komp i net wolniej chodzo

[Tomaszow]

tak jak w temacie i pokazuje sie taka czerwona tarczka "your computer is nfected" log z hjt:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:57:31, on 2003-06-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tmrsrv32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Cus tam hmm\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://womanguilty.info/chk.php?qq=salsa+la+raza
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: C:\WINDOWS\system32\lfhs76ghf.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lfhs76ghf.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[jeff]

log obciety bo nie ma reszty wpisów

[Tomaszow]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 22:34:12, on 2003-06-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Cus tam hmm\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://womanguilty.info/chk.php?qq=salsa+la+raza
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: C:\WINDOWS\system32\lfhs76ghf.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lfhs76ghf.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Usługa bramy warstwy aplikacji ALGdmserver (ALGdmserver) - Unknown owner - C:\WINDOWS\system32\ldr16.tmp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Stacja robocza lanmanworkstationNetlogon (lanmanworkstationNetlogon) - Unknown owner - C:\WINDOWS\system32\ldr7.tmp.exe (file missing)

Teraz na pewno nie obciolem

[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

oraz te skanery po kilka razy w awaryjnym

VundoFix
http://www.atribune.org/ccount/click.php?id=4

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

FixVundo
http://securityresponse.symantec.com/avcenter/FixVundo.exe

[Tomaszow]

Niestety dalej tak sie muli nowy log z hjt:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 00:55:12, on 2003-06-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\system32\wpabaln.exe
D:\Cus tam hmm\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://womanguilty.info/chk.php?qq=salsa+la+raza
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: C:\WINDOWS\system32\lfhs76ghf.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lfhs76ghf.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Usługa bramy warstwy aplikacji ALGdmserver (ALGdmserver) - Unknown owner - C:\WINDOWS\system32\ldr16.tmp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Stacja robocza lanmanworkstationNetlogon (lanmanworkstationNetlogon) - Unknown owner - C:\WINDOWS\system32\ldr7.tmp.exe (file missing)

Ze Smitha

Kod: Zaznacz wszystko

SmitFraudFix v2.192

Scan done at  0:58:09,26, 2003-06-08
Run from C:\Documents and Settings\Tom\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Tom\Pulpit\VundoFix.exe
C:\Documents and Settings\Tom\Pulpit\FixVundo.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tom


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tom\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tom\Ulubione


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8D5849A2-93F3-429D-FF34-260A2068897C}"="Fdjskie8 jf8e"

[HKEY_CLASSES_ROOT\CLSID\{8D5849A2-93F3-429D-FF34-260A2068897C}\InProcServer32]
@="C:\WINDOWS\system32\lfhs76ghf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8D5849A2-93F3-429D-FF34-260A2068897C}\InProcServer32]
@="C:\WINDOWS\system32\lfhs76ghf.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Ralink Wireless LAN Card V2 - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64C70308-A599-4B3F-8AC4-969B5A2C6C25}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64C70308-A599-4B3F-8AC4-969B5A2C6C25}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64C70308-A599-4B3F-8AC4-969B5A2C6C25}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[wojtas]

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Drivers to unload:

lanmanworkstationNetlogon
ALGdmserver

Files to delete:

C:\WINDOWS\system32\ldr16.tmp.exe
C:\WINDOWS\system32\ldr7.tmp.exe
C:\WINDOWS\system32\msdn_lib.dll
C:\WINDOWS\system32\cscentfy.dll

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://womanguilty.info/chk.php?qq=salsa+la+raza
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: C:\WINDOWS\system32\lfhs76ghf.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lfhs76ghf.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O23 - Service: Usługa bramy warstwy aplikacji ALGdmserver (ALGdmserver) - Unknown owner - C:\WINDOWS\system32\ldr16.tmp.exe (file missing)
O23 - Service: Stacja robocza lanmanworkstationNetlogon (lanmanworkstationNetlogon) - Unknown owner - C:\WINDOWS\system32\ldr7.tmp.exe (file missing)

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z hijacka i combofixa:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Tomaszow]

avenger

Kod: Zaznacz wszystko

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\anpwagnv

*******************

Script file located at: \??\C:\WINDOWS\rbrefasd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver lanmanworkstationNetlogon unloaded successfully.
Driver ALGdmserver unloaded successfully.


