bardzo proszę o sprawdzenie loga

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 15:21

Komputer strasznie zwalnia. Nod i Avast wykrywają coś (raporty o trojanach), ale po usunięciu dalej tak jest. Czasem nie działają gry sieciowe. Ponadto mam 2 procesy w menadżerze zadań: watch.exe i wowexec.exe, których nie miałem wcześniej - jakieś 2 tygodnie temu. Bardzo proszę o pomoc. Z góry dziękuję.

Log:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 15:08:39, on 2007-04-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Deamon\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe D:\Downloads\Mozilla\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe D:\Downloads\From mozilla\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Dariusz\USTAWI~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 19:17

skasuj wpis:

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Dariusz\USTAWI~1\Temp\UIUCU.EXE -CLEAN_UP -S

sciagnij: ATF_Cleaner

http://www.atribune.org/ccount/click.php?id=1
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

potem nowy log z hijacka oraz silent runners

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 19:46

Gotowe.

Nowe log-i:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 19:33:54, on 2007-04-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Deamon\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\UAService7.exe D:\Downloads\Mozilla\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\WScript.exe D:\Downloads\From mozilla\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Silent:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "user32.dll" = "C:\Program Files\Video ActiveX Object\isamntr.exe" [file not found] "rare" = "C:\Program Files\Video ActiveX Object\pmsnrr.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SMSERIAL" = "sm56hlpr.exe" [file not found] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DAEMON Tools-1033" = ""C:\Program Files\Deamon\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Shell Extension" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] "{2F860D82-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Drag Drop Handler" -> {HKLM...CLSID} = "UltimateZip Drag Drop Handler" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshldr.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "load" = "c:\progra~1\Colins\watch.exe" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\P&P\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Monitor języka BJ\Driver = "CNBJMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 109 seconds. ---------- (total run time: 151 seconds)

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 19:49

uzyj smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 20:01

Odpaliłem program z 2 opcji, po czym pojawił się sam pulpit bez ikon i pasku "start". Przywróciłem wszystko. Co mam dalej robić?

Ps. Nie usunąłem wpisu w trybie awaryjnym tylko w normalnym:

skasuj wpis:
Cytat:

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Dariusz\USTAWI~1\Temp\UIUCU.EXE -CLEAN_UP -S

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 20:09

pokaz nowe logi z Silent runners i comboscana:

http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 20:19

Silent:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "user32.dll" = "C:\Program Files\Video ActiveX Object\isamntr.exe" [file not found] "rare" = "C:\Program Files\Video ActiveX Object\pmsnrr.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SMSERIAL" = "sm56hlpr.exe" [file not found] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DAEMON Tools-1033" = ""C:\Program Files\Deamon\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Shell Extension" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] "{2F860D82-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Drag Drop Handler" -> {HKLM...CLSID} = "UltimateZip Drag Drop Handler" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshldr.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "load" = "c:\progra~1\Colins\watch.exe" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\P&P\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Monitor języka BJ\Driver = "CNBJMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 91 seconds. ---------- (total run time: 127 seconds)

Comboscan:

Supplementary

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by P&P on 2007-04-15 at 20:04:34 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: AMD Athlon(TM) XP 2500+ Percentage of Memory in Use: 82% Physical Memory (total/avail): 511.53 MiB / 89.56 MiB Pagefile Memory (total/avail): 1250.02 MiB / 793.87 MiB Virtual Memory (total/avail): 2047.88 MiB / 1996.59 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 9.77 GiB total, 5.12 GiB free. D: is Fixed (NTFS) - 68.36 GiB total, 15.97 GiB free. E: is Fixed (NTFS) - 33.66 GiB total, 32.65 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is enabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\P&P\Dane aplikacji CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DOM ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\P&P LOGONSERVER=\\DOM NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\P&P\USTAWI~1\Temp TMP=C:\DOCUME~1\P&P\USTAWI~1\Temp USERDOMAIN=DOM USERNAME=P&P USERPROFILE=C:\Documents and Settings\P&P WINAMP_PROGRAM_DIR=C:\Program Files\Winamp windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Dariusz [I](admin)[/I] P&P [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- -- End of ComboScan: finished at 2007-04-15 at 20:05:24 ------------------------

ComboScan

[code]
ComboScan v20070306.20 run by P&P on 2007-04-15 at 20:04:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
22: 2007-04-15 18:04:38 UTC - RP22 - ComboScan Restore Point
21: 2007-04-14 08:05:29 UTC - RP21 - Punkt kontrolny systemu
20: 2007-04-12 19:51:55 UTC - RP20 - Punkt kontrolny systemu
19: 2007-04-11 19:34:16 UTC - RP19 - Software Distribution Service 2.0
18: 2007-04-09 14:19:48 UTC - RP18 - Installed DAEMON Tools

-- First Restore Point --
1: 2007-03-23 10:21:12 UTC - RP1 - Punkt kontrolny systemu

Performed disk cleanup.

-- HijackThis (run as P&P.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:04:53, on 2007-04-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Deamon\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
D:\Downloads\Mozilla\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Downloads\From mozilla\comboscan.exe
D:\DOWNLO~1\FROMMO~1\HIJACK~1\P&P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

-- HijackThis Fixed Entries (D:\DOWNLO~1\FROMMO~1\HIJACK~1\backups\) -----------

backup-20070415-192514-513 O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Dariusz\USTAWI~1\Temp\UIUCU.EXE -CLEAN_UP -S

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys
1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
3R FETNDIS (Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet) - C:\WINDOWS\system32\drivers\fetnd5.sys
3R HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys
1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys
3R Intels51 (Intel(R) 536EP V.92 Modem) - C:\WINDOWS\system32\drivers\Intels51.sys
3R MODEMCSA (Urządzenie filtru strumieniowego usługi Unimodem) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe
2R SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe

