Bizz / 8 lat, 11 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
ComboFix 09-03-23.01 - BizZ 2009-03-25 13:26:41.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.2047.1204 [GMT 0:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt.txt
AV: avast! antivirus 4.8.1229 [VPS 090106-1] *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((   Files Created from 2009-02-25 to 2009-03-25  )))))))))))))))))))))))))))))))
.

2009-03-25 06:09 . 2009-03-25 09:40	45,036	--a------	c:\windows\System32\ovfsthlog.dat
2009-03-25 02:21 . 2009-03-25 02:23	<DIR>	d--------	c:\users\BizZ\DoctorWeb
2009-03-25 02:08 . 2009-03-25 02:08	146,004,094	--a------	c:\windows\MEMORY.DMP
2009-03-25 01:56 . 2009-03-25 01:56	1,905	--a------	c:\windows\diagwrn.xml
2009-03-25 01:56 . 2009-03-25 01:56	1,905	--a------	c:\windows\diagerr.xml
2009-03-24 21:39 . 2009-03-24 21:39	<DIR>	d--------	c:\program files\Trend Micro
2009-03-24 20:41 . 2009-03-24 20:41	36,352	--a------	c:\windows\System32\gldx.exe
2009-03-24 13:51 . 2009-03-24 13:51	<DIR>	d--------	c:\program files\3wPlayer
2009-03-24 01:13 . 2009-03-24 01:13	0	--a------	C:\sat96BB.tmp
2009-03-23 23:02 . 2009-03-23 23:02	0	--a------	c:\windows\System32\drivers\ovfsth.sys
2009-03-23 22:53 . 2009-03-23 22:53	32	--a------	c:\users\BizZ\AppData\Roaming\__t.bin
2009-03-23 21:03 . 2009-03-23 22:54	<DIR>	d--------	c:\users\BizZ\AppData\Roaming\_e9d192c32feb8940583a8d7a399a3ff5
2009-03-23 21:03 . 2009-03-21 02:43	921,391	--a------	c:\users\BizZ\AppData\Roaming\svchost.exe
2009-03-23 21:02 . 2009-03-25 02:09	43	--a------	c:\windows\System32\ovfsthnaculpgcnqvpvswvpxgrahvjseackgrr.dat
2009-03-23 21:01 . 2009-03-25 02:09	32,557	--a------	c:\windows\System32\ovfsthfbgpmqsvrvfmjrhofvntjbfbpdowskrq.dat
2009-03-23 13:26 . 2008-08-28 03:40	712,704	--a------	c:\windows\System32\WindowsCodecs.dll
2009-03-23 13:26 . 2008-12-05 04:32	428,544	--a------	c:\windows\System32\EncDec.dll
2009-03-23 13:26 . 2008-08-28 03:40	425,472	--a------	c:\windows\System32\PhotoMetadataHandler.dll
2009-03-23 13:26 . 2008-08-28 03:40	347,136	--a------	c:\windows\System32\WindowsCodecsExt.dll
2009-03-23 13:26 . 2008-12-05 04:32	293,376	--a------	c:\windows\System32\psisdecd.dll
2009-03-23 13:26 . 2008-10-22 03:57	241,152	--a------	c:\windows\System32\PortableDeviceApi.dll
2009-03-23 13:26 . 2008-12-05 04:31	217,088	--a------	c:\windows\System32\psisrndr.ax
2009-03-23 13:26 . 2008-12-05 04:31	177,664	--a------	c:\windows\System32\mpg2splt.ax
2009-03-23 13:26 . 2008-09-18 04:56	147,456	--a------	c:\windows\System32\Faultrep.dll
2009-03-23 13:26 . 2008-09-18 04:56	125,952	--a------	c:\windows\System32\wersvc.dll
2009-03-23 13:26 . 2008-12-05 04:31	80,896	--a------	c:\windows\System32\MSNP.ax
2009-03-23 13:26 . 2008-04-23 04:41	57,856	--a------	c:\windows\System32\MSDvbNP.ax
2009-03-23 13:25 . 2008-10-21 05:25	1,645,568	--a------	c:\windows\System32\connect.dll
2009-03-18 01:51 . 2009-03-18 01:51	<DIR>	d--------	c:\users\BizZ\AppData\Roaming\MessengerGadget
2009-03-10 22:56 . 2008-12-16 03:29	8,147,456	--a------	c:\windows\System32\wmploc.DLL
2009-03-10 22:56 . 2009-02-09 03:10	2,033,152	--a------	c:\windows\System32\win32k.sys
2009-03-10 22:56 . 2008-11-27 04:43	268,288	--a------	c:\windows\System32\schannel.dll
