pełno wirusów po formacie proszę o sprawdzenie loga

**Posty:** 127 · przez **bluejack** 16 Mar 2007, 20:32

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 19:14:28, on 2007-03-16 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\WINDOWS\system\system.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\WINDOWS\System32\mswLp.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Gadu-Gadu\gg.exe D:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - D:\Program Files\VSAdd-in\VSAdd-in.dll O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [pcroc] mswLp.exe O4 - HKLM\..\Run: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe O4 - HKLM\..\Run: [msvccc66] svcchosst.exe O4 - HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\System32\spooIsv.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\System32\zrsrhjs.exe O4 - HKLM\..\Run: [Windows modez Verifier] tfn0ne.exe O4 - HKLM\..\Run: [Client Server Runtime Process] D:\WINDOWS\System32\csrs.exe O4 - HKLM\..\Run: [Application Layer Gateway Service] D:\WINDOWS\System32\algs.exe O4 - HKLM\..\RunServices: [pcroc] mswLp.exe O4 - HKLM\..\RunServices: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe O4 - HKLM\..\RunServices: [Windows modez Verifier] tfn0ne.exe O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Reboot.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - D:\WINDOWS\system\system.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

wyszukuje mi od groma wirusów i pozatym pokazuje się że za 60 sek wyłączy sie komp...

aha i nie dalo rady przeskanowac kompa przed wstawieniem loga na www.ewido.com

help!

**Posty:** 18165 · przez **wojtas** 16 Mar 2007, 20:44

Gdzie antywirus i firewall??

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

sc stop SYSTEMSVC
sc delete SYSTEMSVC

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\system\system.exe
D:\WINDOWS\System32\mswLp.exe
D:\WINDOWS\System32\MSKSVRVS.EXE
D:\WINDOWS\System32\tfn0ne.exe
D:\WINDOWS\System32\mmp.exe
D:\WINDOWS\System32\mmp.exe
D:\WINDOWS\System32\spooIsv.exe
D:\WINDOWS\System32\zrsrhjs.exe
D:\WINDOWS\System32\csrs.exe
D:\WINDOWS\System32\algs.exe
D:\WINDOWS\System32\svcchosst.exe
D:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\Reboot.exe

Folders to delete:

D:\Program Files\VSAdd-in

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - D:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pcroc] mswLp.exe
O4 - HKLM\..\Run: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE
O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\System32\zrsrhjs.exe
O4 - HKLM\..\Run: [Windows modez Verifier] tfn0ne.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] D:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] D:\WINDOWS\System32\algs.exe
O4 - HKLM\..\RunServices: [pcroc] mswLp.exe
O4 - HKLM\..\RunServices: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] tfn0ne.exe
O4 - Startup: Reboot.exe
O4 - Startup: PowerReg Scheduler.exe
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - D:\WINDOWS\system\system.exe

znajdz ten pogrubiony i wywal go do kosza:

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners.

**Posty:** 127 · przez **bluejack** 16 Mar 2007, 21:24

raport: C:\avenger.txt

Kod: Zaznacz wszystko: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\wsasvitk ******************* Script file located at: \??\D:\bhipbaho.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:\Avenger ******************* Beginning to process script file: File D:\WINDOWS\system\system.exe deleted successfully. File D:\WINDOWS\System32\mswLp.exe deleted successfully. File D:\WINDOWS\System32\MSKSVRVS.EXE not found! Deletion of file D:\WINDOWS\System32\MSKSVRVS.EXE failed! Could not process line: D:\WINDOWS\System32\MSKSVRVS.EXE Status: 0xc0000034 File D:\WINDOWS\System32\tfn0ne.exe not found! Deletion of file D:\WINDOWS\System32\tfn0ne.exe failed! Could not process line: D:\WINDOWS\System32\tfn0ne.exe Status: 0xc0000034 File D:\WINDOWS\System32\mmp.exe not found! Deletion of file D:\WINDOWS\System32\mmp.exe failed! Could not process line: D:\WINDOWS\System32\mmp.exe Status: 0xc0000034 File D:\WINDOWS\System32\mmp.exe not found! Deletion of file D:\WINDOWS\System32\mmp.exe failed! Could not process line: D:\WINDOWS\System32\mmp.exe Status: 0xc0000034 File D:\WINDOWS\System32\spooIsv.exe not found! Deletion of file D:\WINDOWS\System32\spooIsv.exe failed! Could not process line: D:\WINDOWS\System32\spooIsv.exe Status: 0xc0000034 File D:\WINDOWS\System32\zrsrhjs.exe not found! Deletion of file D:\WINDOWS\System32\zrsrhjs.exe failed! Could not process line: D:\WINDOWS\System32\zrsrhjs.exe Status: 0xc0000034 File D:\WINDOWS\System32\csrs.exe not found! Deletion of file D:\WINDOWS\System32\csrs.exe failed! Could not process line: D:\WINDOWS\System32\csrs.exe Status: 0xc0000034 File D:\WINDOWS\System32\algs.exe not found! Deletion of file D:\WINDOWS\System32\algs.exe failed! Could not process line: D:\WINDOWS\System32\algs.exe Status: 0xc0000034 File D:\WINDOWS\System32\svcchosst.exe not found! Deletion of file D:\WINDOWS\System32\svcchosst.exe failed! Could not process line: D:\WINDOWS\System32\svcchosst.exe Status: 0xc0000034 File D:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\Reboot.exe deleted successfully. Folder D:\Program Files\VSAdd-in deleted successfully. Completed script processing. ******************* Finished! Terminate.

log z HijackThis

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 20:10:19, on 2007-03-16 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Spyware Doctor\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Creative\ShareDLL\MediaDet.Exe D:\WINDOWS\System32\devldr32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\Katalog tymczasowy 7 dla hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [pcroc] mswLp.exe O4 - HKLM\..\Run: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

log z Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."] "Spyware Doctor" = ""D:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."] "Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."] "UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."] "AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"] "AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."] "pcroc" = "mswLp.exe" [file not found] "Windows Portable Device Drivers" = "D:\WINDOWS\System32\MSKSVRVS.EXE" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {46A4E9D9-B30E-452A-8157-DBBEC8573B03}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\VSAdd-in\VSAdd-in.dll" [file not found] {4B50DEB2-891B-4CEE-A06C-144207F4015E}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] {921628CF-B8F1-413D-BBA5-7925E4CF56FF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\jkkli.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{4B50DEB2-891B-4CEE-A06C-144207F4015E}" = "*d" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> jkkli\DLLName = "D:\WINDOWS\System32\jkkli.dll" [null data] <<!>> ssqqron\DLLName = "ssqqron.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Startup items in "Jacek" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{74DD705D-6834-439C-A735-A6DBE2677452}" -> {HKLM...CLSID} = "&VSAdd-in" \InProcServer32\(Default) = "D:\Program Files\VSAdd-in\VSAdd-in.dll" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ PC Tools Spyware Doctor, SDhelper, "D:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 23 seconds. ---------- (total run time: 123 seconds)

**Posty:** 18165 · przez **wojtas** 16 Mar 2007, 21:35

skasuj:

O4 - HKLM\..\Run: [pcroc] mswLp.exe
O4 - HKLM\..\Run: [Windows Portable Device Drivers] D:\WINDOWS\System32\MSKSVRVS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

najpierw wpisy potem pogrubione

uzyj:

Vunfofix
http://www.atribune.org/ccount/click.php?id=4

Trojan.Vundo Removal Tool
http://securityresponse.symantec.com/avcenter/FixVundo.exe

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

potem nowy log z HJ , silenta oraz comboscana:
http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 127 · przez **bluejack** 16 Mar 2007, 22:16