File C:\WINDOWS\system32\ldr16.tmp.exe not found!
Deletion of file C:\WINDOWS\system32\ldr16.tmp.exe failed!

Could not process line:
C:\WINDOWS\system32\ldr16.tmp.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ldr7.tmp.exe not found!
Deletion of file C:\WINDOWS\system32\ldr7.tmp.exe failed!

Could not process line:
C:\WINDOWS\system32\ldr7.tmp.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msdn_lib.dll deleted successfully.
File C:\WINDOWS\system32\cscentfy.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

HJT:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 12:40:45, on 2003-06-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Cus tam hmm\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

A w ComboFixie wyskakuje takie cus:

COMSPEC ERROR!!!

THE ABOVE ENVIRONMENT VARIABLE WAS FOUND TO BE CORRUPT.

[wojtas]

to daj loga z:

http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Tomaszow]

DSS

[code]Deckard's System Scanner v20070603.47
Run by Tom on 2003-06-08 at 15:05:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2003-06-08 13:05:54 UTC - RP1 - Punkt kontrolny systemu


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2003-06-08 15:07:30
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tom\Pulpit\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Console Flash v.4.1 - {BCC8A4AB-C055-461E-B4B5-1B0EA8647897} - C:\WINDOWS\system32\confl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Fdjskie8 jf8e - {8D5849A2-93F3-429D-FF34-260A2068897C} - (no file)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com


-- HijackThis Fixed Entries (D:\Cus tam hmm\backups\) --------------------------

backup-20030607-173844-586 O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
backup-20030607-173900-855 O4 - HKLM\..\Run: [ipmon] ipmon.exe
backup-20030607-173910-874 O4 - HKLM\..\Run: [ipmon] ipmon.exe
backup-20030608-123109-167 O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
backup-20030608-123109-772 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20030608-123109-804 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20030608-123109-950 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://womanguilty.info/chk.php?qq=salsa+la+raza
backup-20030608-123109-982 O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll (file missing)
backup-20030608-123109-992 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20030608-123110-118 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20030608-123110-182 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20030608-123110-200 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20030608-123110-261 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20030608-123110-268 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20030608-123110-364 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20030608-123110-454 O2 - BHO: C:\WINDOWS\system32\lfhs76ghf.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lfhs76ghf.dll (file missing)
backup-20030608-123110-475 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20030608-123110-482 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20030608-123110-514 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20030608-123110-520 O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
backup-20030608-123110-528 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20030608-123110-531 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20030608-123110-652 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20030608-123110-759 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20030608-123110-851 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20030608-123110-958 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070602-211534-632 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20070602-211550-297 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 xpdx (xpdx system driver) - c:\windows\system32\xpdx.sys
R2 Bpbw69 - c:\windows\system32\bpbw69.sys
R2 Racq33 - c:\windows\system32\racq33.sys
R2 windev-1b89-5eeb - c:\windows\system32\windev-1b89-5eeb.sys

S2 ntio256 (Input and output operations) - c:\windows\system32\ntio256.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2003-05-08 and 2003-06-08 -----------------------------