2009-03-10 22:56 . 2008-12-16 05:31	7,680	--a------	c:\windows\System32\spwmp.dll
2009-03-10 22:56 . 2008-12-16 05:31	4,096	--a------	c:\windows\System32\msdxm.ocx
2009-03-10 22:56 . 2008-12-16 05:31	4,096	--a------	c:\windows\System32\dxmasf.dll
2009-03-08 21:13 . 2009-03-08 21:14	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-03-08 21:13 . 2008-09-24 18:41	839,680	--a------	c:\windows\System32\lameACM.acm
2009-03-08 21:13 . 2008-12-07 18:08	795,648	--a------	c:\windows\System32\xvidcore.dll
2009-03-08 21:13 . 2004-01-25 16:18	217,088	--a------	c:\windows\System32\yv12vfw.dll
2009-03-08 21:13 . 2008-09-16 19:23	168,448	--a------	c:\windows\System32\unrar.dll
2009-03-08 21:13 . 2008-12-07 18:08	130,048	--a------	c:\windows\System32\xvidvfw.dll
2009-03-08 21:13 . 2007-09-21 00:52	118,784	--a------	c:\windows\System32\ac3acm.acm
2009-03-08 21:13 . 2009-02-09 18:56	67,584	--a------	c:\windows\System32\ff_vfw.dll
2009-03-08 21:13 . 2007-07-10 16:10	547	--a------	c:\windows\System32\ff_vfw.dll.manifest
2009-03-08 21:13 . 2008-10-03 12:30	414	--a------	c:\windows\System32\lame_acm.xml
2009-03-07 04:18 . 2002-07-07 22:14	1,294,336	--a------	c:\windows\System32\vorbis.acm
2009-03-06 01:05 . 2009-03-06 01:05	<DIR>	d--------	c:\users\BizZ\AppData\Roaming\Codemasters
2009-03-06 00:36 . 2009-03-06 00:36	<DIR>	d--------	c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2009-03-05 20:12 . 2009-03-05 20:12	<DIR>	d--------	c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-03-05 20:12 . 2009-03-05 20:12	<DIR>	d--------	c:\users\All Users\THQ
2009-03-05 20:12 . 2009-03-05 20:12	<DIR>	d--------	c:\programdata\THQ
2009-03-05 12:20 . 2009-03-05 12:20	<DIR>	d--------	c:\program files\Java
2009-03-04 20:52 . 2009-03-06 02:10	<DIR>	d--------	c:\users\All Users\Test Drive Unlimited
2009-03-04 20:52 . 2009-03-06 02:10	<DIR>	d--------	c:\programdata\Test Drive Unlimited
2009-03-02 01:31 . 2009-03-02 01:31	<DIR>	d--------	c:\windows\System32\RTCOM
2009-03-02 01:30 . 2009-03-02 01:30	<DIR>	d--------	c:\program files\Realtek
2009-02-26 01:26 . 2009-02-26 01:26	272	--a------	c:\windows\game.ini
2009-02-26 00:21 . 2009-02-26 00:21	<DIR>	d--hs----	c:\windows\ftpcache
2009-02-25 20:24 . 2009-02-25 20:24	<DIR>	d--------	c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 13:18	---------	d-----w	c:\users\BizZ\AppData\Roaming\Skype
2009-03-25 13:01	---------	d-----w	c:\users\BizZ\AppData\Roaming\skypePM
2009-03-24 23:25	---------	d-----w	c:\program files\Opera
2009-03-24 13:44	---------	d-----w	c:\programdata\NVIDIA
2009-03-23 14:03	---------	d-----w	c:\program files\Windows Mail
2009-03-18 23:50	---------	d-----w	c:\program files\VirtualDJ
2009-03-18 01:34	---------	d-----w	c:\program files\MyPortal
2009-03-17 19:20	139,112	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2009-03-17 19:19	202,144	----a-w	c:\windows\System32\PnkBstrB.exe
2009-03-15 20:15	---------	d---a-w	c:\programdata\TEMP
2009-03-09 03:27	---------	d-----w	c:\program files\DivX
2009-03-07 04:24	---------	d-----w	c:\program files\VstPlugins
2009-03-07 04:24	---------	d-----w	c:\program files\Image-Line
2009-03-06 11:49	---------	d-----w	c:\users\BizZ\AppData\Roaming\InstallShield
2009-03-06 00:36	---------	d-----w	c:\programdata\Media Center Programs