-- Files created between 2007-03-15 and 2007-04-15 -----------------------------

2007-04-15 19:42:49 2106 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-15 19:41:58 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-15 19:41:58 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-15 19:41:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-15 19:41:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-15 19:41:57 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-15 19:41:57 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-14 18:50:08 0 d-------- C:\Program Files\Audacity
2007-04-14 18:49:21 701 --a------ C:\WINDOWS\unins000.dat
2007-04-11 19:00:10 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-04-11 19:00:10 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-04-11 18:59:58 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-11 16:51:03 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-11 16:51:03 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-11 16:51:01 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-11 16:51:01 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-11 16:51:01 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-11 16:50:52 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-11 16:50:52 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-11 16:50:52 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-11 16:50:52 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-11 16:50:52 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-11 16:50:51 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-11 15:12:32 0 d-------- C:\Program Files\MW
2007-04-09 16:19:50 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-04-09 16:19:50 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-04-09 16:19:49 0 d-------- C:\Program Files\Deamon
2007-04-09 16:03:29 160768 --a------ C:\WINDOWS\system32\ILLKRN.DLL
2007-04-09 16:03:29 0 d-------- C:\Program Files\TEXTware
2007-04-09 16:03:29 0 d-------- C:\Program Files\IDM
2007-04-09 16:03:27 205312 --a------ C:\WINDOWS\system32\Illprs.dll
2007-04-09 16:03:05 86016 --a------ C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
2007-04-09 16:02:18 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-04-09 16:02:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-09 15:48:32 6464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-04-09 15:48:31 298880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-04-09 15:48:31 1984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-04-09 15:48:31 177216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-04-09 15:48:31 157696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-04-09 15:48:31 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-04-09 15:48:31 150976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-04-09 15:48:31 164832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-04-09 15:48:31 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-04-09 15:48:31 27026 --a------ C:\WINDOWS\system\OLE2.REG
2007-04-09 15:48:31 302592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-04-09 15:48:31 64080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-04-09 15:48:31 246928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-04-09 15:48:31 92576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-04-09 15:48:31 88896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-04-09 15:48:31 56240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-04-09 15:48:31 15936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-04-09 15:48:31 11232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-04-09 15:48:31 10304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-04-09 15:48:31 995056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-04-09 15:48:31 27632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-04-09 15:48:31 108544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-04-07 22:23:23 146976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-04-07 22:23:23 125856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-04-07 22:23:23 322384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-04-07 22:23:20 0 d-------- C:\Program Files\COLINS
2007-04-07 22:20:20 26768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-04-07 22:20:20 271248 --a------ C:\WINDOWS\ISUN16.EXE
2007-04-01 18:20:24 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-03-31 12:12:51 126976 --a------ C:\WINDOWS\system32\UAService7.exe<UASERV~1.EXE>
2007-03-31 12:12:51 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-03-30 10:54:52 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-29 18:53:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-29 18:52:02 0 d-------- C:\WINDOWS\Cache
2007-03-28 20:24:32 0 d-------- C:\Program Files\Common Files\Skype
2007-03-28 20:24:11 0 d-------- C:\Program Files\Skype
2007-03-28 18:23:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\UC.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\RAR.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\LHA.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\ARJ.PIF
2007-03-26 17:35:17 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-26 17:35:13 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-26 09:22:39 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-26 09:07:31 0 dr--s---- C:\WINDOWS\assembly
2007-03-26 09:07:30 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-03-26 09:07:29 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-26 09:03:58 0 d-------- C:\Program Files\Symantec
2007-03-26 09:03:58 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-26 08:59:41 16128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-03-26 08:58:57 633220 --a------ C:\WINDOWS\system32\drivers\Intels51.sys
2007-03-26 08:11:44 321024 --a------ C:\WINDOWS\IsUn0804.exe
2007-03-23 14:14:43 125184 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-23 14:14:43 5504 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-23 14:14:28 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-23 14:14:28 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-23 14:14:28 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-03-23 14:14:28 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-23 14:14:28 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-23 14:14:28 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-23 14:14:28 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-23 14:13:55 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-23 14:13:55 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-23 14:13:51 0 d-------- C:\Program Files\Ahead
2007-03-23 13:32:25 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-23 13:32:22 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-23 13:32:21 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-23 13:32:19 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-23 13:32:18 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-23 13:32:16 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-23 13:32:15 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-23 13:32:14 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-23 13:32:12 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-23 13:32:11 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-23 13:32:08 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-23 13:32:02 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 13:32:02 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-23 13:32:02 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-23 13:32:00 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2007-03-23 13:32:00 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll
2007-03-23 13:32:00 3744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-03-23 13:32:00 4816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-23 13:31:59 0 d-------- C:\WINDOWS\VirtualEar<VIRTUA~1>
2007-03-23 13:31:59 991232 --a------ C:\WINDOWS\system32\virtear.dll
2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll<SYNTHC~1.DLL>
2007-03-23 13:31:59 40820 --a------ C:\WINDOWS\system32\Syncor11.dll
2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\S11thk32.dll
2007-03-23 13:31:59 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-03-23 13:31:59 578368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\Audio3d.dll
2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-23 13:31:59 765952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-03-23 13:31:59 978944 --a------ C:\WINDOWS\SynthCoreA.Dll<SYNTHC~1.DLL>
2007-03-23 13:31:59 380928 --a------ C:\WINDOWS\SynCor.exe
2007-03-23 13:31:59 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-23 13:20:44 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-23 13:20:14 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-23 13:20:14 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-23 13:18:46 0 d-------- C:\Program Files\ACE Mega CoDecS Pack<ACEMEG~1>
2007-03-23 13:14:48 32128 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-03-23 13:14:08 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-23 13:05:51 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-23 13:05:28 46080 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-23 13:05:28 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-23 13:05:28 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-23 13:05:24 0 d-------- C:\Program Files\Winamp
2007-03-23 13:05:02 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-23 13:04:42 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-23 13:04:28 820224 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-23 13:04:28 448000 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-23 13:04:28 2285472 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-23 13:04:28 870784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-03-23 13:04:28 214528 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-23 13:04:28 249856 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-23 13:04:18 27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-23 13:04:16 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-23 13:03:06 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-23 13:03:05 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-23 13:03:03 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-23 13:03:02 0 dr------- C:\Program Files<PROGRA~1>
2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-23 13:02:59 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-23 13:02:56 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-23 13:02:56 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-23 13:02:52 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-23 13:02:51 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-23 13:02:51 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-23 13:02:51 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-23 13:02:51 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-23 13:02:51 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-23 13:02:51 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-23 13:02:51 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-23 13:02:50 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-23 13:02:50 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-23 13:02:50 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-23 13:02:50 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-23 13:02:49 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-23 13:02:48 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-23 13:02:48 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-23 13:02:48 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-23 13:02:48 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-23 13:02:47 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-23 13:02:47 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-23 13:02:47 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-23 13:02:46 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-23 13:02:46 70144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-23 13:01:57 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-23 13:01:57 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-23 13:01:25 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-03-23 12:58:46 0 d-------- C:\Program Files\UltimateZip<ULTIMA~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\WinSxS
2007-03-23 12:57:58 0 dr------- C:\WINDOWS\Web
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\twain_32
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wins
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wbem
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\usmt
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\spool
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\Setup
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ras
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\oobe
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\npp
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\mui
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\IME
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ias
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\export
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-23 12:57:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\config
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3076
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\2052
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1054
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1045
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1042
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1041
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1037
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1033
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1031
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1028
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1025
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\security
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\repair
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\PeerNet
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\pchealth
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\mui
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msapps
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msagent
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Media
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\java
2007-03-23 12:57:58 0 d--h----- C:\WINDOWS\inf
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ime
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Help
2007-03-23 12:57:58 0 dr--s---- C:\WINDOWS\Fonts
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ehome
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Debug
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Cursors
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Config
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\AppPatch
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\addins
2007-03-23 12:56:35 24816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-23 12:53:50 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-03-23 12:52:20 0 d-------- C:\WINDOWS\SHELLNEW
2007-03-23 12:40:52 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-23 12:40:44 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-23 12:40:31 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-23 12:40:29 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-23 12:39:46 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-23 12:39:36 0 d-------- C:\ATI
2007-03-23 12:38:25 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-23 12:38:25 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-23 12:38:25 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-23 12:35:40 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-23 12:35:39 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-23 12:35:38 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-23 12:19:53 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-23 12:19:07 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-23 12:19:06 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-23 12:18:44 0 d-------- C:\WINDOWS\Prefetch
2007-03-23 12:15:15 0 d-------- C:\WINDOWS\system32\xircom
2007-03-23 12:15:15 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-23 12:14:52 0 -rahs---- C:\MSDOS.SYS
2007-03-23 12:14:52 0 -rahs---- C:\IO.SYS
2007-03-23 12:14:52 0 --a------ C:\CONFIG.SYS
2007-03-23 12:14:52 0 --a------ C:\AUTOEXEC.BAT
2007-03-23 12:14:34 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-23 12:13:34 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-23 12:13:34 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-23 12:13:23 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-23 12:13:19 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-23 12:13:00 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-23 12:12:44 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-23 12:12:36 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-23 12:12:35 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-23 12:12:33 0 d---s---- C:\WINDOWS\Tasks
2007-03-23 12:12:33 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-23 12:12:32 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-23 12:12:29 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-23 12:12:29 0 d-------- C:\WINDOWS\srchasst
2007-03-23 12:12:26 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-23 12:12:25 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-23 12:12:25 128280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-23 12:12:25 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-23 12:12:25 195352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-23 12:12:25 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-23 12:12:25 175384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-23 12:12:24 125208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-23 12:12:24 466200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-23 12:12:24 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-23 12:12:24 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-23 12:12:24 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-23 12:12:24 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-23 12:12:21 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-23 12:12:18 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-23 12:12:18 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-23 12:12:15 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-23 12:12:15 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-23 12:12:15 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-23 12:12:15 0 d-------- C:\WINDOWS\system32\Restore
2007-03-23 12:12:15 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-23 12:12:15 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-23 12:12:15 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-23 12:12:15 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-23 12:12:14 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-23 12:12:14 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-23 12:12:14 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-23 12:12:14 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-23 12:12:08 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-23 12:12:08 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-23 12:12:07 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-23 12:12:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-23 12:12:06 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-23 12:12:06 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-23 12:12:06 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-23 12:12:05 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-23 12:12:05 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-23 12:12:05 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-23 12:12:05 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-23 12:11:28 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-23 12:11:12 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-23 12:10:59 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-23 12:10:56 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-23 12:10:56 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-23 12:10:48 139264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-23 12:10:48 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-23 12:10:48 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-23 12:10:48 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-23 12:10:48 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-23 12:10:47 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-23 12:10:42 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-23 12:10:42 57344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-23 12:10:42 128000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-23 12:10:42 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-23 12:10:42 80896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-23 12:10:42 115200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-23 12:10:41 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-23 12:10:41 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-23 12:10:41 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-23 12:10:41 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-23 12:10:41 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-23 12:10:41 22528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-23 12:10:41 17408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-23 12:10:41 55808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-23 12:10:40 22528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-23 12:10:40 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-23 12:10:39 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-23 12:10:39 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-23 12:10:39 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-23 12:10:39 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-23 12:10:39 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-23 12:10:39 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-23 12:10:39 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-23 12:10:34 132608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-23 12:10:34 345088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-23 12:10:34 124928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-23 12:10:34 351744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-23 12:10:34 187904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-23 12:10:34 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-23 12:10:33 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-23 12:10:33 539136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-23 12:10:33 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-23 12:10:33 408576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-23 12:10:33 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-23 12:10:33 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-23 12:10:33 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-23 12:10:33 103424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-23 12:10:32 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-23 12:10:32 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-23 12:10:32 141824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-23 12:10:32 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-23 12:10:32 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-23 12:10:32 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-23 12:10:32 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-23 12:10:32 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-23 12:10:32 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-23 12:10:32 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-23 12:10:32 20992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-23 12:10:32 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-23 12:10:32 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-23 12:10:31 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-23 12:10:31 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-23 12:10:31 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-23 12:10:31 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-23 12:10:31 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-23 12:10:31 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-23 12:10:31 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-23 12:10:31 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-23 12:10:30 0 d-------- C:\WINDOWS\system32\Com
2007-03-23 12:10:30 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-23 12:10:30 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-23 12:10:30 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-23 12:10:30 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-23 12:10:30 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-23 12:10:29 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-23 12:10:29 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-23 12:10:29 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-23 12:10:

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 20:28

wklej do notanika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"user32.dll"=-
"rare"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem nowy log z combo

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 20:33

Zrobione.

Był tylko jeden plik txt po Comboscanie:

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by P&P on 2007-04-15 at 20:20:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as P&P.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:20:20, on 2007-04-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Deamon\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.exe D:\Downloads\Mozilla\firefox.exe C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE D:\Downloads\From mozilla\comboscan.exe D:\DOWNLO~1\FROMMO~1\HIJACK~1\P&P.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- Files created between 2007-03-15 and 2007-04-15 ----------------------------- 2007-04-15 19:42:49 2106 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-15 19:41:58 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-15 19:41:58 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-04-15 19:41:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-15 19:41:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-04-15 19:41:57 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-15 19:41:57 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-14 18:50:08 0 d-------- C:\Program Files\Audacity 2007-04-14 18:49:21 701 --a------ C:\WINDOWS\unins000.dat 2007-04-11 19:00:10 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-04-11 19:00:10 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-04-11 18:59:58 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1> 2007-04-11 16:51:03 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-11 16:51:03 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-11 16:51:01 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-11 16:51:01 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-11 16:51:01 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-11 16:50:52 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-04-11 16:50:52 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-04-11 16:50:52 1060864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-11 16:50:52 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-11 16:50:52 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-11 16:50:51 0 d-------- C:\Program Files\Alwil Software<ALWILS~1> 2007-04-11 15:12:32 0 d-------- C:\Program Files\MW 2007-04-09 16:19:50 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-04-09 16:19:50 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-04-09 16:19:49 0 d-------- C:\Program Files\Deamon 2007-04-09 16:03:29 160768 --a------ C:\WINDOWS\system32\ILLKRN.DLL 2007-04-09 16:03:29 0 d-------- C:\Program Files\TEXTware 2007-04-09 16:03:29 0 d-------- C:\Program Files\IDM 2007-04-09 16:03:27 205312 --a------ C:\WINDOWS\system32\Illprs.dll 2007-04-09 16:03:05 86016 --a------ C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE> 2007-04-09 16:02:18 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1> 2007-04-09 16:02:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-04-09 15:48:32 6464 --a------ C:\WINDOWS\ODBCADM.EXE 2007-04-09 15:48:31 298880 --a------ C:\WINDOWS\system\VBAR2.DLL 2007-04-09 15:48:31 1984 --a------ C:\WINDOWS\system\VBAJET.DLL 2007-04-09 15:48:31 177216 --a------ C:\WINDOWS\system\TYPELIB.DLL 2007-04-09 15:48:31 157696 --a------ C:\WINDOWS\system\STORAGE.DLL 2007-04-09 15:48:31 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL 2007-04-09 15:48:31 150976 --a------ C:\WINDOWS\system\OLE2NLS.DLL 2007-04-09 15:48:31 164832 --a------ C:\WINDOWS\system\OLE2DISP.DLL 2007-04-09 15:48:31 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL 2007-04-09 15:48:31 27026 --a------ C:\WINDOWS\system\OLE2.REG 2007-04-09 15:48:31 302592 --a------ C:\WINDOWS\system\OLE2.DLL 2007-04-09 15:48:31 64080 --a------ C:\WINDOWS\system\ODBCTL16.DLL 2007-04-09 15:48:31 246928 --a------ C:\WINDOWS\system\ODBCJT16.DLL 2007-04-09 15:48:31 92576 --a------ C:\WINDOWS\system\ODBCINST.DLL 2007-04-09 15:48:31 88896 --a------ C:\WINDOWS\system\ODBCCURS.DLL 2007-04-09 15:48:31 56240 --a------ C:\WINDOWS\system\ODBC.DLL 2007-04-09 15:48:31 15936 --a------ C:\WINDOWS\system\MSJETINT.DLL 2007-04-09 15:48:31 11232 --a------ C:\WINDOWS\system\MSJETERR.DLL 2007-04-09 15:48:31 10304 --a------ C:\WINDOWS\system\MSCPXLT.DLL 2007-04-09 15:48:31 995056 --a------ C:\WINDOWS\system\MSAJT200.DLL 2007-04-09 15:48:31 27632 --a------ C:\WINDOWS\system\CTL3DV2.DLL 2007-04-09 15:48:31 108544 --a------ C:\WINDOWS\system\COMPOBJ.DLL 2007-04-07 22:23:23 146976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL 2007-04-07 22:23:23 125856 --a------ C:\WINDOWS\system\MFCO250.DLL 2007-04-07 22:23:23 322384 --a------ C:\WINDOWS\system\MFC250.DLL 2007-04-07 22:23:20 0 d-------- C:\Program Files\COLINS 2007-04-07 22:20:20 26768 --a------ C:\WINDOWS\system\CTL3D.DLL 2007-04-07 22:20:20 271248 --a------ C:\WINDOWS\ISUN16.EXE 2007-04-01 18:20:24 0 d-------- C:\Program Files\IrfanView<IRFANV~1> 2007-03-31 12:12:51 126976 --a------ C:\WINDOWS\system32\UAService7.exe<UASERV~1.EXE> 2007-03-31 12:12:51 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL> 2007-03-30 10:54:52 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2> 2007-03-29 18:53:33 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-29 18:52:02 0 d-------- C:\WINDOWS\Cache 2007-03-28 20:24:32 0 d-------- C:\Program Files\Common Files\Skype 2007-03-28 20:24:11 0 d-------- C:\Program Files\Skype 2007-03-28 18:23:35 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\UC.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\RAR.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\LHA.PIF 2007-03-26 21:53:47 545 --a------ C:\WINDOWS\ARJ.PIF 2007-03-26 17:35:17 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-03-26 17:35:13 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-03-26 09:22:39 0 d-------- C:\WINDOWS\system32\appmgmt 2007-03-26 09:07:31 0 dr--s---- C:\WINDOWS\assembly 2007-03-26 09:07:30 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET> 2007-03-26 09:07:29 0 d-------- C:\WINDOWS\system32\URTTemp 2007-03-26 09:03:58 0 d-------- C:\Program Files\Symantec 2007-03-26 09:03:58 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-03-26 08:59:41 16128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys 2007-03-26 08:58:57 633220 --a------ C:\WINDOWS\system32\drivers\Intels51.sys 2007-03-26 08:11:44 321024 --a------ C:\WINDOWS\IsUn0804.exe 2007-03-23 14:14:43 125184 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-03-23 14:14:43 5504 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-03-23 14:14:28 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll 2007-03-23 14:14:28 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-03-23 14:14:28 38912 -----n--- C:\WINDOWS\system32\picn20.dll 2007-03-23 14:14:28 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll 2007-03-23 14:14:28 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll 2007-03-23 14:14:28 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll 2007-03-23 14:14:28 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll 2007-03-23 14:13:55 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE> 2007-03-23 14:13:55 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-23 14:13:51 0 d-------- C:\Program Files\Ahead 2007-03-23 13:32:25 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-03-23 13:32:22 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-03-23 13:32:21 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-03-23 13:32:19 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-03-23 13:32:18 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-03-23 13:32:16 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-03-23 13:32:15 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-03-23 13:32:14 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-03-23 13:32:12 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-03-23 13:32:11 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-03-23 13:32:08 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-03-23 13:32:02 4096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-03-23 13:32:02 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-03-23 13:32:02 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-03-23 13:32:00 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-03-23 13:32:00 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-03-23 13:32:00 3744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-03-23 13:32:00 4816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-03-23 13:31:59 0 d-------- C:\WINDOWS\VirtualEar<VIRTUA~1> 2007-03-23 13:31:59 991232 --a------ C:\WINDOWS\system32\virtear.dll 2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll<SYNTHC~1.DLL> 2007-03-23 13:31:59 40820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-03-23 13:31:59 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-03-23 13:31:59 578368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\a3d.dll 2007-03-23 13:31:59 765952 --a------ C:\WINDOWS\system\crlds3d.dll 2007-03-23 13:31:59 978944 --a------ C:\WINDOWS\SynthCoreA.Dll<SYNTHC~1.DLL> 2007-03-23 13:31:59 380928 --a------ C:\WINDOWS\SynCor.exe 2007-03-23 13:31:59 0 d-------- C:\Program Files\Analog Devices<ANALOG~1> 2007-03-23 13:20:44 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1> 2007-03-23 13:20:14 0 d-------- C:\Program Files\Real Alternative<REALAL~1> 2007-03-23 13:20:14 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-03-23 13:18:46 0 d-------- C:\Program Files\ACE Mega CoDecS Pack<ACEMEG~1> 2007-03-23 13:14:48 32128 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2007-03-23 13:14:08 306688 --a------ C:\WINDOWS\IsUninst.exe 2007-03-23 13:05:51 