2006-03-02 14:00:00 296448 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 36352 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2006-03-02 14:00:00 41472 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 72192 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 184320 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft (r) Windows Script Host>
2006-03-02 14:00:00 53248 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 43520 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 43008 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 16384 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 22528 --a------ C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 446464 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 76800 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 61952 --a------ C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 302592 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 44544 --a------ C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 113152 --a------ C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 60928 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 35840 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 29184 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 27648 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 14848 --a------ C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 43008 --a------ C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 23552 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 387072 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 27648 --a------ C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 88064 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 30208 --a------ C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 24064 --a------ C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 150528 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 26112 --a------ C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 13824 --a------ C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 117760 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 48128 --a------ C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 61952 --a------ C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 19968 --a------ C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 25600 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 692224 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 25600 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 622592 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 29696 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 57856 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 31744 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 405504 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 30720 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 720896 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 68608 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 22528 --a------ C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 63488 --a------ C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 101888 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 36864 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 81408 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 31232 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 89088 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 53248 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 20480 --a------ C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 33792 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 43520 --a------ C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 88576 --a------ C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 19968 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 109056 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 41984 --a------ C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 24576 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 25088 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 73216 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 27648 --a------ C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 88576 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 143360 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 59904 --a------ C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows Whistler®>
2006-03-02 14:00:00 35328 --a------ C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows Whistler®>
2006-03-02 14:00:00 65024 --a------ C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; System operacyjny Microsoft(R) Windows (R) 2000>
2006-03-02 14:00:00 26112 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 36352 --a------ C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 31232 --a------ C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 25088 --a------ C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 23552 --a------ C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 15360 --a------ C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe>
2006-03-02 14:00:00 51712 --a------ C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 14336 --a------ C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 64000 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 17920 --a------ C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 32768 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 46592 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 67584 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 79872 --a------ C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 51712 --a------ C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 20480 --a------ C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 61440 --a------ C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 120320 --a------ C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 19968 --a------ C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 59904 --a------ C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 44544 --a------ C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 29696 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 26624 --a------ C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2006-03-02 14:00:00 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2006-03-02 14:00:00 26112 --a------ C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 33280 --a------ C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 70144 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 52224 --a------ C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 226816 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 431104 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 42496 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 119808 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 80896 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 78336 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 126976 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 346624 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 297472 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 135680 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 53248 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 14848 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 32256 --a------ C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 66048 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 17408 --a------ C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 116736 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2006-03-02 14:00:00 97280 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 24576 --a------ C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 32768 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 183296 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Menedżer synchronizacji firmy Microsoft>