2009-03-06 00:36	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-03-06 00:31	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-05 21:09	66,872	----a-w	c:\windows\System32\PnkBstrA.exe
2009-03-05 21:09	22,328	----a-w	c:\users\BizZ\AppData\Roaming\PnkBstrK.sys
2009-03-05 21:09	2,506,752	----a-w	c:\windows\System32\pbsvc.exe
2009-03-05 12:20	410,984	----a-w	c:\windows\System32\deploytk.dll
2009-03-05 00:31	---------	d-----w	c:\program files\ElcomSoft
2009-03-05 00:27	---------	d-----w	c:\program files\Nowe Gadu-Gadu
2009-03-02 01:32	---------	d--h--w	c:\program files\Temp
2009-03-02 01:30	319,456	----a-w	c:\windows\DIFxAPI.dll
2009-02-24 20:08	---------	d-----w	c:\program files\Common Files\Steam
2009-02-23 11:15	---------	d-----w	c:\users\BizZ\AppData\Roaming\Nokia
2009-02-22 23:48	0	---ha-w	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-02-22 23:48	---------	d-----w	c:\users\BizZ\AppData\Roaming\PC Suite
2009-02-22 23:48	---------	d-----w	c:\programdata\PC Suite
2009-02-22 23:47	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-22 23:41	---------	d-----w	c:\program files\Common Files\PCSuite
2009-02-22 23:40	---------	d-----w	c:\program files\PC Connectivity Solution
2009-02-22 23:40	---------	d-----w	c:\program files\Nokia
2009-02-22 23:40	---------	d-----w	c:\program files\DIFX
2009-02-22 23:40	---------	d-----w	c:\program files\Common Files\Nokia
2009-02-22 23:29	---------	d-----w	c:\programdata\Installations
2009-02-22 23:25	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-18 18:40	998,432	----a-w	c:\windows\System32\RtkPgExt.dll
2009-02-18 18:40	45,600	----a-w	c:\windows\System32\RtkCoInst.dll
2009-02-18 18:40	326,176	----a-w	c:\windows\System32\RtkApoApi.dll
2009-02-18 18:40	2,523,680	----a-w	c:\windows\System32\RtkAPO.dll
2009-02-18 18:30	2,323,680	----a-w	c:\windows\system32\drivers\RTKVHDA.sys
2009-02-18 17:02	---------	d-----w	c:\users\BizZ\AppData\Roaming\Leadertech
2009-02-18 00:10	---------	d-----w	c:\programdata\MumboJumbo
2009-02-17 18:28	---------	d-----w	c:\users\BizZ\AppData\Roaming\Winamp
2009-02-17 18:13	---------	d-----w	c:\program files\BoontyGames
2009-02-17 18:07	---------	d-----w	c:\program files\AGEIA Technologies
2009-02-17 18:00	---------	d-----w	c:\users\BizZ\AppData\Roaming\GameHouse
2009-02-17 18:00	---------	d-----w	c:\program files\Google
2009-02-17 18:00	---------	d-----w	c:\program files\GameHouse
2009-02-13 17:30	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-02-12 20:24	282,112	----a-w	c:\windows\System32\RTPCEE32.dll
2009-02-12 17:39	---------	d-----w	c:\program files\OpenAL
2009-02-12 16:52	159,232	----a-w	c:\windows\System32\FMAPO.dll
2009-02-09 22:06	---------	d--h--r	c:\users\BizZ\AppData\Roaming\SecuROM
2009-02-09 16:19	---------	d-----w	c:\users\BizZ\AppData\Roaming\Nowe Gadu-Gadu
2009-02-09 15:59	---------	d-----w	c:\program files\Gadu-Gadu
2009-02-09 15:47	---------	d-----w	c:\users\BizZ\AppData\Roaming\Orbit
2009-02-09 03:04	---------	d-----w	c:\program files\Native Instruments
2009-02-08 00:38	---------	d-----w	c:\program files\Common Files\Adobe AIR
2009-02-08 00:37	---------	d-----w	c:\program files\Common Files\Adobe
2009-02-06 18:52	49,504	----a-w	c:\windows\System32\sirenacm.dll
2009-02-05 21:06	51,792	----a-w	c:\windows\system32\drivers\aswMonFlt.sys