Comboscan

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Jacek on 2007-03-16 at 20:58:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 5 Restore Point(s) -- 6: 2007-03-16 19:58:57 UTC - RP6 - ComboScan Restore Point 5: 2007-03-16 16:03:44 UTC - RP5 - Punkt kontrolny systemu 4: 2007-03-10 14:21:58 UTC - RP4 - Zainstalowane ADI USB ADSL Adapter 3: 2007-03-10 14:21:20 UTC - RP3 - Audience 2: 2007-03-10 14:20:55 UTC - RP2 - Neostrada TP -- First Restore Point -- 1: 2007-03-10 13:59:33 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. -- HijackThis (run as Jacek.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:00:13, on 2007-03-16 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\logonui.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Spyware Doctor\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Creative\ShareDLL\MediaDet.Exe D:\WINDOWS\System32\devldr32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Jacek\Pulpit\comboscan.exe D:\DOCUME~1\Jacek\Pulpit\HIJACK~1\Jacek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing) O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\uktnvstk.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing) -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "D:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2S ADILOADER (General Purpose USB Driver (adildr.sys)) - D:\WINDOWS\system32\drivers\adildr.sys 3R adiusbaw (USB ADSL WAN Adapter) - D:\WINDOWS\system32\drivers\adiusbaw.sys 3R ctljystk (Port gier dla karty Creative SB Live!) - D:\WINDOWS\system32\drivers\ctljystk.sys 3R emu10k (Creative SB Live! series(WDM)) - D:\WINDOWS\system32\drivers\emu10k1f.sys 3R emu10k1 (Creative Interface Manager Driver (WDM)) - D:\WINDOWS\system32\drivers\ctlface.sys 3R hidusb (Sterownik Microsoft klasy HID) - D:\WINDOWS\system32\drivers\hidusb.sys 1S ikhfile (File Security Kernel Anti-Spyware Driver) - D:\WINDOWS\System32\drivers\ikhfile.sys (not found) 1S ikhlayer (Kernel Anti-Spyware Driver) - D:\WINDOWS\System32\drivers\ikhlayer.sys (not found) 3R mouhid (Sterownik myszy HID) - D:\WINDOWS\system32\drivers\mouhid.sys 3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - D:\WINDOWS\system32\drivers\msmpu401.sys 3R nv4 - D:\WINDOWS\system32\drivers\nv4.sys 2R PfModNT - D:\WINDOWS\system32\PfModNT.sys 0R PxHelp20 - D:\WINDOWS\system32\drivers\PxHelp20.sys 3R sfman (Creative SoundFont Manager Driver (WDM)) - D:\WINDOWS\system32\drivers\sfman.sys 0R sisagp (SiS AGP Filter) - D:\WINDOWS\system32\drivers\SISAGP.SYS 3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - D:\WINDOWS\system32\drivers\usbohci.sys 3S USBSTOR (Sterownik magazynu masowego USB) - D:\WINDOWS\system32\drivers\USBSTOR.SYS 4S WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - D:\WINDOWS\system32\drivers\ws2ifsl.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2S Creative Service for CDROM Access - D:\WINDOWS\System32\CTsvcCDA.EXE 3S SCardDrv (Pomocnik karty inteligentnej) - D:\WINDOWS\System32\SCardSvr.exe 2R SDhelper (PC Tools Spyware Doctor) - D:\Program Files\Spyware Doctor\sdhelp.exe 2R uploadmgr (Menedżer przekazywania) - D:\WINDOWS\System32\svchost.exe -k netsvcs 2S WMDM PMSP Service - D:\WINDOWS\System32\MsPMSPSv.exe 2R WmdmPmSp (Numer seryjny nośnika przenośnego) - D:\WINDOWS\System32\svchost.exe -k netsvcs -- Files created between 2007-02-16 and 2007-03-16 ----------------------------- 2007-03-16 20:55:44 123412 --a------ D:\WINDOWS\System32\hmiflxgr.dll 2007-03-16 20:55:34 48660 --a------ D:\WINDOWS\System32\cptcrspr.dll 2007-03-16 20:55:29 455719 ---hs---- D:\WINDOWS\System32\yybeg.bak1<YYBEG~2.BAK> 2007-03-16 20:55:29 132116 --a------ D:\WINDOWS\System32\uktnvstk.dll 2007-03-16 20:55:18 282212 ---hs---- D:\WINDOWS\System32\ddccc.dll 2007-03-16 20:43:30 0 d-------- D:\VundoFix Backups<VUNDOF~1> 2007-03-16 20:40:20 0 d-------- D:\winamp 2007-03-16 20:32:00 115880 -----n--- D:\WINDOWS\System32\pxinsi64.exe 2007-03-16 20:32:00 129784 -----n--- D:\WINDOWS\System32\pxafs.dll 2007-03-16 20:32:00 36528 -----n--- D:\WINDOWS\System32\drivers\PxHelp20.sys 2007-03-16 20:32:00 2560 -----n--- D:\WINDOWS\System32\drivers\cdralw2k.sys 2007-03-16 20:32:00 2432 -----n--- D:\WINDOWS\System32\drivers\cdr4_xp.sys 2007-03-16 20:31:53 0 d-------- D:\Program Files\Winamp 2007-03-16 19:53:21 0 d-------- D:\avenger 2007-03-16 19:03:30 0 d--hs---- D:\FOUND.006 2007-03-16 18:40:02 55296 --ah----- D:\WINDOWS\System32\ndltq.exe 2007-03-16 18:39:59 55808 --ah----- D:\WINDOWS\System32\vkwmtc.exe 2007-03-16 18:39:54 55808 --ah----- D:\WINDOWS\System32\slqxnckz.exe 2007-03-16 18:39:42 55808 --ah----- D:\WINDOWS\System32\xticwrdn.exe 2007-03-16 18:39:31 55808 --ah----- D:\WINDOWS\System32\wanbbmu.exe 2007-03-16 18:39:25 55808 --ah----- D:\WINDOWS\System32\hllueb.exe 2007-03-16 18:39:18 55808 --ah----- D:\WINDOWS\System32\twxrkuw.exe 2007-03-16 18:38:14 55808 --ah----- D:\WINDOWS\System32\xuwv.exe 2007-03-16 18:37:17 55808 --ah----- D:\WINDOWS\System32\zxzjmk.exe 2007-03-16 18:37:13 55808 --ah----- D:\WINDOWS\System32\qacx.exe 2007-03-16 18:37:08 55808 --ah----- D:\WINDOWS\System32\rbluon.exe 2007-03-16 18:36:38 0 d-------- D:\Program Files\Gadu-Gadu<GADU-G~1> 2007-03-16 18:36:11 55808 --ah----- D:\WINDOWS\System32\najtbdf.exe 2007-03-16 18:36:03 55808 --ah----- D:\WINDOWS\System32\ndotyw.exe 2007-03-16 18:34:38 59389 --a------ D:\WINDOWS\System32\ax.exe 2007-03-16 18:33:07 101888 --a------ D:\WINDOWS\System32\wmupdat50561.exe<WMUPDA~2.EXE> 2007-03-16 18:31:32 55808 --ah----- D:\WINDOWS\System32\aetrwf.exe 2007-03-16 18:25:46 26685 -----n--- D:\WINDOWS\System32\ssqqron.dll 2007-03-16 18:22:32 101888 --a------ D:\WINDOWS\System32\wmupdat47233.exe<WMUPDA~1.EXE> 2007-03-16 18:17:18 0 d-------- D:\Program Files\Spyware Doctor<SPYWAR~1> 2007-03-16 18:13:50 348160 --a------ D:\WINDOWS\System32\msvcr71.dll 2007-03-16 18:13:50 499712 --a------ D:\WINDOWS\System32\msvcp71.dll 2007-03-16 18:10:44 0 --a------ D:\WINDOWS\nsreg.dat 2007-03-16 18:10:04 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-16 17:53:09 24064 --a------ D:\WINDOWS\System32\devldr32.exe 2007-03-16 17:38:02 0 d-------- D:\Program Files\Netia 2007-03-16 14:29:50 0 d--hs---- D:\FOUND.005 2007-03-15 16:57:29 208896 --a------ D:\WINDOWS\System32\nvudisp.exe 2007-03-15 16:55:23 42752 --a------ D:\WINDOWS\System32\drivers\stream.sys 2007-03-15 16:55:23 36480 --a------ D:\WINDOWS\System32\drivers\sfmanm.sys 2007-03-15 16:55:22 51200 --a------ D:\WINDOWS\System32\sfman32.dll 2007-03-15 16:55:22 495616 --a------ D:\WINDOWS\System32\sblfx.dll 2007-03-15 16:55:22 4096 --a------ D:\WINDOWS\System32\ksuser.dll 2007-03-15 16:55:22 135040 --a------ D:\WINDOWS\System32\drivers\portcls.sys 2007-03-15 16:55:22 134144 --a------ D:\WINDOWS\System32\drivers\ks.sys 2007-03-15 16:55:21 283904 --a------ D:\WINDOWS\System32\drivers\emu10k1m.sys 2007-03-15 16:55:21 57344 --a------ D:\WINDOWS\System32\drivers\drmk.sys 2007-03-15 16:55:19 256512 --a------ D:\WINDOWS\System32\devcon32.dll 2007-03-15 16:55:17 4096 --a------ D:\WINDOWS\System32\ctwdm32.dll 2007-03-15 16:55:16 6912 --a------ D:\WINDOWS\System32\drivers\ctlfacem.sys 2007-03-14 17:11:48 0 d--hs---- D:\FOUND.004 2007-03-12 13:33:04 0 d--hs---- D:\FOUND.003 2007-03-12 12:04:54 0 d--hs---- D:\FOUND.002 2007-03-11 15:34:58 0 d--hs---- D:\FOUND.001 2007-03-10 17:53:51 0 d-------- D:\Program Files\Real Alternative<REALAL~1> 2007-03-10 17:53:51 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1> 2007-03-10 17:41:35 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1> 2007-03-10 17:40:31 208896 --a------ D:\WINDOWS\System32\NVUNINST.EXE 2007-03-10 15:54:43 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1> 2007-03-10 15:22:50 32768 --a------ D:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL> 2007-03-10 15:22:02 127497 --a------ D:\WINDOWS\System32\drivers\adiusbaw.sys 2007-03-10 15:22:02 155648 --a------ D:\WINDOWS\System32\adadix32.dll 2007-03-10 15:22:01 127456 --a------ D:\WINDOWS\System32\ipdetect.exe 2007-03-10 15:22:00 126976 --a------ D:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL> 2007-03-10 15:21:59 135168 --a------ D:\WINDOWS\System32\unaddrv.exe 2007-03-10 15:21:59 46167 --a------ D:\WINDOWS\System32\drivers\adildr.sys 2007-03-10 15:21:59 4981 --a------ D:\WINDOWS\System32\adadix2k.dll 2007-03-10 15:21:59 46892 --a------ D:\WINDOWS\System32\adadix16.dll 2007-03-10 15:21:58 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-10 15:21:56 0 d-------- D:\Program Files\SAGEM 2007-03-10 15:20:56 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1> 2007-03-10 15:17:23 0 d--hs---- D:\Recycled 2007-03-10 15:14:17 41984 --a------ D:\WINDOWS\CTREGRUN.EXE 2007-03-10 15:12:36 90112 --a------ D:\WINDOWS\Updreg.exe 2007-03-10 15:12:31 36992 --a------ D:\WINDOWS\System32\drivers\sfman.sys 2007-03-10 15:12:30 775296 --a------ D:\WINDOWS\System32\drivers\emu10k1f.sys 2007-03-10 15:12:30 6912 --a------ D:\WINDOWS\System32\drivers\ctlface.sys 2007-03-10 15:12:30 59392 --a------ D:\WINDOWS\System32\a3d.dll 2007-03-10 15:10:00 1048576 -----n--- D:\WINDOWS\System32\sfman.dat 2007-03-10 15:10:00 84992 -----n--- D:\WINDOWS\System32\sfcvrt32.dll 2007-03-10 15:10:00 108032 -----n--- D:\WINDOWS\System32\mfcuia32.dll 2007-03-10 15:10:00 149504 -----n--- D:\WINDOWS\System32\mfcans32.dll 2007-03-10 15:10:00 82432 -----n--- D:\WINDOWS\System32\Ctwflt32.dll 2007-03-10 15:10:00 26768 -----n--- D:\WINDOWS\System32\ctl3d.dll 2007-03-10 15:10:00 34816 -----n--- D:\WINDOWS\CTRes32.dll 2007-03-10 15:10:00 24976 -----n--- D:\WINDOWS\ctres.dll 2007-03-10 15:10:00 53552 -----n--- D:\WINDOWS\ctccw.dll 2007-03-10 15:08:28 3584 --a------ D:\WINDOWS\System32\Ahqcpres.dll 2007-03-10 15:08:04 25088 --a------ D:\WINDOWS\System32\CTSVCCTL.EXE 2007-03-10 15:08:04 0 d-------- D:\Media 2007-03-10 15:07:40 307200 -----n--- D:\WINDOWS\System32\CtMp3Lib.dll 2007-03-10 15:07:40 110592 -----n--- D:\WINDOWS\System32\ctmp3io2.dll 2007-03-10 15:07:39 54784 -----n--- D:\WINDOWS\System32\Inetwh32.dll 2007-03-10 15:07:39 24576 -----n--- D:\WINDOWS\System32\CTMERes.DLL 2007-03-10 15:07:39 393216 -----n--- D:\WINDOWS\System32\CTMedEng.dll 2007-03-10 15:07:39 28672 -----n--- D:\WINDOWS\System32\CTIntRes.dll 2007-03-10 15:07:39 155648 -----n--- D:\WINDOWS\System32\CTDrmUI.dll 