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-03-23 13:05:28 46080 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-03-23 13:05:28 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-23 13:05:28 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-23 13:05:24 0 d-------- C:\Program Files\Winamp 2007-03-23 13:05:02 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-03-23 13:04:42 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-03-23 13:04:28 820224 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-03-23 13:04:28 448000 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-03-23 13:04:28 2285472 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-03-23 13:04:28 870784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-03-23 13:04:28 214528 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-03-23 13:04:28 249856 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-03-23 13:04:18 27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-03-23 13:04:16 77312 --a------ C:\WINDOWS\system32\usbui.dll 2007-03-23 13:03:06 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1> 2007-03-23 13:03:05 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-23 13:03:03 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-03-23 13:03:02 0 dr------- C:\Program Files<PROGRA~1> 2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-03-23 13:02:59 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-03-23 13:02:56 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-03-23 13:02:56 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-03-23 13:02:52 7168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-03-23 13:02:51 24661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-03-23 13:02:51 13312 --a------ C:\WINDOWS\system32\irclass.dll 2007-03-23 13:02:51 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-03-23 13:02:51 85532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-03-23 13:02:51 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-03-23 13:02:51 9168 --a------ C:\WINDOWS\system\VER.DLL 2007-03-23 13:02:51 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-03-23 13:02:50 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-03-23 13:02:50 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-03-23 13:02:50 83456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-03-23 13:02:50 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-03-23 13:02:49 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-03-23 13:02:48 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-03-23 13:02:48 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-03-23 13:02:48 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-03-23 13:02:48 70096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-03-23 13:02:47 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-03-23 13:02:47 8704 --a------ C:\WINDOWS\system32\batt.dll 2007-03-23 13:02:47 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-03-23 13:02:46 75776 --a------ C:\WINDOWS\system32\storprop.dll 2007-03-23 13:02:46 70144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot 2007-03-23 13:01:57 0 d--hs---- C:\System Volume Information<SYSTEM~1> 2007-03-23 13:01:57 0 d-------- C:\Documents and Settings<DOCUME~1> 2007-03-23 13:01:25 0 d-------- C:\Program Files\CyberLink<CYBERL~1> 2007-03-23 12:58:46 0 d-------- C:\Program Files\UltimateZip<ULTIMA~1> 2007-03-23 12:57:58 0 d-------- C:\WINDOWS 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\WinSxS 2007-03-23 12:57:58 0 dr------- C:\WINDOWS\Web 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\twain_32 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wins 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wbem 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\usmt 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\spool 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ShellExt 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\Setup 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ras 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\oobe 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\npp 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\mui 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\inetsrv 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\IME 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\icsxml 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ias 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\export 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-03-23 12:57:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\dhcp 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\config 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3076 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\2052 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1054 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1045 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1042 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1041 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1037 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1033 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1031 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1028 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1025 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\security 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Resources<RESOUR~1> 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\repair 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1> 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\PeerNet 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\pchealth 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\mui 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msapps 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msagent 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Media 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\java 2007-03-23 12:57:58 0 d--h----- C:\WINDOWS\inf 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ime 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Help 2007-03-23 12:57:58 0 dr--s---- C:\WINDOWS\Fonts 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ehome 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1> 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Debug 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Cursors 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1> 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Config 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\AppPatch 2007-03-23 12:57:58 0 d-------- C:\WINDOWS\addins 2007-03-23 12:56:35 24816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-03-23 12:53:50 0 d-------- C:\Program Files\Microsoft Works<MICROS~4> 2007-03-23 12:52:20 0 d-------- C:\WINDOWS\SHELLNEW 2007-03-23 12:40:52 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe 2007-03-23 12:40:44 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1> 2007-03-23 12:40:31 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1> 2007-03-23 12:40:29 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-23 12:39:46 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-23 12:39:36 0 d-------- C:\ATI 2007-03-23 12:38:25 298104 --a------ C:\WINDOWS\system32\imon.dll 2007-03-23 12:38:25 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-03-23 12:38:25 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-03-23 12:35:40 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1> 2007-03-23 12:35:39 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-03-23 12:35:38 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-03-23 12:19:53 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1> 2007-03-23 12:19:07 18200 --a------ C:\WINDOWS\system32\wups2.dll 2007-03-23 12:19:06 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1> 2007-03-23 12:18:44 0 d-------- C:\WINDOWS\Prefetch 2007-03-23 12:15:15 0 d-------- C:\WINDOWS\system32\xircom 2007-03-23 12:15:15 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1> 2007-03-23 12:14:52 0 -rahs---- C:\MSDOS.SYS 2007-03-23 12:14:52 0 -rahs---- C:\IO.SYS 2007-03-23 12:14:52 0 --a------ C:\CONFIG.SYS 2007-03-23 12:14:52 0 --a------ C:\AUTOEXEC.BAT 2007-03-23 12:14:34 112128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-03-23 12:13:34 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1> 2007-03-23 12:13:34 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1> 2007-03-23 12:13:23 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3> 2007-03-23 12:13:19 0 d-------- C:\Program Files\Usługi online<USUGIO~1> 2007-03-23 12:13:00 0 d-------- C:\WINDOWS\system32\DirectX 2007-03-23 12:12:44 11264 --a------ C:\WINDOWS\system32\atrace.dll 2007-03-23 12:12:36 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-03-23 12:12:35 67584 --a------ C:\WINDOWS\system32\acctres.dll 2007-03-23 12:12:33 0 d---s---- C:\WINDOWS\Tasks 2007-03-23 12:12:33 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-03-23 12:12:32 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-23 12:12:29 0 d-------- C:\WINDOWS\system32\Macromed 2007-03-23 12:12:29 0 d-------- C:\WINDOWS\srchasst 2007-03-23 12:12:26 173536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-03-23 12:12:25 41240 --a------ C:\WINDOWS\system32\wups.dll 2007-03-23 12:12:25 128280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-03-23 12:12:25 6656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-03-23 12:12:25 195352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-03-23 12:12:25 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-03-23 12:12:25 175384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-03-23 12:12:24 125208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-03-23 12:12:24 466200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-03-23 12:12:24 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-03-23 12:12:24 