2009-02-03 21:17	---------	d-----w	c:\programdata\Skype
2009-02-03 21:17	---------	d-----w	c:\program files\Common Files\Skype
2009-02-03 21:17	---------	d-----r	c:\program files\Skype
2009-02-02 12:34	---------	d-----w	c:\program files\SubEdit-Player
2009-02-02 12:32	---------	d-----w	c:\program files\Real Alternative
2009-02-02 10:25	---------	d-----w	c:\users\BizZ\AppData\Roaming\DAEMON Tools Pro
2009-02-01 19:47	---------	d-----w	c:\users\BizZ\AppData\Roaming\InterTrust
2009-02-01 19:31	---------	d-----w	c:\users\BizZ\AppData\Roaming\DAEMON Tools Lite
2009-02-01 19:31	---------	d-----w	c:\users\BizZ\AppData\Roaming\DAEMON Tools
2009-02-01 19:29	---------	d-----w	c:\programdata\DAEMON Tools Lite
2009-02-01 19:29	---------	d-----w	c:\program files\DAEMON Tools Toolbar
2009-02-01 19:29	---------	d-----w	c:\program files\DAEMON Tools Lite
2009-02-01 19:09	717,296	----a-w	c:\windows\system32\drivers\sptd.sys
2009-01-17 17:32	60,167,392	----a-w	c:\windows\System32\xa12407633.exe
2009-01-17 17:32	60,167,392	----a-w	c:\windows\System32\xa12402469.exe
2009-01-16 18:24	70,936	----a-w	c:\windows\System32\PhysXLoader.dll
2009-01-15 06:11	827,392	----a-w	c:\windows\System32\wininet.dll
2009-01-15 02:49	135,168	----a-w	c:\windows\System32\nvcod137.dll
2009-01-13 16:02	107,888	----a-w	c:\windows\System32\CmdLineExt.dll
2009-01-07 22:46	444,952	----a-w	c:\windows\System32\wrap_oal.dll
2009-01-07 22:46	109,080	----a-w	c:\windows\System32\OpenAL32.dll
2009-01-07 11:28	453,152	----a-w	c:\windows\System32\NVUNINST.EXE
2009-01-06 19:05	174	--sha-w	c:\program files\desktop.ini
2009-01-06 18:46	82,432	----a-w	c:\windows\System32\axaltocm.dll
2009-01-06 18:46	101,888	----a-w	c:\windows\System32\ifxcardm.dll
2009-01-06 18:15	47,560	----a-w	c:\windows\System32\SPReview.exe
2009-01-06 18:15	152,576	----a-w	c:\windows\System32\SPWizUI.dll
2009-01-06 17:40	84,480	----a-w	c:\windows\System32\INETRES.dll
2009-01-06 17:40	738,304	----a-w	c:\windows\System32\inetcomm.dll
2009-01-06 16:41	61,440	----a-w	c:\windows\System32\winipsec.dll
2009-01-06 16:41	361,984	----a-w	c:\windows\System32\IPSECSVC.DLL
2009-01-06 16:41	28,672	----a-w	c:\windows\System32\FwRemoteSvr.dll
2009-01-06 16:41	272,896	----a-w	c:\windows\System32\polstore.dll
2009-01-06 16:37	296,960	----a-w	c:\windows\System32\gdi32.dll
2009-01-06 16:33	541,696	----a-w	c:\windows\AppPatch\AcLayers.dll
2009-01-06 16:33	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BitComet"="d:\programy\BitLord\BitLord.exe" [2005-05-07 2224128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]
"*ctfmon32"="c:\users\BizZ\AppData\Roaming\svchost.exe" [2009-03-21 921391]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{004A674C-ED6F-4939-B764-E94E86D087EF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6BE5BD06-45E5-4981-9B0B-C45BD19A5CB7}d:\\programy\\bitlord\\bitlord.exe"= UDP:d:\programy\bitlord\bitlord.exe:BitLord
"UDP Query User{38C2347E-90F5-46C7-80AD-3FEE3099EFC4}d:\\programy\\bitlord\\bitlord.exe"= TCP:d:\programy\bitlord\bitlord.exe:BitLord
"TCP Query User{15457634-AD68-4434-B737-F7734DDA55FB}d:\\gry\\tdu\\testdriveunlimited.exe"= UDP:d:\gry\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{1A267EC1-49A5-40DC-BB20-BAA4706A1F6E}d:\\gry\\tdu\\testdriveunlimited.exe"= TCP:d:\gry\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{2C5B4350-0AF9-46DE-99F2-46149118C450}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A15B2208-07BC-43DC-B800-B86AF80392DB}d:\\gry\\grid\\grid.exe"= UDP:d:\gry\grid\grid.exe:GRID Executable