2007-03-10 15:07:39 73728 -----n--- D:\WINDOWS\System32\CTDrmRes.dll 2007-03-10 15:07:39 57856 -----n--- D:\WINDOWS\System32\CTDETRES.DLL 2007-03-10 15:07:04 6752 -----n--- D:\WINDOWS\System32\PfModNT.sys 2007-03-10 15:07:04 0 d-------- D:\Program Files\Creative 2007-03-10 15:02:33 0 d-------- D:\WINDOWS\SiS 2007-03-10 15:02:32 0 d-------- D:\WINDOWS\System32\ReinstallBackups<REINST~1> 2007-03-10 15:02:32 27392 -ra------ D:\WINDOWS\System32\drivers\SISAGP.SYS 2007-03-10 15:02:19 306688 --a------ D:\WINDOWS\IsUninst.exe 2007-03-10 15:02:14 304640 --a------ D:\WINDOWS\IsUn0415.exe 2007-03-10 15:02:13 3583 -ra------ D:\WINDOWS\SiSport.sys 2007-03-10 15:02:13 32768 -ra------ D:\WINDOWS\SIS_LIB.DLL 2007-03-10 15:02:12 102400 -ra------ D:\WINDOWS\SiSUSBrg.exe 2007-03-10 15:01:44 0 d-------- D:\WINDOWS\System32\Tools 2007-03-10 15:01:38 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-10 14:59:23 0 d--hs---- D:\WINDOWS\Installer<INSTAL~1> 2007-03-10 14:58:26 0 d--hs---- D:\System Volume Information<SYSTEM~1> 2007-03-10 14:58:25 0 d-------- D:\WINDOWS\Prefetch 2007-03-10 14:51:35 0 d-------- D:\WINDOWS\System32\xircom 2007-03-10 14:51:35 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1> 2007-03-10 14:50:57 112128 --a------ D:\WINDOWS\System32\mapi32.dll 2007-03-10 14:50:02 0 dr------- D:\WINDOWS\Offline Web Pages<OFFLIN~1> 2007-03-10 14:50:01 0 d---s---- D:\WINDOWS\Downloaded Program Files<DOWNLO~1> 2007-03-10 14:49:38 0 d-------- D:\WINDOWS\srchasst 2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\Macromed 2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\DirectX 2007-03-10 14:49:21 17408 --a------ D:\WINDOWS\System32\qmgrprxy.dll 2007-03-10 14:49:21 179200 --a------ D:\WINDOWS\System32\qmgr.dll 2007-03-10 14:49:20 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1> 2007-03-10 14:49:06 40960 --a------ D:\WINDOWS\System32\safrslv.dll 2007-03-10 14:49:06 26624 --a------ D:\WINDOWS\System32\safrdm.dll 2007-03-10 14:49:05 39424 --a------ D:\WINDOWS\System32\safrcdlg.dll 2007-03-10 14:49:05 33792 --a------ D:\WINDOWS\System32\racpldlg.dll 2007-03-10 14:49:05 11264 --a------ D:\WINDOWS\System32\atrace.dll 2007-03-10 14:48:56 155648 --a------ D:\WINDOWS\System32\srsvc.dll 2007-03-10 14:48:56 219136 --a------ D:\WINDOWS\System32\srrstr.dll 2007-03-10 14:48:56 61952 --a------ D:\WINDOWS\System32\srclient.dll 2007-03-10 14:48:56 0 d-------- D:\WINDOWS\System32\Restore 2007-03-10 14:48:56 70400 --a------ D:\WINDOWS\System32\drivers\sr.sys 2007-03-10 14:48:55 24576 --a------ D:\WINDOWS\System32\nmmkcert.dll 2007-03-10 14:48:55 12288 --a------ D:\WINDOWS\System32\nmevtmsg.dll 2007-03-10 14:48:55 32768 --a------ D:\WINDOWS\System32\mnmsrvc.exe 2007-03-10 14:48:55 32384 --a------ D:\WINDOWS\System32\mnmdd.dll 2007-03-10 14:48:55 28672 --a------ D:\WINDOWS\System32\isrdbg32.dll 2007-03-10 14:48:55 73728 --a------ D:\WINDOWS\System32\ils.dll 2007-03-10 14:48:54 65536 --a------ D:\WINDOWS\System32\msconf.dll 2007-03-10 14:48:52 90624 --a------ D:\WINDOWS\System32\msoert2.dll 2007-03-10 14:48:52 67584 --a------ D:\WINDOWS\System32\acctres.dll 2007-03-10 14:48:52 0 d-------- D:\WINDOWS\PCHEALTH 2007-03-10 14:48:51 228864 --a------ D:\WINDOWS\System32\msoeacct.dll 2007-03-10 14:48:50 49152 --a------ D:\WINDOWS\System32\inetres.dll 2007-03-10 14:48:50 593920 --a------ D:\WINDOWS\System32\inetcomm.dll 2007-03-10 14:48:46 0 d---s---- D:\WINDOWS\Tasks 2007-03-10 14:48:46 159744 --a------ D:\WINDOWS\System32\schedsvc.dll 2007-03-10 14:48:46 9728 --a------ D:\WINDOWS\System32\mstinit.exe 2007-03-10 14:48:46 253440 --a------ D:\WINDOWS\System32\mstask.dll 2007-03-10 14:48:46 81920 --a------ D:\WINDOWS\System32\isign32.dll 2007-03-10 14:48:46 270336 --a------ D:\WINDOWS\System32\inetcfg.dll 2007-03-10 14:48:46 61440 --a------ D:\WINDOWS\System32\icwphbk.dll 2007-03-10 14:48:46 69632 --a------ D:\WINDOWS\System32\icwdial.dll 2007-03-10 14:48:46 16384 --a------ D:\WINDOWS\System32\icfgnt5.dll 2007-03-10 14:48:44 0 d-------- D:\Program Files\Common Files\MSSoap 2007-03-10 14:48:03 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT> 2007-03-10 14:47:47 0 d-------- D:\WINDOWS\Registration<REGIST~1> 2007-03-10 14:47:42 0 d--h----- D:\Program Files\WindowsUpdate<WINDOW~2> 2007-03-10 14:47:42 0 d-------- D:\Program Files\Usługi online<USŁUGI~1> 2007-03-10 14:47:36 0 d-------- D:\Program Files\Messenger<MESSEN~1> 2007-03-10 14:47:29 5632 --a------ D:\WINDOWS\System32\write.exe 2007-03-10 14:47:29 0 d-------- D:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-03-10 14:47:20 139264 --a------ D:\WINDOWS\System32\sndvol32.exe 2007-03-10 14:47:20 125440 --a------ D:\WINDOWS\System32\sndrec32.exe 2007-03-10 14:47:20 118272 --a------ D:\WINDOWS\System32\mplay32.exe 2007-03-10 14:47:20 494592 --a------ D:\WINDOWS\System32\hypertrm.dll 2007-03-10 14:47:20 44544 --a------ D:\WINDOWS\System32\hticons.dll 2007-03-10 14:47:20 73216 --a------ D:\WINDOWS\System32\avwav.dll 2007-03-10 14:47:20 231424 --a------ D:\WINDOWS\System32\avtapi.dll 2007-03-10 14:47:20 16384 --a------ D:\WINDOWS\System32\avmeter.dll 2007-03-10 14:47:20 183296 --a------ D:\WINDOWS\System32\accwiz.exe 2007-03-10 14:47:19 35328 --a------ D:\WINDOWS\System32\winchat.exe 2007-03-10 14:47:19 0 d-------- D:\Program Files\Windows NT<WINDOW~1> 2007-03-10 14:47:18 342016 --a------ D:\WINDOWS\System32\mspaint.exe 2007-03-10 14:47:14 605696 --a------ D:\WINDOWS\System32\getuname.dll 2007-03-10 14:47:14 99328 --a------ D:\WINDOWS\System32\clipbrd.exe 2007-03-10 14:47:13 534016 --a------ D:\WINDOWS\System32\spider.exe 2007-03-10 14:47:13 57344 --a------ D:\WINDOWS\System32\sol.exe 2007-03-10 14:47:13 80896 --a------ D:\WINDOWS\System32\charmap.exe 2007-03-10 14:47:13 115200 --a------ D:\WINDOWS\System32\calc.exe 2007-03-10 14:47:12 4096 --a------ D:\WINDOWS\System32\wuauserv.dll 2007-03-10 14:47:12 95744 --a------ D:\WINDOWS\System32\wuaueng.dll 2007-03-10 14:47:12 113664 --a------ D:\WINDOWS\System32\wuauclt.exe 2007-03-10 14:47:12 119808 --a------ D:\WINDOWS\System32\winmine.exe 2007-03-10 14:47:12 128000 --a------ D:\WINDOWS\System32\mshearts.exe 2007-03-10 14:47:12 55808 --a------ D:\WINDOWS\System32\freecell.exe 2007-03-10 14:47:12 20232 --a------ D:\WINDOWS\System32\drivers\tdtcp.sys 2007-03-10 14:47:12 11144 --a------ D:\WINDOWS\System32\drivers\tdpipe.sys 2007-03-10 14:47:12 107912 --a------ D:\WINDOWS\System32\drivers\rdpwd.sys 2007-03-10 14:47:11 1225 --a------ D:\WINDOWS\System32\usrlogon.cmd 2007-03-10 14:47:11 40448 --a------ D:\WINDOWS\System32\tscupgrd.exe 2007-03-10 14:47:11 89600 --a------ D:\WINDOWS\System32\tscfgwmi.dll 2007-03-10 14:47:11 131072 --a------ D:\WINDOWS\System32\sessmgr.exe 2007-03-10 14:47:11 9728 --a------ D:\WINDOWS\System32\reset.exe 2007-03-10 14:47:11 56832 --a------ D:\WINDOWS\System32\remotepg.dll 2007-03-10 14:47:11 61952 --a------ D:\WINDOWS\System32\rdshost.exe 2007-03-10 14:47:11 12288 --a------ D:\WINDOWS\System32\rdsaddin.exe 2007-03-10 14:47:11 134656 --a------ D:\WINDOWS\System32\rdchost.dll 2007-03-10 14:47:11 503296 --a------ D:\WINDOWS\System32\mstscax.dll 2007-03-10 14:47:11 387072 --a------ D:\WINDOWS\System32\mstsc.exe 2007-03-10 14:47:10 17920 --a------ D:\WINDOWS\System32\tsshutdn.exe 2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\tskill.exe 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tsdiscon.exe 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tscon.exe 2007-03-10 14:47:10 198656 --a------ D:\WINDOWS\System32\termsrv.dll 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\shadow.exe 2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\rwinsta.exe 2007-03-10 14:47:10 33792 --a------ D:\WINDOWS\System32\regini.exe 2007-03-10 14:47:10 73864 --a------ D:\WINDOWS\System32\rdpwsx.dll 2007-03-10 14:47:10 14848 --a------ D:\WINDOWS\System32\rdpsnd.dll 2007-03-10 14:47:10 41984 --a------ D:\WINDOWS\System32\rdpclip.exe 2007-03-10 14:47:10 4608 --a------ D:\WINDOWS\System32\rdpcfgex.dll 2007-03-10 14:47:10 22528 --a------ D:\WINDOWS\System32\qwinsta.exe 2007-03-10 14:47:10 19456 --a------ D:\WINDOWS\System32\qprocess.exe 2007-03-10 14:47:10 17408 --a------ D:\WINDOWS\System32\qappsrv.exe 2007-03-10 14:47:09 83968 --a------ D:\WINDOWS\System32\mtxoci.dll 2007-03-10 14:47:09 22528 --a------ D:\WINDOWS\System32\msg.exe 2007-03-10 14:47:09 151040 --a------ D:\WINDOWS\System32\msdtcuiu.dll 2007-03-10 14:47:09 869376 --a------ D:\WINDOWS\System32\msdtctm.dll 2007-03-10 14:47:09 360960 --a------ D:\WINDOWS\System32\msdtcprx.dll 2007-03-10 14:47:09 0 d-------- D:\WINDOWS\System32\MsDtc 2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\logoff.exe 2007-03-10 14:47:09 8704 --a------ D:\WINDOWS\System32\icaapi.dll 2007-03-10 14:47:09 32768 --a------ D:\WINDOWS\System32\cfgbkend.dll 2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\cdmodem.dll 2007-03-10 14:47:08 9728 --a------ D:\WINDOWS\System32\xolehlp.dll 2007-03-10 14:47:08 54784 --a------ D:\WINDOWS\System32\msdtclog.dll 2007-03-10 14:47:08 6144 --a------ D:\WINDOWS\System32\msdtc.exe 2007-03-10 14:47:07 54272 --a------ D:\WINDOWS\System32\stclient.dll 2007-03-10 14:47:07 25088 --a------ D:\WINDOWS\System32\mtxlegih.dll 2007-03-10 14:47:07 4096 --a------ D:\WINDOWS\System32\mtxex.dll 2007-03-10 14:47:07 20480 --a------ D:\WINDOWS\System32\mtxdm.dll 2007-03-10 14:47:07 5120 --a------ D:\WINDOWS\System32\dcomcnfg.exe 2007-03-10 14:47:07 82432 --a------ D:\WINDOWS\System32\comrepl.dll 2007-03-10 14:47:07 25600 --a------ D:\WINDOWS\System32\comaddin.dll 2007-03-10 14:47:07 0 d-------- D:\WINDOWS\System32\Com 2007-03-10 14:47:07 56832 --a------ D:\WINDOWS\System32\colbact.dll 2007-03-10 14:47:07 100864 --a------ D:\WINDOWS\System32\clbcatex.dll 2007-03-10 14:47:07 85504 --a------ D:\WINDOWS\System32\catsrvps.dll 2007-03-10 14:47:06 495616 --a------ D:\WINDOWS\System32\comuid.dll 2007-03-10 14:47:06 1139200 --a------ D:\WINDOWS\System32\comsvcs.dll 2007-03-10 14:47:06 147456 --a------ D:\WINDOWS\System32\comsnap.dll 2007-03-10 14:47:06 468480 --a------ D:\WINDOWS\System32\clbcatq.dll 2007-03-10 14:47:06 583168 --a------ D:\WINDOWS\System32\catsrvut.dll 2007-03-10 14:47:06 215040 --a------ D:\WINDOWS\System32\catsrv.dll 2007-03-10 14:46:57 53248 --a------ D:\WINDOWS\System32\servdeps.dll 