382464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-03-23 12:12:24 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-03-23 12:12:24 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-03-23 12:12:21 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-23 12:12:18 45568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-03-23 12:12:18 29696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-03-23 12:12:15 171008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-03-23 12:12:15 240128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-03-23 12:12:15 67584 --a------ C:\WINDOWS\system32\srclient.dll 2007-03-23 12:12:15 0 d-------- C:\WINDOWS\system32\Restore 2007-03-23 12:12:15 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-03-23 12:12:15 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-03-23 12:12:15 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-03-23 12:12:15 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-03-23 12:12:14 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-03-23 12:12:14 69632 --a------ C:\WINDOWS\system32\msconf.dll 2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-03-23 12:12:14 34560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-03-23 12:12:14 81920 --a------ C:\WINDOWS\system32\ils.dll 2007-03-23 12:12:08 105984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-03-23 12:12:08 252928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-03-23 12:12:07 49664 --a------ C:\WINDOWS\system32\inetres.dll 2007-03-23 12:12:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-03-23 12:12:06 192000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-03-23 12:12:06 12288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-03-23 12:12:06 278528 --a------ C:\WINDOWS\system32\mstask.dll 2007-03-23 12:12:05 86016 --a------ C:\WINDOWS\system32\isign32.dll 2007-03-23 12:12:05 278528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-03-23 12:12:05 65536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-03-23 12:12:05 73728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-03-23 12:11:28 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> 2007-03-23 12:11:12 0 d-------- C:\WINDOWS\Registration<REGIST~1> 2007-03-23 12:10:59 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-23 12:10:56 5632 --a------ C:\WINDOWS\system32\write.exe 2007-03-23 12:10:56 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-03-23 12:10:48 139264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-03-23 12:10:48 44544 --a------ C:\WINDOWS\system32\hticons.dll 2007-03-23 12:10:48 73216 --a------ C:\WINDOWS\system32\avwav.dll 2007-03-23 12:10:48 231424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-03-23 12:10:48 16384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-03-23 12:10:47 35328 --a------ C:\WINDOWS\system32\winchat.exe 2007-03-23 12:10:42 119808 --a------ C:\WINDOWS\system32\winmine.exe 2007-03-23 12:10:42 57344 --a------ C:\WINDOWS\system32\sol.exe 2007-03-23 12:10:42 128000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-03-23 12:10:42 605696 --a------ C:\WINDOWS\system32\getuname.dll 2007-03-23 12:10:42 80896 --a------ C:\WINDOWS\system32\charmap.exe 2007-03-23 12:10:42 115200 --a------ C:\WINDOWS\system32\calc.exe 2007-03-23 12:10:41 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-03-23 12:10:41 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\tskill.exe 2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tscon.exe 2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\shadow.exe 2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-03-23 12:10:41 9728 --a------ C:\WINDOWS\system32\reset.exe 2007-03-23 12:10:41 33792 --a------ C:\WINDOWS\system32\regini.exe 2007-03-23 12:10:41 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-03-23 12:10:41 22528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-03-23 12:10:41 17408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-03-23 12:10:41 55808 --a------ C:\WINDOWS\system32\freecell.exe 2007-03-23 12:10:40 22528 --a------ C:\WINDOWS\system32\msg.exe 2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\logoff.exe 2007-03-23 12:10:40 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-03-23 12:10:39 54272 --a------ C:\WINDOWS\system32\stclient.dll 2007-03-23 12:10:39 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-03-23 12:10:39 4096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-03-23 12:10:39 20480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-03-23 12:10:39 147456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-03-23 12:10:39 97792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-03-23 12:10:39 25600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-03-23 12:10:34 132608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-03-23 12:10:34 345088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-03-23 12:10:34 124928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-03-23 12:10:34 351744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-03-23 12:10:34 187904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-03-23 12:10:34 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-23 12:10:33 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-03-23 12:10:33 539136 --a------ C:\WINDOWS\system32\spider.exe 2007-03-23 12:10:33 655360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-03-23 12:10:33 408576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-03-23 12:10:33 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-03-23 12:10:33 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-03-23 12:10:33 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-03-23 12:10:33 103424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-03-23 12:10:32 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-03-23 12:10:32 296448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-03-23 12:10:32 141824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-03-23 12:10:32 60928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-03-23 12:10:32 67072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-03-23 12:10:32 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-03-23 12:10:32 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-03-23 12:10:32 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-03-23 12:10:32 62464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-03-23 12:10:32 147968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-03-23 12:10:32 20992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-03-23 12:10:32 11264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-03-23 12:10:32 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-03-23 12:10:31 11776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-03-23 12:10:31 91136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-03-23 12:10:31 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-03-23 12:10:31 956416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-03-23 12:10:31 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-03-23 12:10:31 58880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-03-23 12:10:31 0 d-------- C:\WINDOWS\system32\MsDtc 2007-03-23 12:10:31 6144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-03-23 12:10:30 0 d-------- C:\WINDOWS\system32\Com 2007-03-23 12:10:30 60416 --a------ C:\WINDOWS\system32\colbact.dll 2007-03-23 12:10:30 110080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-03-23 12:10:30 625152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-03-23 12:10:30 85504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-03-23 12:10:30 225792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-03-23 12:10:29 540160 --a------ C:\WINDOWS\system32\comuid.dll 2007-03-23 12:10:29 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-03-23 12:10:29 498688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-03-23 12:10:22 56320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-03-23 12:10:21 17920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-03-23 12:10:21 58880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-03-23 12:10:21 187904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-03-23 12:10:18 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-03-23 12:10:18 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys -- Find3M Report --------------------------------------------------------------- 2007-04-15 19:54:38 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\uTorrent 2007-04-11 18:59:58 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\PC Tools<PCTOOL~1> 2007-04-07 19:25:37 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Skype 2007-04-03 17:38:08 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\CyberLink<CYBERL~1> 2007-03-31 20:21:43 0 d---s---- C:\Documents and Settings\P&P\Dane aplikacji\Microsoft<MICROS~1> 2007-03-31 12:12:53 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\SecuROM 2007-03-29 18:53:54 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Adobe 2007-03-28 18:23:32 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Mozilla 2007-03-28 17:16:16 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Macromedia<MACROM~1> 2007-03-26 17:52:30 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Identities<IDENTI~1> 2007-03-26 09:08:31 495436 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-26 09:08:31 73532 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-23 13:02:38 62 --ahs---- C:\Documents and Settings\P&P\Dane aplikacji\desktop.ini 2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-19 09:40:42 89088 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe<SKANER~1.EXE> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SMSERIAL"="sm56hlpr.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "DAEMON Tools-1033"="\"C:\\Program Files\\Deamon\\daemon.exe\" -lang 1033" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-04-15 at 20:20:47 ------------------------