"UDP Query User{CA742269-2801-4158-A0DB-BF071A345B02}d:\\gry\\grid\\grid.exe"= TCP:d:\gry\grid\grid.exe:GRID Executable
"TCP Query User{A3956B0D-754A-469E-AFF0-782CC15E04D9}d:\\gry\\left 4 dead\\left4dead.exe"= UDP:d:\gry\left 4 dead\left4dead.exe:left4dead
"UDP Query User{E3D08665-0282-4415-98F4-F9CBA0D76BAA}d:\\gry\\left 4 dead\\left4dead.exe"= TCP:d:\gry\left 4 dead\left4dead.exe:left4dead
"{2E5F1D55-33F6-4874-AE02-F7E3D4293915}"= UDP:d:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{170435F1-1DD1-4B3B-BEB9-379C2013CE9E}"= TCP:d:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{5B85C9A9-AFE5-4516-BDC9-C3528650C102}d:\\gry\\gta iv\\grand theft auto iv\\gtaiv.exe"= UDP:d:\gry\gta iv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{FBC5691B-1478-4EF1-AA0C-102B20C7EB3E}d:\\gry\\gta iv\\grand theft auto iv\\gtaiv.exe"= TCP:d:\gry\gta iv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{B01CC224-19EA-47C7-A869-BFF96E340980}d:\\gry\\saints row 2\\sr2_pc.exe"= UDP:d:\gry\saints row 2\sr2_pc.exe:SR2_pc
"UDP Query User{51AF6DC3-4834-4931-AFB0-2035F1ACADE0}d:\\gry\\saints row 2\\sr2_pc.exe"= TCP:d:\gry\saints row 2\sr2_pc.exe:SR2_pc
"TCP Query User{A0BE8F8D-14D0-4D7A-B6BB-01DE4F58FCCE}d:\\gry\\tmunitedforever\\tmforever.exe"= UDP:d:\gry\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{07807FB1-C4B6-41BD-913D-B90FAE568029}d:\\gry\\tmunitedforever\\tmforever.exe"= TCP:d:\gry\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{0ABE9D56-75D7-4411-A1F1-33B4AB895685}d:\\gry\\dead space\\dead space.exe"= UDP:d:\gry\dead space\dead space.exe:Dead Space ™
"UDP Query User{49FD9565-F6EB-47B3-909F-5747B71DC479}d:\\gry\\dead space\\dead space.exe"= TCP:d:\gry\dead space\dead space.exe:Dead Space ™
"TCP Query User{13484DA5-E1F5-4928-A8F5-C7614C5E38D9}d:\\gry\\dirt\\dirt.exe"= UDP:d:\gry\dirt\dirt.exe:DiRT Executable
"UDP Query User{B70032A9-ECD5-4387-A934-B7A36FBBE38A}d:\\gry\\dirt\\dirt.exe"= TCP:d:\gry\dirt\dirt.exe:DiRT Executable
"{66E98348-0BE4-470F-A167-E1E44BABFA52}"= UDP:d:\gry\Burnout Paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{E400C420-8CD0-45C8-94EC-B9EB7702D539}"= TCP:d:\gry\Burnout Paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{9FE7C26E-6D50-4482-9824-F3CC188C0E15}"= UDP:d:\gry\Burnout Paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{7741E885-4A38-4458-B192-18BBF68CA25A}"= TCP:d:\gry\Burnout Paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{ED43A96A-7787-45F2-9815-948D30667562}"= UDP:d:\gry\Burnout Paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{B39B2D9F-5DF1-42B9-B2F9-0337F85C669A}"= TCP:d:\gry\Burnout Paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3B0765E9-047E-427A-A050-8A54DD8D6943}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D1921F2A-8A12-4BF2-A0A9-BE2B8917C158}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4291DC7B-DAB4-44F5-BF67-28797E1F71C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D725A8EB-46AD-46A1-A6AE-5857F459E969}d:\\gry\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\gry\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{BB548F19-222E-4F55-A718-8F0DF16A545B}d:\\gry\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\gry\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{54EBC9EE-596C-4E59-9387-3AB0A1D8413F}"= UDP:d:\gry\Flatout 