2007-03-10 14:46:57 16896 --a------ D:\WINDOWS\System32\mmfutil.dll 2007-03-10 14:46:56 57344 --a------ D:\WINDOWS\System32\licwmi.dll 2007-03-10 14:46:56 177152 --a------ D:\WINDOWS\System32\cmprops.dll 2007-03-10 14:46:54 37896 --a------ D:\WINDOWS\System32\drivers\termdd.sys 2007-03-10 14:46:54 181632 --a------ D:\WINDOWS\System32\drivers\rdpdr.sys 2007-03-10 14:42:58 0 d--hs---- D:\FOUND.000 2007-03-10 14:38:01 5632 --a------ D:\WINDOWS\System32\drivers\splitter.sys 2007-03-10 14:38:00 122472 --a------ D:\WINDOWS\System32\drivers\aec.sys 2007-03-10 14:37:59 2816 --a------ D:\WINDOWS\System32\drivers\drmkaud.sys 2007-03-10 14:37:57 4608 --a------ D:\WINDOWS\System32\drivers\MSPQM.sys 2007-03-10 14:37:56 54272 --a------ D:\WINDOWS\System32\drivers\swmidi.sys 2007-03-10 14:37:55 50048 --a------ D:\WINDOWS\System32\drivers\DMusic.sys 2007-03-10 14:37:54 79616 --a------ D:\WINDOWS\System32\drivers\wdmaud.sys 2007-03-10 14:37:52 6400 --a------ D:\WINDOWS\System32\drivers\MSKSSRV.sys 2007-03-10 14:37:51 159232 --a------ D:\WINDOWS\System32\drivers\kmixer.sys 2007-03-10 14:37:50 57472 --a------ D:\WINDOWS\System32\drivers\sysaudio.sys 2007-03-10 14:37:49 5120 --a------ D:\WINDOWS\System32\drivers\MSPCLOCK.sys 2007-03-10 14:37:45 3072 --a------ D:\WINDOWS\System32\drivers\audstub.sys 2007-03-10 14:37:26 57088 --a------ D:\WINDOWS\System32\drivers\redbook.sys 2007-03-10 14:37:17 1738496 --a------ D:\WINDOWS\System32\nv4.dll 2007-03-10 14:37:17 731648 --a------ D:\WINDOWS\System32\drivers\nv4.sys 2007-03-10 14:37:07 3712 --a------ D:\WINDOWS\System32\drivers\ctljystk.sys 2007-03-10 14:37:02 2944 --a------ D:\WINDOWS\System32\drivers\msmpu401.sys 2007-03-10 14:37:00 9728 --a------ D:\WINDOWS\System32\drivers\gameenum.sys 2007-03-10 14:36:41 70144 --a------ D:\WINDOWS\System32\usbui.dll 2007-03-10 14:35:45 0 d-------- D:\Program Files\Common Files\ODBC 2007-03-10 14:35:42 0 dr------- D:\Program Files<PROGRA~1> 2007-03-10 14:35:42 0 d-------- D:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-03-10 14:35:40 6144 -ra------ D:\WINDOWS\System32\kbdtuq.dll 2007-03-10 14:35:40 5632 -ra------ D:\WINDOWS\System32\kbdazel.dll 2007-03-10 14:35:39 6144 -ra------ D:\WINDOWS\System32\kbdtuf.dll 2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdmon.dll 2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdkyr.dll 2007-03-10 14:35:36 8192 -ra------ D:\WINDOWS\System32\kbdhept.dll 2007-03-10 14:35:36 6656 -ra------ D:\WINDOWS\System32\kbdhela3.dll 2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdhela2.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe319.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe220.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe.dll 2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdgkl.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv1.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv.dll 2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt1.dll 2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdest.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdycl.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl1.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl.dll 2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdro.dll 2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdhu1.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdhu.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz2.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz1.dll 2007-03-10 14:35:32 7168 --a------ D:\WINDOWS\System32\kbdcz.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcr.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\KBDAL.DLL 2007-03-10 14:35:31 24661 --a------ D:\WINDOWS\System32\spxcoins.dll 2007-03-10 14:35:31 13312 --a------ D:\WINDOWS\System32\irclass.dll 2007-03-10 14:35:31 103424 --a------ D:\WINDOWS\System32\EqnClass.Dll 2007-03-10 14:35:31 10496 --a------ D:\WINDOWS\System32\drivers\irenum.sys 2007-03-10 14:35:31 85532 --a------ D:\WINDOWS\System32\dgsetup.dll 2007-03-10 14:35:31 176157 --a------ D:\WINDOWS\System32\dgrpsetu.dll 2007-03-10 14:35:30 6656 --a------ D:\WINDOWS\System32\batt.dll 2007-03-10 14:35:30 9168 --a------ D:\WINDOWS\system\VER.DLL 2007-03-10 14:35:30 19200 --a------ D:\WINDOWS\system\TAPI.DLL 2007-03-10 14:35:30 5120 --a------ D:\WINDOWS\system\SHELL.DLL 2007-03-10 14:35:30 24064 --a------ D:\WINDOWS\system\OLESVR.DLL 2007-03-10 14:35:30 83456 --a------ D:\WINDOWS\system\OLECLI.DLL 2007-03-10 14:35:30 127008 --a------ D:\WINDOWS\system\MSVIDEO.DLL 2007-03-10 14:35:29 15360 --a------ D:\WINDOWS\TASKMAN.EXE 2007-03-10 14:35:29 69712 --a------ D:\WINDOWS\system\MMSYSTEM.DLL 2007-03-10 14:35:29 9936 --a------ D:\WINDOWS\system\LZEXPAND.DLL 2007-03-10 14:35:29 33376 --a------ D:\WINDOWS\system\COMMDLG.DLL 2007-03-10 14:35:29 109488 --a------ D:\WINDOWS\system\AVIFILE.DLL 2007-03-10 14:35:29 70096 --a------ D:\WINDOWS\system\AVICAP.DLL 2007-03-10 14:35:29 67072 --a------ D:\WINDOWS\NOTEPAD.EXE 2007-03-10 14:35:28 71680 --a------ D:\WINDOWS\System32\storprop.dll 2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot2 2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot 2007-03-10 14:34:51 0 d-------- D:\Documents and Settings<DOCUME~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\WinSxS 2007-03-10 14:30:51 0 dr------- D:\WINDOWS\Web 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\twain_32 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system32 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wins 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wbem 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\usmt 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\spool 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ShellExt 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\Setup 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ras 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\oobe 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\npp 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\mui 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\inetsrv 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\IME 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\icsxml 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ias 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\export 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\etc 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\disdn 2007-03-10 14:30:51 0 dr-hs---- D:\WINDOWS\System32\dllcache 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\dhcp 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\config 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3com_dmi 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3076 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\2052 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1054 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1045 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1042 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1041 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1037 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1033 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1031 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1028 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1025 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\security 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Resources<RESOUR~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\repair 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\mui 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msapps 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msagent 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Media 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\java 2007-03-10 14:30:51 0 d--h----- D:\WINDOWS\inf 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\ime 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Help 2007-03-10 14:30:51 0 dr--s---- D:\WINDOWS\Fonts 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Driver Cache<DRIVER~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Debug 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Cursors 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Connection Wizard<CONNEC~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Config 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\AppPatch 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-03-16 21:00:30 355486 --a------ D:\WINDOWS\System32\perfh015.dat 2007-03-16 21:00:30 49492 --a------ D:\WINDOWS\System32\perfc015.dat 2007-03-16 18:43:38 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\SearchToolbarCorp<SEARCH~1> 2007-03-16 18:20:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\PC Tools<PCTOOL~1> 2007-03-16 18:10:30 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Mozilla 2007-03-15 16:51:24 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\vlc 2007-03-11 11:00:54 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\DeepBurner<DEEPBU~1> 2007-03-11 09:10:04 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Help 2007-03-10 18:06:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Leadertech<LEADER~1> 2007-03-10 17:53:52 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Real 2007-03-10 14:59:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Identities<IDENTI~1> 2007-03-10 14:43:36 62 --ahs---- D:\Documents and Settings\Jacek\Dane aplikacji\desktop.ini 2007-03-10 14:43:18 0 d---s---- D:\Documents and Settings\Jacek\Dane aplikacji\Microsoft<MICROS~1> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="D:\\WINDOWS\\SiSUSBrg.exe" "Disc Detector"="D:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "UpdReg"="D:\\WINDOWS\\Updreg.exe" "AHQInit"="D:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe" "AudioHQ"="D:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE" "2chkdsk"="rundll32.exe \"D:\\WINDOWS\\System32\\hmiflxgr.dll\",setvm" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices] "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4B50DEB2-891B-4CEE-A06C-144207F4015E}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-16 at 21:00:41 ------------------------