2006-03-02 14:00:00 826368 --a------ C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 62976 --a------ C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 96256 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 169984 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 16896 --a------ C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 525824 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 231424 --a------ C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 71680 --a------ C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 114688 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2006-03-02 14:00:00 15872 --a------ C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 86016 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 37376 --a------ C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 40448 --a------ C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 78336 --a------ C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 34816 --a------ C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 64512 --a------ C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 55808 --a------ C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 68096 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 160768 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 125440 --a------ C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 25600 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 50176 --a------ C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 55296 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 73728 --a------ C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 203776 --a------ C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 17920 --a------ C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 32256 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 13824 --a------ C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 20480 --a------ C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 67584 --a------ C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 48640 --a------ C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 25600 --a------ C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 56320 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 27136 --a------ C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 19968 --a------ C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 204800 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 50176 --a------ C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 1310720 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 221184 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2006-03-02 14:00:00 28672 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 79360 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 57856 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 94208 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 29184 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 40960 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 21504 --a------ C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 26624 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2006-03-02 14:00:00 236032 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Menedżer dysków logicznych dla systemu Windows NT>
2006-03-02 14:00:00 15360 --a------ C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 29184 --a------ C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 175616 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Aplikacja Diskpart firmy Microsoft Corporation>
2006-03-02 14:00:00 96256 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 93184 --a------ C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. i Executive Software International, Inc.; Defragmentator dysków systemu Windows>
2006-03-02 14:00:00 35840 --a------ C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2006-03-02 14:00:00 41472 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 26112 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 110592 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft (r) Windows Script Host>
2006-03-02 14:00:00 24576 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 38400 --a------ C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 28672 --a------ C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 26624 --a------ C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 75264 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2006-03-02 14:00:00 50176 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2006-03-02 14:00:00 57856 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2006-03-02 14:00:00 406528 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 73216 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 32768 --a------ C:\WINDOWS\system32\cliconfg.exe <Not Verified; Microsoft Corporation; Microsoft SQL Server>
2006-03-02 14:00:00 104448 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 18432 --a------ C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 16384 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 18944 --a------ C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 22016 --a------ C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 22528 --a------ C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 30208 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 22016 --a------ C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 22016 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 36352 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 30720 --a------ C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 84480 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-03-02 14:00:00 109056 --a------ C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 14848 --a------ C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2006-03-02 14:00:00 160256 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2006-03-02 14:00:00 21504 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2006-03-02 14:00:00 1073664 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2005-01-16 14:39:23 52 --a------ C:\WINDOWS\system32\registersld.bat