3\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{D12D20CB-E593-4D98-A8C4-901E5904412E}"= TCP:d:\gry\Flatout 3\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"TCP Query User{19E11DF8-CB9E-4A3E-9C71-0D4D8839F270}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{DDA079F4-5634-4A5A-A17D-AEC0D5F77D40}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"{B6D4332E-3028-45A1-8D69-C9E65B48E5AD}"= UDP:d:\gry\HOV\Binaries\LTCG-HOVGame.exe:Hour of Victory
"{60A22880-6394-4B23-9F82-A1056CD90BBB}"= TCP:d:\gry\HOV\Binaries\LTCG-HOVGame.exe:Hour of Victory
"{A2EC5C2E-F0D7-4F17-8415-EE0226C61785}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{20F0C781-CB97-4D8D-9A26-696A8140DAFD}"= UDP:d:\gry\The Club\Launcher.exe:The Club Launcher
"{4898A812-7958-468B-ADB3-0625C63AB0BA}"= TCP:d:\gry\The Club\Launcher.exe:The Club Launcher
"{17D54FA3-3B07-443F-BDDF-592CB809F727}"= UDP:d:\gry\The Club\TheClub.exe:The Club
"{F16CDC2C-B7E6-481E-B7A9-AD4A737A37E7}"= TCP:d:\gry\The Club\TheClub.exe:The Club
"{233638D7-EB7E-476A-A1DD-7C22215913DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0E8C42FC-3ED1-4966-A3E1-CC9C2F9064EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F6413C6D-32BA-4141-86CB-467E8ED1D1D7}d:\\gry\\flatout uc\\flatout ultimate carnage\\fouc.exe"= UDP:d:\gry\flatout uc\flatout ultimate carnage\fouc.exe:FlatOut Ultimate Carnage
"UDP Query User{00171F9B-D615-490F-A891-1D5D6B883729}d:\\gry\\flatout uc\\flatout ultimate carnage\\fouc.exe"= TCP:d:\gry\flatout uc\flatout ultimate carnage\fouc.exe:FlatOut Ultimate Carnage
"{611025E7-4DEC-4A59-B24A-478CA2290A08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{677C43E5-2555-4749-A03A-5FAB97EC485D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{301A2DD2-0264-4594-AA92-F4BE6EC92ECE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1C7AC541-98FC-474F-8A75-1A7539DA619F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4288503-F053-418D-A1D2-7A040BA286A3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D75ED8D2-0755-4155-BE8E-9511046881EF}d:\\gry\\rockstar\\gta iv\\grand theft auto iv\\gtaiv.exe"= UDP:d:\gry\rockstar\gta iv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{096563F4-7CAA-4D25-B6AE-C640C4E954E4}d:\\gry\\rockstar\\gta iv\\grand theft auto iv\\gtaiv.exe"= TCP:d:\gry\rockstar\gta iv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{45F3B10F-95F7-4226-89DE-9EC2D8EA0010}"= UDP:d:\gry\Kane&Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{79475749-9A42-431C-9918-8A705722CBE9}"= TCP:d:\gry\Kane&Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{EBD59E08-A666-4048-8DD4-6B086D1DF1D5}"= UDP:d:\gry\FFOW\Binaries\FFOW.exe:Frontlines Game
"{0B45184B-6820-404A-9199-DE07D1424990}"= TCP:d:\gry\FFOW\Binaries\FFOW.exe:Frontlines Game