HiJack

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:03:06, on 2007-03-16 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\logonui.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Spyware Doctor\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Creative\ShareDLL\MediaDet.Exe D:\WINDOWS\System32\devldr32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\NOTEPAD.EXE D:\WINDOWS\NOTEPAD.EXE D:\Documents and Settings\Jacek\Pulpit\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing) O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\uktnvstk.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

SILENT

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."] "Spyware Doctor" = ""D:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."] "Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."] "UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."] "AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"] "AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."] "2chkdsk" = "rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {4B50DEB2-891B-4CEE-A06C-144207F4015E}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] {921628CF-B8F1-413D-BBA5-7925E4CF56FF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\jkkli.dll" [file not found] {B797CBF2-48B7-49D2-905C-212DD8CE721e}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\uktnvstk.dll" [null data] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\cptcrspr.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{4B50DEB2-891B-4CEE-A06C-144207F4015E}" = "*\" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Startup items in "Jacek" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ PC Tools Spyware Doctor, SDhelper, "D:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 19 seconds. ---------- (total run time: 81 seconds)

**Posty:** 18165 · przez **wojtas** 17 Mar 2007, 12:59

jeszcze raz:

uzyj:

Vunfofix
http://www.atribune.org/ccount/click.php?id=4

Trojan.Vundo Removal Tool
http://securityresponse.symantec.com/avcenter/FixVundo.exe

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

potem nowy log z HJ , silenta oraz comboscana:
http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 127 · przez **bluejack** 17 Mar 2007, 17:01

HJ

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 15:48:21, on 2007-03-17 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\Program Files\Winamp\winampa.exe D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Spyware Doctor\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Creative\ShareDLL\MediaDet.Exe D:\WINDOWS\System32\devldr32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Jacek\Pulpit\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing) O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\ubdgwtga.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

SILENT

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."] "Spyware Doctor" = ""D:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."] "Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."] "UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."] "AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"] "AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."] "2chkdsk" = "rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm" [MS] "WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data] "KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {4B50DEB2-891B-4CEE-A06C-144207F4015E}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] {921628CF-B8F1-413D-BBA5-7925E4CF56FF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\jkkli.dll" [file not found] {B797CBF2-48B7-49D2-905C-212DD8CE721e}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ubdgwtga.dll" [null data] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\cptcrspr.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{4B50DEB2-891B-4CEE-A06C-144207F4015E}" = "*]" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp" Startup items in "Jacek" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ PC Tools Spyware Doctor, SDhelper, "D:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 18 seconds. ---------- (total run time: 77 seconds)