2004-12-20 12:08:28 155648 --a------ C:\WINDOWS\system32\xvidvfw.dll
2004-12-20 12:03:26 679936 --a------ C:\WINDOWS\system32\xvidcore.dll
2004-08-30 14:25:24 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2004-08-13 00:11:14 774144 --a------ C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2003-06-08 14:43:25 62851 --a------ C:\WINDOWS\system32\rpcc.exe
2003-06-08 14:43:23 1536 -----n--- C:\tgmvmjba.exe
2003-06-08 13:19:02 208384 --a------ C:\WINDOWS\system32\confl.dll
2003-06-08 12:46:33 3584 --a------ C:\WINDOWS\system32\nso12k.sys
2003-06-08 00:39:12 0 d-------- C:\VundoFix Backups
2003-06-08 00:34:47 556 --a------ C:\WINDOWS\system32\tmp.reg
2003-06-08 00:34:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2003-06-08 00:34:17 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2003-06-08 00:34:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2003-06-07 23:22:00 2 --a------ C:\-1594697112
2003-06-07 22:22:48 153728 --a------ C:\WINDOWS\system32\windev-1b89-5eeb.sys
2003-06-07 22:22:30 12800 --a------ C:\WINDOWS\system32\wmvds32.dll <Not Verified; Microsoft; Microsoft Internet Transfer>
2003-06-07 22:16:59 154624 --a------ C:\WINDOWS\system32\Racq33.sys
2003-06-07 21:50:39 7680 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2003-06-07 21:27:03 109 --ahs---- C:\WINDOWS\system32\2700270184.dat
2003-06-07 21:26:03 154624 --a------ C:\WINDOWS\system32\Bpbw69.sys
2003-06-07 20:38:35 0 --a------ C:\WINDOWS\system32\hidrwupd.dll
2003-06-07 20:29:31 126976 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2003-06-07 20:29:16 0 d-------- C:\Program Files\QuickTime
2003-06-07 20:28:44 12 --a------ C:\WINDOWS\system32\rasqervy.dll
2003-06-07 20:28:42 7 --a------ C:\WINDOWS\system32\sdfinacs.dll
2003-06-07 17:38:10 5 --a------ C:\WINDOWS\system32\fontqxet.dll
2003-06-07 17:33:11 142 --a------ C:\WINDOWS\system32\wuasirvy.dll
2003-06-07 14:54:58 4 --a------ C:\WINDOWS\system32\stfv.bin
2003-06-07 14:46:25 12 --a------ C:\WINDOWS\system32\sl.bin
2003-06-07 14:45:58 11008 --a------ C:\WINDOWS\vxddsk.exe
2003-06-07 14:45:58 27392 --a------ C:\WINDOWS\system32\vxddsk.exe
2003-06-07 14:45:57 31744 --a------ C:\WINDOWS\system32\wml.exe
2003-06-07 14:45:55 22784 --a------ C:\WINDOWS\wml.exe
2003-06-07 14:45:54 28160 --a------ C:\WINDOWS\satmat.exe
2003-06-07 14:45:53 9728 --a------ C:\WINDOWS\Biprep.exe
2003-06-07 14:45:53 14336 --a------ C:\WINDOWS\bi.dll
2003-06-07 14:45:53 21504 --a------ C:\WINDOWS\7search.dll
2003-06-07 14:45:52 16128 --a------ C:\WINDOWS\flt.dll
2003-06-07 14:45:52 30976 --a------ C:\WINDOWS\764.exe
2003-06-07 14:45:51 15104 --a------ C:\WINDOWS\pbar.dll
2003-06-07 14:45:50 27904 --a------ C:\WINDOWS\stcloader.exe
2003-06-07 14:45:49 26880 --a------ C:\WINDOWS\voiceip.dll
2003-06-07 14:45:48 28928 --a------ C:\WINDOWS\swin32.dll
2003-06-07 14:45:47 30720 --a------ C:\WINDOWS\cdsm32.dll
2003-06-07 14:45:46 25600 --a------ C:\WINDOWS\bokja.exe
2003-06-07 14:45:45 29952 --a------ C:\WINDOWS\mssvr.exe
2003-06-07 14:45:43 18432 --a------ C:\WINDOWS\mspphe.dll
2003-06-07 14:45:43 9472 --a------ C:\WINDOWS\bjam.dll
2003-06-07 14:45:43 8448 --a------ C:\WINDOWS\2020search2.dll
2003-06-07 14:45:42 11264 --a------ C:\WINDOWS\system32\MSIXU.DLL
2003-06-07 14:45:42 14592 --a------ C:\WINDOWS\2020search.dll
2003-06-07 14:45:41 32512 --a------ C:\WINDOWS\system32\WER8274.DLL
2003-06-07 14:45:40 15360 --a------ C:\WINDOWS\180ax.exe
2003-06-07 14:45:39 26368 --a------ C:\WINDOWS\updatetc.exe
2003-06-07 14:45:39 15360 --a------ C:\WINDOWS\salm.exe
2003-06-07 14:45:36 32256 --a------ C:\WINDOWS\saiemod.dll
2003-06-07 14:45:24 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2003-06-07 14:44:51 153095 --a------ C:\WINDOWS\system32\msorcl32.exe <Not Verified; Microsoft; IDLE component>
2003-06-07 14:02:56 29696 --a------ C:\WINDOWS\system32\protector.exe
2003-06-06 15:34:50 0 d-------- C:\Program Files\SLD Codec Pack
2003-06-06 15:20:31 62350 --a------ C:\WINDOWS\system32\xpdx.sys
2003-06-06 15:18:03 0 d-------- C:\Program Files\AC3Filter
2003-06-05 22:43:04 0 d--hs---- C:\WINDOWS\Installer
2003-06-05 22:43:03 0 d-------- C:\Program Files\Common Files\ODBC
2003-06-05 22:43:00 0 dr------- C:\Program Files
2003-06-05 22:43:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2003-06-05 22:42:45 26112 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 22:42:44 80896 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 22:42:22 0 d-------- C:\WINDOWS\system32\CatRoot2
2003-06-05 22:42:22 0 d-------- C:\WINDOWS\system32\CatRoot
2003-06-05 22:41:54 0 d-------- C:\Documents and Settings
2003-06-05 22:41:53 0 d--hs---- C:\System Volume Information
2003-06-05 22:35:11 0 d-------- C:\WINDOWS
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\WinSxS
2003-06-05 22:35:11 0 dr------- C:\WINDOWS\Web
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\twain_32
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\wins
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\wbem
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\usmt
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\spool
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\ShellExt
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\Setup
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\ras
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\oobe
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\npp
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\mui
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\inetsrv
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\IME
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\icsxml
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\ias
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\export
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\drivers
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\drivers\etc
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\drivers\disdn
2003-06-05 22:35:11 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\dhcp
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\config
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\3com_dmi
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\3076
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\2052
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1054
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1045
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1042
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1041
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1037
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1033
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1031
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1028
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system32\1025
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\system
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\security