"{942BF07D-10CE-4E6E-84DE-07C4D9B19792}"= UDP:d:\gry\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{E85F781E-805A-4242-854B-4A2ABA6DF78C}"= TCP:d:\gry\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{1BADA1FF-837E-48A0-8A63-68FC9E5B86EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A67263F3-631A-4537-AE07-F51C2AC662E8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7739EF2B-AB88-4BFF-A235-9F7F915E0357}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{88D2991C-3C10-4C86-837A-CE40E07B7397}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5A12462C-206B-44CC-8C05-77D48FBAA4CB}c:\\program files\\virtualdj\\virtualdj.exe"= UDP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ
"UDP Query User{F64E2FB1-706B-4B6C-969F-ED7057A78767}c:\\program files\\virtualdj\\virtualdj.exe"= TCP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ
"{D39D2FCC-ADC5-407B-B3BC-DD710B941D96}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FAB3B0FD-E5C2-4588-B842-67B711FF3739}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C61182CA-3305-40F4-8345-2246E7BA4E9B}c:\\program files\\bearshare\\bearshare.exe"= Disabled:UDP:c:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{8CF0ECD7-1984-4ACC-8FB6-6F09C6254A74}c:\\program files\\bearshare\\bearshare.exe"= Disabled:TCP:c:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{ECA9DEEF-7C8C-4DAC-A83F-4A6B40EA5616}c:\\program files\\opera\\opera.exe"= Disabled:UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{EFCF8876-85AC-4EF3-9209-8E684FA2BF1C}c:\\program files\\opera\\opera.exe"= Disabled:TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{EDA7867D-6C92-4348-8AB4-8C7A179EF465}c:\\program files\\orbitdownloader\\orbitnet.exe"= Disabled:UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{4B02F068-767F-42F0-BFC0-D4668C18233C}c:\\program files\\orbitdownloader\\orbitnet.exe"= Disabled:TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{E2D69277-9B9D-4B23-824F-D3625245785E}"= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E58FFFDD-9F0F-4099-8905-F435E29C0ABD}"= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1B0DC2A6-F275-4553-B882-4B31F91C5D13}"= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EFB23BD6-1DE4-4296-B881-6CD47AFFADDD}"= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A8B7F30D-B8A9-410D-AFD2-000694590922}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{81909B8A-3708-4EED-BC7C-46DCF3E2AD07}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2701785A-B10B-4F90-8C5F-DBF0110E3101}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{366303A6-50AA-49A7-B63D-28EB55171026}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\BizZ\\AppData\\Roaming\\psvr32.exe"= c:\users\BizZ\AppData\Roaming\psvr32.exe:*:Enabled:WinSvrHost32

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-06 114768]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [2008-07-30 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-06 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-06 51792]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2008-09-09 48128]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 13:28:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\users\BizZ\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5828)
c:\progra~2\Stardock\XGF\XGFRuntimeServerDll.dll
.
Completion time: 2009-03-25 13:29:27
ComboFix-quarantined-files.txt  2009-03-25 13:29:24
ComboFix2.txt  2009-03-25 13:20:23

Pre-Run: 374,185,984 bajtów wolnych
Post-Run: 330,698,752 bajtów wolnych

328	--- E O F ---	2009-03-23 21:21:41