COMBOSCAN

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Jacek on 2007-03-17 at 15:52:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Jacek.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:52:28, on 2007-03-17 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE D:\Program Files\Winamp\winampa.exe D:\Program Files\Netia\Net\netianet.exe D:\Program Files\Spyware Doctor\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Creative\ShareDLL\MediaDet.Exe D:\WINDOWS\System32\devldr32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Jacek\Pulpit\comboscan.exe D:\DOCUME~1\Jacek\Pulpit\HIJACK~1\Jacek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing) O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\ubdgwtga.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing) -- Files created between 2007-02-17 and 2007-03-17 ----------------------------- 2007-03-17 13:28:12 0 d--hs---- D:\FOUND.007 2007-03-17 10:18:28 0 d-------- D:\Program Files\GIMP-2.0 2007-03-17 09:14:27 460024 ---hs---- D:\WINDOWS\System32\hhhkj.ini2<HHHKJ~1.INI> 2007-03-16 22:37:03 1168 --a------ D:\WINDOWS\mozver.dat 2007-03-16 22:08:23 132116 --a------ D:\WINDOWS\System32\ubdgwtga.dll 2007-03-16 22:08:22 454879 ---hs---- D:\WINDOWS\System32\hhhkj.bak1<HHHKJ~2.BAK> 2007-03-16 21:08:09 282212 ---hs---- D:\WINDOWS\System32\pmkji.dll 2007-03-16 20:55:44 123412 --a------ D:\WINDOWS\System32\hmiflxgr.dll 2007-03-16 20:55:34 48660 --a------ D:\WINDOWS\System32\cptcrspr.dll 2007-03-16 20:55:29 455719 ---hs---- D:\WINDOWS\System32\yybeg.bak1<YYBEG~2.BAK> 2007-03-16 20:55:29 132116 --a------ D:\WINDOWS\System32\uktnvstk.dll 2007-03-16 20:55:18 282212 ---hs---- D:\WINDOWS\System32\ddccc.dll 2007-03-16 20:43:30 0 d-------- D:\VundoFix Backups<VUNDOF~1> 2007-03-16 20:40:20 0 d-------- D:\winamp 2007-03-16 20:32:00 115880 -----n--- D:\WINDOWS\System32\pxinsi64.exe 2007-03-16 20:32:00 129784 -----n--- D:\WINDOWS\System32\pxafs.dll 2007-03-16 20:32:00 36528 -----n--- D:\WINDOWS\System32\drivers\PxHelp20.sys 2007-03-16 20:32:00 2560 -----n--- D:\WINDOWS\System32\drivers\cdralw2k.sys 2007-03-16 20:32:00 2432 -----n--- D:\WINDOWS\System32\drivers\cdr4_xp.sys 2007-03-16 20:31:53 0 d-------- D:\Program Files\Winamp 2007-03-16 19:53:21 0 d-------- D:\avenger 2007-03-16 19:03:30 0 d--hs---- D:\FOUND.006 2007-03-16 18:40:02 55296 --ah----- D:\WINDOWS\System32\ndltq.exe 2007-03-16 18:39:59 55808 --ah----- D:\WINDOWS\System32\vkwmtc.exe 2007-03-16 18:39:54 55808 --ah----- D:\WINDOWS\System32\slqxnckz.exe 2007-03-16 18:39:42 55808 --ah----- D:\WINDOWS\System32\xticwrdn.exe 2007-03-16 18:39:31 55808 --ah----- D:\WINDOWS\System32\wanbbmu.exe 2007-03-16 18:39:25 55808 --ah----- D:\WINDOWS\System32\hllueb.exe 2007-03-16 18:39:18 55808 --ah----- D:\WINDOWS\System32\twxrkuw.exe 2007-03-16 18:38:14 55808 --ah----- D:\WINDOWS\System32\xuwv.exe 2007-03-16 18:37:17 55808 --ah----- D:\WINDOWS\System32\zxzjmk.exe 2007-03-16 18:37:13 55808 --ah----- D:\WINDOWS\System32\qacx.exe 2007-03-16 18:37:08 55808 --ah----- D:\WINDOWS\System32\rbluon.exe 2007-03-16 18:36:38 0 d-------- D:\Program Files\Gadu-Gadu<GADU-G~1> 2007-03-16 18:36:11 55808 --ah----- D:\WINDOWS\System32\najtbdf.exe 2007-03-16 18:36:03 55808 --ah----- D:\WINDOWS\System32\ndotyw.exe 2007-03-16 18:34:38 59389 --a------ D:\WINDOWS\System32\ax.exe 2007-03-16 18:33:07 101888 --a------ D:\WINDOWS\System32\wmupdat50561.exe<WMUPDA~2.EXE> 2007-03-16 18:31:32 55808 --ah----- D:\WINDOWS\System32\aetrwf.exe 2007-03-16 18:25:46 26685 -----n--- D:\WINDOWS\System32\ssqqron.dll 2007-03-16 18:22:32 101888 --a------ D:\WINDOWS\System32\wmupdat47233.exe<WMUPDA~1.EXE> 2007-03-16 18:17:18 0 d-------- D:\Program Files\Spyware Doctor<SPYWAR~1> 2007-03-16 18:13:50 348160 --a------ D:\WINDOWS\System32\msvcr71.dll 2007-03-16 18:13:50 499712 --a------ D:\WINDOWS\System32\msvcp71.dll 2007-03-16 18:10:44 0 --a------ D:\WINDOWS\nsreg.dat 2007-03-16 18:10:04 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-16 17:53:09 24064 --a------ D:\WINDOWS\System32\devldr32.exe 2007-03-16 17:38:02 0 d-------- D:\Program Files\Netia 2007-03-16 14:29:50 0 d--hs---- D:\FOUND.005 2007-03-15 16:57:29 208896 --a------ D:\WINDOWS\System32\nvudisp.exe 2007-03-15 16:55:23 42752 --a------ D:\WINDOWS\System32\drivers\stream.sys 2007-03-15 16:55:23 36480 --a------ D:\WINDOWS\System32\drivers\sfmanm.sys 2007-03-15 16:55:22 51200 --a------ D:\WINDOWS\System32\sfman32.dll 2007-03-15 16:55:22 495616 --a------ D:\WINDOWS\System32\sblfx.dll 2007-03-15 16:55:22 4096 --a------ D:\WINDOWS\System32\ksuser.dll 2007-03-15 16:55:22 135040 --a------ D:\WINDOWS\System32\drivers\portcls.sys 2007-03-15 16:55:22 134144 --a------ D:\WINDOWS\System32\drivers\ks.sys 2007-03-15 16:55:21 283904 --a------ D:\WINDOWS\System32\drivers\emu10k1m.sys 2007-03-15 16:55:21 57344 --a------ D:\WINDOWS\System32\drivers\drmk.sys 2007-03-15 16:55:19 256512 --a------ D:\WINDOWS\System32\devcon32.dll 2007-03-15 16:55:17 4096 --a------ D:\WINDOWS\System32\ctwdm32.dll 2007-03-15 16:55:16 6912 --a------ D:\WINDOWS\System32\drivers\ctlfacem.sys 2007-03-14 17:11:48 0 d--hs---- D:\FOUND.004 2007-03-12 13:33:04 0 d--hs---- D:\FOUND.003 2007-03-12 12:04:54 0 d--hs---- D:\FOUND.002 2007-03-11 15:34:58 0 d--hs---- D:\FOUND.001 2007-03-10 17:53:51 0 d-------- D:\Program Files\Real Alternative<REALAL~1> 2007-03-10 17:53:51 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1> 2007-03-10 17:41:35 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1> 2007-03-10 17:40:31 208896 --a------ D:\WINDOWS\System32\NVUNINST.EXE 2007-03-10 15:54:43 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1> 2007-03-10 15:22:50 32768 --a------ D:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL> 2007-03-10 15:22:02 127497 --a------ D:\WINDOWS\System32\drivers\adiusbaw.sys 2007-03-10 15:22:02 155648 --a------ D:\WINDOWS\System32\adadix32.dll 2007-03-10 15:22:01 127456 --a------ D:\WINDOWS\System32\ipdetect.exe 2007-03-10 15:22:00 126976 --a------ D:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL> 2007-03-10 15:21:59 135168 --a------ D:\WINDOWS\System32\unaddrv.exe 2007-03-10 15:21:59 46167 --a------ D:\WINDOWS\System32\drivers\adildr.sys 2007-03-10 15:21:59 4981 --a------ D:\WINDOWS\System32\adadix2k.dll 2007-03-10 15:21:59 46892 --a------ D:\WINDOWS\System32\adadix16.dll 2007-03-10 15:21:58 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-10 15:21:56 0 d-------- D:\Program Files\SAGEM 2007-03-10 15:20:56 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1> 2007-03-10 15:17:23 0 d--hs---- D:\Recycled 2007-03-10 15:14:17 41984 --a------ D:\WINDOWS\CTREGRUN.EXE 2007-03-10 15:12:36 90112 --a------ D:\WINDOWS\Updreg.exe 2007-03-10 15:12:31 36992 --a------ D:\WINDOWS\System32\drivers\sfman.sys 2007-03-10 15:12:30 775296 --a------ D:\WINDOWS\System32\drivers\emu10k1f.sys 2007-03-10 15:12:30 6912 --a------ D:\WINDOWS\System32\drivers\ctlface.sys 2007-03-10 15:12:30 59392 --a------ D:\WINDOWS\System32\a3d.dll 2007-03-10 15:10:00 1048576 -----n--- D:\WINDOWS\System32\sfman.dat 2007-03-10 15:10:00 84992 -----n--- D:\WINDOWS\System32\sfcvrt32.dll 2007-03-10 15:10:00 108032 -----n--- D:\WINDOWS\System32\mfcuia32.dll 2007-03-10 15:10:00 149504 -----n--- D:\WINDOWS\System32\mfcans32.dll 2007-03-10 15:10:00 82432 -----n--- D:\WINDOWS\System32\Ctwflt32.dll 2007-03-10 15:10:00 26768 -----n--- D:\WINDOWS\System32\ctl3d.dll 2007-03-10 15:10:00 34816 -----n--- D:\WINDOWS\CTRes32.dll 2007-03-10 15:10:00 24976 -----n--- D:\WINDOWS\ctres.dll 2007-03-10 15:10:00 53552 -----n--- D:\WINDOWS\ctccw.dll 2007-03-10 15:08:28 3584 --a------ D:\WINDOWS\System32\Ahqcpres.dll 2007-03-10 15:08:04 25088 --a------ D:\WINDOWS\System32\CTSVCCTL.EXE 2007-03-10 15:08:04 0 d-------- D:\Media 2007-03-10 15:07:40 307200 -----n--- D:\WINDOWS\System32\CtMp3Lib.dll 2007-03-10 15:07:40 110592 -----n--- D:\WINDOWS\System32\ctmp3io2.dll 2007-03-10 15:07:39 54784 -----n--- D:\WINDOWS\System32\Inetwh32.dll 2007-03-10 15:07:39 24576 -----n--- D:\WINDOWS\System32\CTMERes.DLL 2007-03-10 15:07:39 393216 -----n--- D:\WINDOWS\System32\CTMedEng.dll 2007-03-10 15:07:39 28672 -----n--- D:\WINDOWS\System32\CTIntRes.dll 2007-03-10 15:07:39 155648 -----n--- D:\WINDOWS\System32\CTDrmUI.dll 2007-03-10 15:07:39 73728 -----n--- D:\WINDOWS\System32\CTDrmRes.dll 2007-03-10 15:07:39 57856 -----n--- D:\WINDOWS\System32\CTDETRES.DLL 2007-03-10 15:07:04 6752 -----n--- D:\WINDOWS\System32\PfModNT.sys 2007-03-10 15:07:04 0 d-------- D:\Program Files\Creative 2007-03-10 15:02:33 0 d-------- D:\WINDOWS\SiS 2007-03-10 15:02:32 0 d-------- D:\WINDOWS\System32\ReinstallBackups<REINST~1> 2007-03-10 15:02:32 27392 -ra------ D:\WINDOWS\System32\drivers\SISAGP.SYS 2007-03-10 15:02:19 306688 --a------ D:\WINDOWS\IsUninst.exe 2007-03-10 15:02:14 304640 --a------ D:\WINDOWS\IsUn0415.exe 2007-03-10 15:02:13 3583 -ra------ D:\WINDOWS\SiSport.sys 2007-03-10 15:02:13 32768 -ra------ D:\WINDOWS\SIS_LIB.DLL 2007-03-10 15:02:12 102400 -ra------ D:\WINDOWS\SiSUSBrg.exe 2007-03-10 15:01:44 0 d-------- D:\WINDOWS\System32\Tools 2007-03-10 15:01:38 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-10 14:59:23 0 d--hs---- D:\WINDOWS\Installer<INSTAL~1> 2007-03-10 14:58:26 0 d--hs---- D:\System Volume Information<SYSTEM~1> 2007-03-10 14:58:25 0 d-------- D:\WINDOWS\Prefetch 2007-03-10 14:51:35 0 d-------- D:\WINDOWS\System32\xircom 2007-03-10 14:51:35 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1> 2007-03-10 14:50:57 112128 --a------ D:\WINDOWS\System32\mapi32.dll 2007-03-10 14:50:02 0 dr------- D:\WINDOWS\Offline Web Pages<OFFLIN~1> 2007-03-10 14:50:01 0 d---s---- D:\WINDOWS\Downloaded Program Files<DOWNLO~1> 2007-03-10 14:49:38 0 d-------- D:\WINDOWS\srchasst 2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\Macromed 2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\DirectX 2007-03-10 14:49:21 17408 --a------ D:\WINDOWS\System32\qmgrprxy.dll 2007-03-10 14:49:21 179200 --a------ D:\WINDOWS\System32\qmgr.dll 2007-03-10 14:49:20 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1> 2007-03-10 14:49:06 40960 --a------ D:\WINDOWS\System32\safrslv.dll 2007-03-10 14:49:06 26624 --a------ D:\WINDOWS\System32\safrdm.dll 2007-03-10 14:49:05 39424 --a------ D:\WINDOWS\System32\safrcdlg.dll 2007-03-10 14:49:05 33792 --a------ D:\WINDOWS\System32\racpldlg.dll 2007-03-10 14:49:05 11264 --a------ D:\WINDOWS\System32\atrace.dll 2007-03-10 14:48:56 155648 --a------ D:\WINDOWS\System32\srsvc.dll 2007-03-10 14:48:56 219136 --a------ D:\WINDOWS\System32\srrstr.dll 2007-03-10 14:48:56 61952 --a------ D:\WINDOWS\System32\srclient.dll 2007-03-10 14:48:56 0 d-------- D:\WINDOWS\System32\Restore 2007-03-10 14:48:56 70400 --a------ D:\WINDOWS\System32\drivers\sr.sys 2007-03-10 14:48:55 24576 --a------ D:\WINDOWS\System32\nmmkcert.dll 2007-03-10 14:48:55 12288 --a------ D:\WINDOWS\System32\nmevtmsg.dll 2007-03-10 14:48:55 32768 --a------ D:\WINDOWS\System32\mnmsrvc.exe 2007-03-10 14:48:55 32384 --a------ D:\WINDOWS\System32\mnmdd.dll 2007-03-10 14:48:55 28672 --a------ D:\WINDOWS\System32\isrdbg32.dll 2007-03-10 14:48:55 73728 --a------ D:\WINDOWS\System32\ils.dll 2007-03-10 14:48:54 65536 --a------ D:\WINDOWS\System32\msconf.dll 2007-03-10 14:48:52 90624 --a------ D:\WINDOWS\System32\msoert2.dll 2007-03-10 14:48:52 67584 --a------ D:\WINDOWS\System32\acctres.dll 2007-03-10 14:48:52 0 d-------- D:\WINDOWS\PCHEALTH 2007-03-10 14:48:51 228864 --a------ D:\WINDOWS\System32\msoeacct.dll 2007-03-10 14:48:50 49152 --a------ D:\WINDOWS\System32\inetres.dll 2007-03-10 14:48:50 593920 --a------ D:\WINDOWS\System32\inetcomm.dll 2007-03-10 14:48:46 0 d---s---- D:\WINDOWS\Tasks 2007-03-10 14:48:46 159744 --a------ D:\WINDOWS\System32\schedsvc.dll 2007-03-10 14:48:46 9728 --a------ D:\WINDOWS\System32\mstinit.exe 2007-03-10 14:48:46 253440 --a------ D:\WINDOWS\System32\mstask.dll 2007-03-10 14:48:46 81920 --a------ D:\WINDOWS\System32\isign32.dll 2007-03-10 14:48:46 270336 --a------ D:\WINDOWS\System32\inetcfg.dll 2007-03-10 14:48:46 61440 --a------ D:\WINDOWS\System32\icwphbk.dll 2007-03-10 14:48:46 69632 --a------ D:\WINDOWS\System32\icwdial.dll 2007-03-10 14:48:46 16384 --a------ D:\WINDOWS\System32\icfgnt5.dll 2007-03-10 14:48:44 0 d-------- D:\Program Files\Common Files\MSSoap 2007-03-10 14:48:03 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT> 2007-03-10 14:47:47 0 d-------- D:\WINDOWS\Registration<REGIST~1> 2007-03-10 14:47:42 0 d--h----- D:\Program Files\WindowsUpdate<WINDOW~2> 2007-03-10 14:47:42 0 d-------- D:\Program Files\Usługi online<USŁUGI~1> 2007-03-10 14:47:36 0 d-------- D:\Program Files\Messenger<MESSEN~1> 2007-03-10 14:47:29 5632 --a------ D:\WINDOWS\System32\write.exe 2007-03-10 14:47:29 0 d-------- D:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-03-10 14:47:20 139264 --a------ D:\WINDOWS\System32\sndvol32.exe 2007-03-10 14:47:20 125440 --a------ D:\WINDOWS\System32\sndrec32.exe 2007-03-10 14:47:20 118272 --a------ D:\WINDOWS\System32\mplay32.exe 2007-03-10 14:47:20 494592 --a------ D:\WINDOWS\System32\hypertrm.dll 2007-03-10 14:47:20 44544 --a------ D:\WINDOWS\System32\hticons.dll 2007-03-10 14:47:20 73216 --a------ D:\WINDOWS\System32\avwav.dll 2007-03-10 14:47:20 231424 --a------ D:\WINDOWS\System32\avtapi.dll 2007-03-10 14:47:20 16384 --a------ D:\WINDOWS\System32\avmeter.dll 2007-03-10 14:47:20 183296 --a------ D:\WINDOWS\System32\accwiz.exe 2007-03-10 14:47:19 35328 --a------ D:\WINDOWS\System32\winchat.exe 2007-03-10 14:47:19 0 d-------- D:\Program Files\Windows NT<WINDOW~1> 2007-03-10 14:47:18 342016 --a------ D:\WINDOWS\System32\mspaint.exe 2007-03-10 14:47:14 605696 --a------ D:\WINDOWS\System32\getuname.dll 2007-03-10 14:47:14 99328 --a------ D:\WINDOWS\System32\clipbrd.exe 2007-03-10 14:47:13 534016 --a------ D:\WINDOWS\System32\spider.exe 2007-03-10 14:47:13 57344 --a------ D:\WINDOWS\System32\sol.exe 2007-03-10 14:47:13 80896 --a------ D:\WINDOWS\System32\charmap.exe 2007-03-10 14:47:13 115200 --a------ D:\WINDOWS\System32\calc.exe 2007-03-10 14:47:12 4096 --a------ D:\WINDOWS\System32\wuauserv.dll 2007-03-10 14:47:12 95744 --a------ D:\WINDOWS\System32\wuaueng.dll 2007-03-10 14:47:12 113664 --a------ D:\WINDOWS\System32\wuauclt.exe 2007-03-10 14:47:12 119808 --a------ D:\WINDOWS\System32\winmine.exe 2007-03-10 14:47:12 128000 --a------ D:\WINDOWS\System32\mshearts.exe 2007-03-10 14:47:12 55808 --a------ D:\WINDOWS\System32\freecell.exe 2007-03-10 14:47:12 20232 --a------ D:\WINDOWS\System32\drivers\tdtcp.sys 2007-03-10 14:47:12 11144 --a------ D:\WINDOWS\System32\drivers\tdpipe.sys 2007-03-10 