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 20:35

skasuj ten plik w awaryjnym i bedzie ok

C:\WINDOWS\system32\tmp.reg

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **Valgaav** 15 Kwi 2007, 20:58

Gotowe.

FIX.REG też mogę skasować?

Da się tego jakoś nauczyć?

Dzięki serdeczne za pomoc. Ratujesz mi życie!

**Posty:** 18165 · przez **wojtas** 15 Kwi 2007, 21:22

Valgaav napisał(a):FIX.REG też mogę skasować?

mozesz

Valgaav napisał(a):Da się tego jakoś nauczyć?

da

Valgaav napisał(a):Dzięki serdeczne za pomoc. Ratujesz mi życie!

spox

**Posty:** 25 · przez **Valgaav** 16 Kwi 2007, 14:53

Kurcze, ale i tak mi Counter nie działa. Wyskakuje komunikat:

Could not connect

lub wyłącza się na początku rundy, nawet jak tworzę własny serwer z botami. Zainstalowałem inną wersję i i tak to samo.

PS. Zamieścić logi do sprawdzenia?

**Posty:** 18165 · przez **wojtas** 16 Kwi 2007, 15:34

Valgaav napisał(a):PS. Zamieścić logi do sprawdzenia?

oczywiscie

**Posty:** 25 · przez **Valgaav** 16 Kwi 2007, 21:16

Oto log-i:

Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 20:58:14, on 2007-04-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Deamon\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
D:\Downloads\Mozilla\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Gadu\Gadu-Gadu\gg.exe
D:\Downloads\From mozilla\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Silent:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SMSERIAL" = "sm56hlpr.exe" [file not found] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DAEMON Tools-1033" = ""C:\Program Files\Deamon\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Shell Extension" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] "{2F860D82-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Drag Drop Handler" -> {HKLM...CLSID} = "UltimateZip Drag Drop Handler" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshldr.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "load" = "c:\progra~1\Colins\watch.exe" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" -> {HKLM...CLSID} = "UltimateZip Shell Extension 1" \InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\P&P\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Monitor języka BJ\Driver = "CNBJMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 126 seconds. ---------- (total run time: 176 seconds)

Combo:

ComboScan v20070306.20 run by P&P on 2007-04-16 at 21:02:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as P&P.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:02:47, on 2007-04-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Deamon\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
D:\Downloads\Mozilla\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Gadu\Gadu-Gadu\gg.exe
D:\Downloads\From mozilla\comboscan.exe
D:\DOWNLO~1\FROMMO~1\HIJACK~1\P&P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=c:\progra~1\Colins\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174645124528
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