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Resources
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\repair
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Provisioning
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\PeerNet
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\pchealth
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\mui
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\msapps
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\msagent
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Media
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\java
2003-06-05 22:35:11 0 d--h----- C:\WINDOWS\inf
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\ime
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Help
2003-06-05 22:35:11 0 dr--s---- C:\WINDOWS\Fonts
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Driver Cache
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Debug
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Cursors
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Connection Wizard
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\Config
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\AppPatch
2003-06-05 22:35:11 0 d-------- C:\WINDOWS\addins
2003-06-05 20:59:19 0 --a------ C:\WINDOWS\nsreg.dat
2003-06-05 20:58:24 61440 --a------ C:\WINDOWS\system32\ChCfg.exe
2003-06-05 20:58:11 10542592 --a------ C:\WINDOWS\system32\RTLCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2003-06-05 20:58:11 589824 --a------ C:\WINDOWS\soundman.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2003-06-05 20:58:11 0 d-------- C:\Program Files\Realtek AC97
2003-06-05 20:58:10 327680 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2003-06-05 20:58:10 229376 --a------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2003-06-05 20:57:30 610304 --a------ C:\WINDOWS\RaUI.exe <Not Verified; Ralink Technology, Corp.; Ralink Wireless Utility>
2003-06-05 20:57:30 1417307 --a------ C:\WINDOWS\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2003-06-05 20:57:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2003-06-05 20:57:20 81920 --a------ C:\WINDOWS\system32\Install6x.dll
2003-06-05 20:57:20 8192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2003-06-05 20:57:20 8192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2003-06-05 20:57:20 8192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2003-06-05 20:57:20 242048 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>
2003-06-05 20:57:20 323584 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2003-06-05 20:57:20 162 --a------ C:\WINDOWS\filespec6x
2003-06-05 20:57:10 0 d-------- C:\Program Files\RALINK
2003-06-05 20:57:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2003-06-05 20:57:04 0 d-------- C:\Program Files\Common Files\InstallShield
2003-06-05 20:55:19 0 d-------- C:\WINDOWS\SoftwareDistribution
2003-06-05 20:55:18 0 d-------- C:\WINDOWS\Prefetch
2003-06-05 20:55:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2003-06-05 20:52:25 0 d-------- C:\WINDOWS\system32\xircom
2003-06-05 20:52:24 0 d-------- C:\Program Files\microsoft frontpage
2003-06-05 20:52:18 0 d--h----- C:\WINDOWS\$hf_mig$
2003-06-05 20:52:02 0 -rahs---- C:\MSDOS.SYS
2003-06-05 20:52:02 0 -rahs---- C:\IO.SYS
2003-06-05 20:52:02 0 --a------ C:\CONFIG.SYS
2003-06-05 20:52:02 0 --a------ C:\AUTOEXEC.BAT
2003-06-05 20:50:53 0 dr------- C:\WINDOWS\Offline Web Pages
2003-06-05 20:50:53 0 d---s---- C:\WINDOWS\Downloaded Program Files
2003-06-05 20:50:42 0 d--h----- C:\Program Files\WindowsUpdate
2003-06-05 20:50:38 0 d-------- C:\Program Files\Usługi online
2003-06-05 20:50:23 0 d-------- C:\WINDOWS\system32\DirectX
2003-06-05 20:49:52 0 d---s---- C:\WINDOWS\Tasks
2003-06-05 20:49:51 0 d-------- C:\Program Files\Common Files\MSSoap
2003-06-05 20:49:48 0 d-------- C:\WINDOWS\srchasst
2003-06-05 20:49:47 0 d-------- C:\WINDOWS\system32\Macromed
2003-06-05 20:49:44 179712 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:49:44 122880 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:49:41 0 d-------- C:\Program Files\Movie Maker
2003-06-05 20:49:34 0 d-------- C:\WINDOWS\system32\Restore
2003-06-05 20:49:34 33280 --a------ C:\WINDOWS\system32\fltMc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-06-05 20:49:33 102400 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2003-06-05 20:49:27 23040 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:49:15 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2003-06-05 20:48:59 0 d-------- C:\WINDOWS\Registration
2003-06-05 20:48:24 0 d-------- C:\Program Files\Messenger
2003-06-05 20:48:21 16384 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-06-05 20:48:21 0 d-------- C:\Program Files\MSN Gaming Zone
2003-06-05 20:48:12 179200 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:05 378368 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:05 154624 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 159744 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 28672 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 27136 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 96768 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 20480 --a------ C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 167936 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:04 66560 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 26112 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 26112 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 26112 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 27136 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 44544 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-06-05 20:48:03 90624 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 28160 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 33280 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:03 26624 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:48:02 15872 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2003-06-05 20:47:56 172032 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:47:56 135680 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:47:56 227328 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:47:55 549888 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:47:55 355840 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2003-06-05 20:47:55 114176 --a------ C:\WINDOWS\system32\clipbrd

[wojtas]

jaki widzisz log sie nie zmiescil wiec wrzuc caly na jakis serwer np rapidshare.com

[Tomaszow]

http://rapidshare.com/files/36330314/main.txt

[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

oraz te skanery po kilka razy

VundoFix
http://www.atribune.org/ccount/click.php?id=4

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

FixVundo
http://securityresponse.symantec.com/avcenter/FixVundo.exe

potem nowe logi

[Tomaszow]

Ooo już sto razy lepiej chodzi. Dzięki wielkie mistrzu.

[wojtas]

Tomaszow

daj nowe logi