14:47:12 107912 --a------ D:\WINDOWS\System32\drivers\rdpwd.sys 2007-03-10 14:47:11 1225 --a------ D:\WINDOWS\System32\usrlogon.cmd 2007-03-10 14:47:11 40448 --a------ D:\WINDOWS\System32\tscupgrd.exe 2007-03-10 14:47:11 89600 --a------ D:\WINDOWS\System32\tscfgwmi.dll 2007-03-10 14:47:11 131072 --a------ D:\WINDOWS\System32\sessmgr.exe 2007-03-10 14:47:11 9728 --a------ D:\WINDOWS\System32\reset.exe 2007-03-10 14:47:11 56832 --a------ D:\WINDOWS\System32\remotepg.dll 2007-03-10 14:47:11 61952 --a------ D:\WINDOWS\System32\rdshost.exe 2007-03-10 14:47:11 12288 --a------ D:\WINDOWS\System32\rdsaddin.exe 2007-03-10 14:47:11 134656 --a------ D:\WINDOWS\System32\rdchost.dll 2007-03-10 14:47:11 503296 --a------ D:\WINDOWS\System32\mstscax.dll 2007-03-10 14:47:11 387072 --a------ D:\WINDOWS\System32\mstsc.exe 2007-03-10 14:47:10 17920 --a------ D:\WINDOWS\System32\tsshutdn.exe 2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\tskill.exe 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tsdiscon.exe 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tscon.exe 2007-03-10 14:47:10 198656 --a------ D:\WINDOWS\System32\termsrv.dll 2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\shadow.exe 2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\rwinsta.exe 2007-03-10 14:47:10 33792 --a------ D:\WINDOWS\System32\regini.exe 2007-03-10 14:47:10 73864 --a------ D:\WINDOWS\System32\rdpwsx.dll 2007-03-10 14:47:10 14848 --a------ D:\WINDOWS\System32\rdpsnd.dll 2007-03-10 14:47:10 41984 --a------ D:\WINDOWS\System32\rdpclip.exe 2007-03-10 14:47:10 4608 --a------ D:\WINDOWS\System32\rdpcfgex.dll 2007-03-10 14:47:10 22528 --a------ D:\WINDOWS\System32\qwinsta.exe 2007-03-10 14:47:10 19456 --a------ D:\WINDOWS\System32\qprocess.exe 2007-03-10 14:47:10 17408 --a------ D:\WINDOWS\System32\qappsrv.exe 2007-03-10 14:47:09 83968 --a------ D:\WINDOWS\System32\mtxoci.dll 2007-03-10 14:47:09 22528 --a------ D:\WINDOWS\System32\msg.exe 2007-03-10 14:47:09 151040 --a------ D:\WINDOWS\System32\msdtcuiu.dll 2007-03-10 14:47:09 869376 --a------ D:\WINDOWS\System32\msdtctm.dll 2007-03-10 14:47:09 360960 --a------ D:\WINDOWS\System32\msdtcprx.dll 2007-03-10 14:47:09 0 d-------- D:\WINDOWS\System32\MsDtc 2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\logoff.exe 2007-03-10 14:47:09 8704 --a------ D:\WINDOWS\System32\icaapi.dll 2007-03-10 14:47:09 32768 --a------ D:\WINDOWS\System32\cfgbkend.dll 2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\cdmodem.dll 2007-03-10 14:47:08 9728 --a------ D:\WINDOWS\System32\xolehlp.dll 2007-03-10 14:47:08 54784 --a------ D:\WINDOWS\System32\msdtclog.dll 2007-03-10 14:47:08 6144 --a------ D:\WINDOWS\System32\msdtc.exe 2007-03-10 14:47:07 54272 --a------ D:\WINDOWS\System32\stclient.dll 2007-03-10 14:47:07 25088 --a------ D:\WINDOWS\System32\mtxlegih.dll 2007-03-10 14:47:07 4096 --a------ D:\WINDOWS\System32\mtxex.dll 2007-03-10 14:47:07 20480 --a------ D:\WINDOWS\System32\mtxdm.dll 2007-03-10 14:47:07 5120 --a------ D:\WINDOWS\System32\dcomcnfg.exe 2007-03-10 14:47:07 82432 --a------ D:\WINDOWS\System32\comrepl.dll 2007-03-10 14:47:07 25600 --a------ D:\WINDOWS\System32\comaddin.dll 2007-03-10 14:47:07 0 d-------- D:\WINDOWS\System32\Com 2007-03-10 14:47:07 56832 --a------ D:\WINDOWS\System32\colbact.dll 2007-03-10 14:47:07 100864 --a------ D:\WINDOWS\System32\clbcatex.dll 2007-03-10 14:47:07 85504 --a------ D:\WINDOWS\System32\catsrvps.dll 2007-03-10 14:47:06 495616 --a------ D:\WINDOWS\System32\comuid.dll 2007-03-10 14:47:06 1139200 --a------ D:\WINDOWS\System32\comsvcs.dll 2007-03-10 14:47:06 147456 --a------ D:\WINDOWS\System32\comsnap.dll 2007-03-10 14:47:06 468480 --a------ D:\WINDOWS\System32\clbcatq.dll 2007-03-10 14:47:06 583168 --a------ D:\WINDOWS\System32\catsrvut.dll 2007-03-10 14:47:06 215040 --a------ D:\WINDOWS\System32\catsrv.dll 2007-03-10 14:46:57 53248 --a------ D:\WINDOWS\System32\servdeps.dll 2007-03-10 14:46:57 16896 --a------ D:\WINDOWS\System32\mmfutil.dll 2007-03-10 14:46:56 57344 --a------ D:\WINDOWS\System32\licwmi.dll 2007-03-10 14:46:56 177152 --a------ D:\WINDOWS\System32\cmprops.dll 2007-03-10 14:46:54 37896 --a------ D:\WINDOWS\System32\drivers\termdd.sys 2007-03-10 14:46:54 181632 --a------ D:\WINDOWS\System32\drivers\rdpdr.sys 2007-03-10 14:42:58 0 d--hs---- D:\FOUND.000 2007-03-10 14:38:01 5632 --a------ D:\WINDOWS\System32\drivers\splitter.sys 2007-03-10 14:38:00 122472 --a------ D:\WINDOWS\System32\drivers\aec.sys 2007-03-10 14:37:59 2816 --a------ D:\WINDOWS\System32\drivers\drmkaud.sys 2007-03-10 14:37:57 4608 --a------ D:\WINDOWS\System32\drivers\MSPQM.sys 2007-03-10 14:37:56 54272 --a------ D:\WINDOWS\System32\drivers\swmidi.sys 2007-03-10 14:37:55 50048 --a------ D:\WINDOWS\System32\drivers\DMusic.sys 2007-03-10 14:37:54 79616 --a------ D:\WINDOWS\System32\drivers\wdmaud.sys 2007-03-10 14:37:52 6400 --a------ D:\WINDOWS\System32\drivers\MSKSSRV.sys 2007-03-10 14:37:51 159232 --a------ D:\WINDOWS\System32\drivers\kmixer.sys 2007-03-10 14:37:50 57472 --a------ D:\WINDOWS\System32\drivers\sysaudio.sys 2007-03-10 14:37:49 5120 --a------ D:\WINDOWS\System32\drivers\MSPCLOCK.sys 2007-03-10 14:37:45 3072 --a------ D:\WINDOWS\System32\drivers\audstub.sys 2007-03-10 14:37:26 57088 --a------ D:\WINDOWS\System32\drivers\redbook.sys 2007-03-10 14:37:17 1738496 --a------ D:\WINDOWS\System32\nv4.dll 2007-03-10 14:37:17 731648 --a------ D:\WINDOWS\System32\drivers\nv4.sys 2007-03-10 14:37:07 3712 --a------ D:\WINDOWS\System32\drivers\ctljystk.sys 2007-03-10 14:37:02 2944 --a------ D:\WINDOWS\System32\drivers\msmpu401.sys 2007-03-10 14:37:00 9728 --a------ D:\WINDOWS\System32\drivers\gameenum.sys 2007-03-10 14:36:41 70144 --a------ D:\WINDOWS\System32\usbui.dll 2007-03-10 14:35:45 0 d-------- D:\Program Files\Common Files\ODBC 2007-03-10 14:35:42 0 dr------- D:\Program Files<PROGRA~1> 2007-03-10 14:35:42 0 d-------- D:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-03-10 14:35:40 6144 -ra------ D:\WINDOWS\System32\kbdtuq.dll 2007-03-10 14:35:40 5632 -ra------ D:\WINDOWS\System32\kbdazel.dll 2007-03-10 14:35:39 6144 -ra------ D:\WINDOWS\System32\kbdtuf.dll 2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdmon.dll 2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdkyr.dll 2007-03-10 14:35:36 8192 -ra------ D:\WINDOWS\System32\kbdhept.dll 2007-03-10 14:35:36 6656 -ra------ D:\WINDOWS\System32\kbdhela3.dll 2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdhela2.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe319.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe220.dll 2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe.dll 2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdgkl.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv1.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv.dll 2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt1.dll 2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt.dll 2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdest.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdycl.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl1.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl.dll 2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdro.dll 2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdhu1.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdhu.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz2.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz1.dll 2007-03-10 14:35:32 7168 --a------ D:\WINDOWS\System32\kbdcz.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcr.dll 2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\KBDAL.DLL 2007-03-10 14:35:31 24661 --a------ D:\WINDOWS\System32\spxcoins.dll 2007-03-10 14:35:31 13312 --a------ D:\WINDOWS\System32\irclass.dll 2007-03-10 14:35:31 103424 --a------ D:\WINDOWS\System32\EqnClass.Dll 2007-03-10 14:35:31 10496 --a------ D:\WINDOWS\System32\drivers\irenum.sys 2007-03-10 14:35:31 85532 --a------ D:\WINDOWS\System32\dgsetup.dll 2007-03-10 14:35:31 176157 --a------ D:\WINDOWS\System32\dgrpsetu.dll 2007-03-10 14:35:30 6656 --a------ D:\WINDOWS\System32\batt.dll 2007-03-10 14:35:30 9168 --a------ D:\WINDOWS\system\VER.DLL 2007-03-10 14:35:30 19200 --a------ D:\WINDOWS\system\TAPI.DLL 2007-03-10 14:35:30 5120 --a------ D:\WINDOWS\system\SHELL.DLL 2007-03-10 14:35:30 24064 --a------ D:\WINDOWS\system\OLESVR.DLL 2007-03-10 14:35:30 83456 --a------ D:\WINDOWS\system\OLECLI.DLL 2007-03-10 14:35:30 127008 --a------ D:\WINDOWS\system\MSVIDEO.DLL 2007-03-10 14:35:29 15360 --a------ D:\WINDOWS\TASKMAN.EXE 2007-03-10 14:35:29 69712 --a------ D:\WINDOWS\system\MMSYSTEM.DLL 2007-03-10 14:35:29 9936 --a------ D:\WINDOWS\system\LZEXPAND.DLL 2007-03-10 14:35:29 33376 --a------ D:\WINDOWS\system\COMMDLG.DLL 2007-03-10 14:35:29 109488 --a------ D:\WINDOWS\system\AVIFILE.DLL 2007-03-10 14:35:29 70096 --a------ D:\WINDOWS\system\AVICAP.DLL 2007-03-10 14:35:29 67072 --a------ D:\WINDOWS\NOTEPAD.EXE 2007-03-10 14:35:28 71680 --a------ D:\WINDOWS\System32\storprop.dll 2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot2 2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot 2007-03-10 14:34:51 0 d-------- D:\Documents and Settings<DOCUME~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\WinSxS 2007-03-10 14:30:51 0 dr------- D:\WINDOWS\Web 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\twain_32 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system32 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wins 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wbem 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\usmt 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\spool 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ShellExt 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\Setup 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ras 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\oobe 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\npp 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\mui 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\inetsrv 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\IME 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\icsxml 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ias 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\export 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\etc 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\disdn 2007-03-10 14:30:51 0 dr-hs---- D:\WINDOWS\System32\dllcache 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\dhcp 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\config 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3com_dmi 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3076 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\2052 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1054 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1045 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1042 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1041 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1037 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1033 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1031 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1028 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1025 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\security 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Resources<RESOUR~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\repair 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\mui 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msapps 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msagent 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Media 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\java 2007-03-10 14:30:51 0 d--h----- D:\WINDOWS\inf 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\ime 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Help 2007-03-10 14:30:51 0 dr--s---- D:\WINDOWS\Fonts 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Driver Cache<DRIVER~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Debug 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Cursors 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Connection Wizard<CONNEC~1> 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Config 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\AppPatch 2007-03-10 14:30:51 0 d-------- D:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-03-17 15:44:56 355486 --a------ D:\WINDOWS\System32\perfh015.dat 2007-03-17 15:44:56 49492 --a------ D:\WINDOWS\System32\perfc015.dat 2007-03-16 22:37:12 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Macromedia<MACROM~1> 2007-03-16 18:43:38 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\SearchToolbarCorp<SEARCH~1> 2007-03-16 18:20:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\PC Tools<PCTOOL~1> 2007-03-16 18:10:30 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Mozilla 2007-03-15 16:51:24 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\vlc 2007-03-11 11:00:54 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\DeepBurner<DEEPBU~1> 2007-03-11 09:10:04 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Help 2007-03-10 18:06:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Leadertech<LEADER~1> 2007-03-10 17:53:52 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Real 2007-03-10 14:59:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Identities<IDENTI~1> 2007-03-10 14:43:36 62 --ahs---- D:\Documents and Settings\Jacek\Dane aplikacji\desktop.ini 2007-03-10 14:43:18 0 d---s---- D:\Documents and Settings\Jacek\Dane aplikacji\Microsoft<MICROS~1> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiSUSBRG"="D:\\WINDOWS\\SiSUSBrg.exe" "Disc Detector"="D:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "UpdReg"="D:\\WINDOWS\\Updreg.exe" "AHQInit"="D:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe" "AudioHQ"="D:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE" "2chkdsk"="rundll32.exe \"D:\\WINDOWS\\System32\\hmiflxgr.dll\",setvm" "WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices] "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4B50DEB2-891B-4CEE-A06C-144207F4015E}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" "NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe" "Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE" "Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-17 at 15:52:53 ------------------------

