,70,8f,54,44,a1,9e,e8,d7,71,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\System32\rundll32.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-07 17:49 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-07 16:49

Pre-Run: 105 716 297 728 bajtów wolnych
Post-Run: 105 792 802 816 bajtów wolnych

372   --- E O F ---   2009-09-04 07:56


Dodano Dzisiaj, 20:32:
Dziekuje za "superporade"

naprawde "dobre" forum hihihihi