-- Files created between 2007-03-16 and 2007-04-16 -----------------------------

2007-04-16 15:24:38 945 --a------ C:\WINDOWS\mozver.dat
2007-04-15 20:26:31 0 d-------- C:\WINDOWS\pss
2007-04-15 19:41:58 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-15 19:41:58 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-15 19:41:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-15 19:41:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-15 19:41:57 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-15 19:41:57 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-14 18:50:08 0 d-------- C:\Program Files\Audacity
2007-04-14 18:49:21 701 --a------ C:\WINDOWS\unins000.dat
2007-04-11 19:00:10 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-04-11 19:00:10 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-04-11 18:59:58 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-11 16:51:03 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-11 16:51:03 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-11 16:51:01 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-11 16:51:01 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-11 16:51:01 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-11 16:50:52 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-11 16:50:52 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-11 16:50:52 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-11 16:50:52 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-11 16:50:52 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-11 16:50:51 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-11 15:12:32 0 d-------- C:\Program Files\MW
2007-04-09 16:19:50 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-04-09 16:19:50 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-04-09 16:19:49 0 d-------- C:\Program Files\Deamon
2007-04-09 16:03:29 160768 --a------ C:\WINDOWS\system32\ILLKRN.DLL
2007-04-09 16:03:29 0 d-------- C:\Program Files\TEXTware
2007-04-09 16:03:29 0 d-------- C:\Program Files\IDM
2007-04-09 16:03:27 205312 --a------ C:\WINDOWS\system32\Illprs.dll
2007-04-09 16:03:05 86016 --a------ C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
2007-04-09 16:02:18 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-04-09 16:02:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-09 15:48:32 6464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-04-09 15:48:31 298880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-04-09 15:48:31 1984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-04-09 15:48:31 177216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-04-09 15:48:31 157696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-04-09 15:48:31 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-04-09 15:48:31 150976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-04-09 15:48:31 164832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-04-09 15:48:31 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-04-09 15:48:31 27026 --a------ C:\WINDOWS\system\OLE2.REG
2007-04-09 15:48:31 302592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-04-09 15:48:31 64080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-04-09 15:48:31 246928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-04-09 15:48:31 92576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-04-09 15:48:31 88896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-04-09 15:48:31 56240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-04-09 15:48:31 15936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-04-09 15:48:31 11232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-04-09 15:48:31 10304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-04-09 15:48:31 995056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-04-09 15:48:31 27632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-04-09 15:48:31 108544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-04-07 22:23:23 146976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-04-07 22:23:23 125856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-04-07 22:23:23 322384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-04-07 22:23:20 0 d-------- C:\Program Files\COLINS
2007-04-07 22:20:20 26768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-04-07 22:20:20 271248 --a------ C:\WINDOWS\ISUN16.EXE
2007-04-01 18:20:24 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-03-31 12:12:51 126976 --a------ C:\WINDOWS\system32\UAService7.exe<UASERV~1.EXE>
2007-03-31 12:12:51 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-03-30 10:54:52 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-29 18:53:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-29 18:52:02 0 d-------- C:\WINDOWS\Cache
2007-03-28 20:24:32 0 d-------- C:\Program Files\Common Files\Skype
2007-03-28 20:24:11 0 d-------- C:\Program Files\Skype
2007-03-28 18:23:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\UC.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\RAR.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\LHA.PIF
2007-03-26 21:53:47 545 --a------ C:\WINDOWS\ARJ.PIF
2007-03-26 17:35:17 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-26 17:35:13 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-26 09:22:39 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-26 09:07:31 0 dr--s---- C:\WINDOWS\assembly
2007-03-26 09:07:30 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-03-26 09:07:29 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-26 09:03:58 0 d-------- C:\Program Files\Symantec
2007-03-26 09:03:58 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-26 08:59:41 16128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-03-26 08:58:57 633220 --a------ C:\WINDOWS\system32\drivers\Intels51.sys
2007-03-26 08:11:44 321024 --a------ C:\WINDOWS\IsUn0804.exe
2007-03-23 14:14:43 125184 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-23 14:14:43 5504 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-23 14:14:28 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-23 14:14:28 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-23 14:14:28 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-03-23 14:14:28 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-23 14:14:28 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-23 14:14:28 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-23 14:14:28 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-23 14:13:55 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-23 14:13:55 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-23 14:13:51 0 d-------- C:\Program Files\Ahead
2007-03-23 13:32:25 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-23 13:32:22 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-23 13:32:21 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-23 13:32:19 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-23 13:32:18 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-23 13:32:16 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-23 13:32:15 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-23 13:32:14 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-23 13:32:12 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-23 13:32:11 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-23 13:32:08 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-23 13:32:02 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 13:32:02 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-23 13:32:02 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-23 13:32:00 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2007-03-23 13:32:00 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll
2007-03-23 13:32:00 3744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-03-23 13:32:00 4816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-23 13:31:59 0 d-------- C:\WINDOWS\VirtualEar<VIRTUA~1>
2007-03-23 13:31:59 991232 --a------ C:\WINDOWS\system32\virtear.dll
2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll<SYNTHC~1.DLL>
2007-03-23 13:31:59 40820 --a------ C:\WINDOWS\system32\Syncor11.dll
2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\S11thk32.dll
2007-03-23 13:31:59 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-23 13:31:59 49152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-03-23 13:31:59 578368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-23 13:31:59 45056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\Audio3d.dll
2007-03-23 13:31:59 720896 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-23 13:31:59 765952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-03-23 13:31:59 978944 --a------ C:\WINDOWS\SynthCoreA.Dll<SYNTHC~1.DLL>
2007-03-23 13:31:59 380928 --a------ C:\WINDOWS\SynCor.exe
2007-03-23 13:31:59 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-23 13:20:44 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-23 13:20:14 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-23 13:20:14 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-23 13:18:46 0 d-------- C:\Program Files\ACE Mega CoDecS Pack<ACEMEG~1>
2007-03-23 13:14:48 32128 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-03-23 13:14:08 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-23 13:05:51 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-23 13:05:28 46080 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-23 13:05:28 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-23 13:05:28 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-23 13:05:24 0 d-------- C:\Program Files\Winamp
2007-03-23 13:05:02 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-23 13:04:42 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-23 13:04:28 820224 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-23 13:04:28 448000 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-23 13:04:28 2285472 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-23 13:04:28 870784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-03-23 13:04:28 214528 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-23 13:04:28 249856 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-23 13:04:18 27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-23 13:04:16 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-23 13:03:06 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-23 13:03:05 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-23 13:03:03 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-23 13:03:02 0 dr------- C:\Program Files<PROGRA~1>
2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-23 13:02:59 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-23 13:02:59 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-23 13:02:58 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-23 13:02:56 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-23 13:02:56 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-23 13:02:56 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-23 13:02:56 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-23 13:02:55 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-23 13:02:55 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-23 13:02:52 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-23 13:02:52 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-23 13:02:52 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-23 13:02:51 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-23 13:02:51 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-23 13:02:51 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-23 13:02:51 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-23 13:02:51 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-23 13:02:51 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-23 13:02:51 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-23 13:02:50 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-23 13:02:50 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-23 13:02:50 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-23 13:02:50 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-23 13:02:49 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-23 13:02:48 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-23 13:02:48 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-23 13:02:48 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-23 13:02:48 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-23 13:02:47 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-23 13:02:47 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-23 13:02:47 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-23 13:02:46 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-23 13:02:46 70144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-23 13:02:20 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-23 13:01:57 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-23 13:01:57 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-23 13:01:25 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-03-23 12:58:46 0 d-------- C:\Program Files\UltimateZip<ULTIMA~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\WinSxS
2007-03-23 12:57:58 0 dr------- C:\WINDOWS\Web
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\twain_32
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wins
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\wbem
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\usmt
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\spool
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\Setup
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ras
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\oobe
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\npp
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\mui
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\IME
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\ias
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\export
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-23 12:57:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\config
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\3076
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\2052
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1054
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1045
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1042
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1041
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1037
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1033
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1031
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1028
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system32\1025
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\system
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\security
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\repair
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\PeerNet
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\pchealth
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\mui
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msapps
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\msagent
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Media
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\java
2007-03-23 12:57:58 0 d--h----- C:\WINDOWS\inf
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ime
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Help
2007-03-23 12:57:58 0 dr--s---- C:\WINDOWS\Fonts
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\ehome
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Debug
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Cursors
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\Config
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\AppPatch
2007-03-23 12:57:58 0 d-------- C:\WINDOWS\addins
2007-03-23 12:56:35 24816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-23 12:53:50 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-03-23 12:52:20 0 d-------- C:\WINDOWS\SHELLNEW
2007-03-23 12:40:52 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-23 12:40:44 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-23 12:40:31 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-23 12:40:29 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-23 12:39:46 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-23 12:39:36 0 d-------- C:\ATI
2007-03-23 12:38:25 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-23 12:38:25 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-23 12:38:25 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-23 12:35:40 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-23 12:35:39 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-23 12:35:38 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-23 12:19:53 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-23 12:19:07 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-23 12:19:06 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-23 12:18:44 0 d-------- C:\WINDOWS\Prefetch
2007-03-23 12:15:15 0 d-------- C:\WINDOWS\system32\xircom
2007-03-23 12:15:15 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-23 12:14:52 0 -rahs---- C:\MSDOS.SYS
2007-03-23 12:14:52 0 -rahs---- C:\IO.SYS
2007-03-23 12:14:52 0 --a------ C:\CONFIG.SYS
2007-03-23 12:14:52 0 --a------ C:\AUTOEXEC.BAT
2007-03-23 12:14:34 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-23 12:13:34 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-23 12:13:34 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-23 12:13:23 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-23 12:13:19 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-23 12:13:00 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-23 12:12:44 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-23 12:12:36 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-23 12:12:35 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-23 12:12:33 0 d---s---- C:\WINDOWS\Tasks
2007-03-23 12:12:33 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-23 12:12:32 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-23 12:12:29 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-23 12:12:29 0 d-------- C:\WINDOWS\srchasst
2007-03-23 12:12:26 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-23 12:12:25 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-23 12:12:25 128280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-23 12:12:25 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-23 12:12:25 195352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-23 12:12:25 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-23 12:12:25 175384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-23 12:12:24 125208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-23 12:12:24 466200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-23 12:12:24 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-23 12:12:24 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-23 12:12:24 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-23 12:12:24 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-23 12:12:21 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-23 12:12:18 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-23 12:12:18 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-23 12:12:18 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-23 12:12:15 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-23 12:12:15 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-23 12:12:15 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-23 12:12:15 0 d-------- C:\WINDOWS\system32\Restore
2007-03-23 12:12:15 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-23 12:12:15 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-23 12:12:15 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-23 12:12:15 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-23 12:12:14 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-23 12:12:14 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-23 12:12:14 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-23 12:12:14 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-23 12:12:14 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-23 12:12:08 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-23 12:12:08 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-23 12:12:07 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-23 12:12:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-23 12:12:06 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-23 12:12:06 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-23 12:12:06 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-23 12:12:05 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-23 12:12:05 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-23 12:12:05 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-23 12:12:05 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-23 12:11:28 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-23 12:11:12 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-23 12:10:59 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-23 12:10:56 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-23 12:10:56 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-23 12:10:48 139264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-23 12:10:48 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-23 12:10:48 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-23 12:10:48 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-23 12:10:48 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-23 12:10:47 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-23 12:10:42 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-23 12:10:42 57344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-23 12:10:42 128000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-23 12:10:42 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-23 12:10:42 80896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-23 12:10:42 115200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-23 12:10:41 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-23 12:10:41 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-23 12:10:41 15360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-23 12:10:41 16384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-23 12:10:41 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-23 12:10:41 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-23 12:10:41 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-23 12:10:41 22528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-23 12:10:41 17408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-23 12:10:41 55808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-23 12:10:40 22528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-23 12:10:40 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-23 12:10:40 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-23 12:10:39 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-23 12:10:39 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-23 12:10:39 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-23 12:10:39 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-23 12:10:39 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-23 12:10:39 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-23 12:10:39 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-23 12:10:34 132608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-23 12:10:34 345088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-23 12:10:34 124928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-23 12:10:34 351744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-23 12:10:34 187904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-23 12:10:34 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-23 12:10:33 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-23 12:10:33 539136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-23 12:10:33 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-23 12:10:33 408576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-23 12:10:33 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-23 12:10:33 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-23 12:10:33 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-23 12:10:33 103424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-23 12:10:32 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-23 12:10:32 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-23 12:10:32 141824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-23 12:10:32 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-23 12:10:32 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-23 12:10:32 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-23 12:10:32 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-23 12:10:32 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-23 12:10:32 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-23 12:10:32 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-23 12:10:32 20992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-23 12:10:32 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-23 12:10:32 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-23 12:10:31 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-23 12:10:31 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-23 12:10:31 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-23 12:10:31 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-23 12:10:31 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-23 12:10:31 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-23 12:10:31 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-23 12:10:31 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-23 12:10:30 0 d-------- C:\WINDOWS\system32\Com
2007-03-23 12:10:30 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-23 12:10:30 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-23 12:10:30 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-23 12:10:30 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-23 12:10:30 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-23 12:10:29 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-23 12:10:29 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-23 12:10:29 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-23 12:10:22 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-23 12:10:21 17920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-23 12:10:21 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-23 12:10:21 187904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-23 12:10:18 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-23 12:10:18 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

-- Find3M Report ---------------------------------------------------------------

2007-04-16 15:24:38 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\GanymedeNet<GANYME~1>
2007-04-15 19:54:38 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\uTorrent
2007-04-11 18:59:58 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\PC Tools<PCTOOL~1>
2007-04-07 19:25:37 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Skype
2007-04-03 17:38:08 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\CyberLink<CYBERL~1>
2007-03-31 20:21:43 0 d---s---- C:\Documents and Settings\P&P\Dane aplikacji\Microsoft<MICROS~1>
2007-03-31 12:12:53 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\SecuROM
2007-03-29 18:53:54 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Adobe
2007-03-28 18:23:32 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Mozilla
2007-03-28 17:16:16 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Macromedia<MACROM~1>
2007-03-26 17:52:30 0 d-------- C:\Documents and Settings\P&P\Dane aplikacji\Identities<IDENTI~1>
2007-03-26 09:08:31 495436 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-26 09:08:31 73532 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-23 13:02:38 62 --ahs---- C:\Documents and Settings\P&P\Dane aplikacji\desktop.ini
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 09:40:42 89088 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe<SKANER~1.EXE>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SMSERIAL"="sm56hlpr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools-1033"="\"C:\\Program Files\\Deamon\\daemon.exe\" -lang 1033"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of ComboScan: finished at 2007-04-16 at 21:03:21 ------------------------

**Posty:** 18165 · przez **wojtas** 16 Kwi 2007, 21:18

w logach nic nie ma

przeinstaluj contera moze

**Posty:** 25 · przez **Valgaav** 16 Kwi 2007, 21:32

Dzięki serdeczne za sprawdzenie.

Jak się tego nauczyć można (jeśli chcesz powiedzieć of kors)?

**Posty:** 18165 · przez **wojtas** 16 Kwi 2007, 21:39

Valgaav napisał(a):Jak się tego nauczyć można (jeśli chcesz powiedzieć of kors)?

nie ma jakiegos sposbu poprostu musisz obserwowac co inni robia i sie nauczysz z czasem

**Posty:** 25 · przez **Valgaav** 18 Kwi 2007, 14:55

Przeinstalowałem i dalej nie działa. Wyskakuje "could not connet to server". Co mogę jeszcze zrobić?

**Posty:** 18165 · przez **wojtas** 18 Kwi 2007, 15:24

nie masz firewalla czasem wlaczonego??

bardzo proszę o sprawdzenie loga

Bardzo proszę o sprawdzenie loga

Kto jest na forum