**Posty:** 4043 · przez **prog** 17 Mar 2007, 17:03

To tylko tak BTW:

Comboscan ma w sobie hijacka, więc nie wstawiaj już HJ.

**Posty:** 18165 · przez **wojtas** 17 Mar 2007, 17:24

Gdzie antywirus i firewall??

zainstaluj avasta i kerio personal bo bedziesz lapal syf...

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\System32\ssqqron.dll
D:\WINDOWS\System32\ubdgwtga.dll
D:\WINDOWS\System32\cptcrspr.dll
D:\WINDOWS\System32\hmiflxgr.dll
D:\WINDOWS\System32\hhhkj.bak1
D:\WINDOWS\System32\pmkji.dll
D:\WINDOWS\System32\yybeg.bak1
D:\WINDOWS\System32\uktnvstk.dll
D:\WINDOWS\System32\ddccc.dll
D:\WINDOWS\System32\ndltq.exe
D:\WINDOWS\System32\vkwmtc.exe
D:\WINDOWS\System32\slqxnckz.exe
D:\WINDOWS\System32\xticwrdn.exe
D:\WINDOWS\System32\wanbbmu.exe
D:\WINDOWS\System32\hllueb.exe
D:\WINDOWS\System32\twxrkuw.exe
D:\WINDOWS\System32\xuwv.exe
D:\WINDOWS\System32\zxzjmk.exe
D:\WINDOWS\System32\qacx.exe
D:\WINDOWS\System32\rbluon.exe
D:\WINDOWS\System32\najtbdf.exe
D:\WINDOWS\System32\ndotyw.exe
D:\WINDOWS\System32\ax.exe
D:\WINDOWS\System32\wmupdat50561.exe
D:\WINDOWS\System32\aetrwf.exe
D:\WINDOWS\System32\ssqqron.dll
D:\WINDOWS\System32\wmupdat47233.exe

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll
O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing)
O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\uktnvstk.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\hmiflxgr.dll",setvm

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners + combofix

**Posty:** 127 · przez **bluejack** 17 Mar 2007, 19:29

Po restarcie kompa po wklejeniu tej listy

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Cytat:
Files to delete:

D:\WINDOWS\System32\ssqqron.dll
D:\WINDOWS\System32\ubdgwtga.dll
D:\WINDOWS\System32\cptcrspr.dll
D:\WINDOWS\System32\hmiflxgr.dll
D:\WINDOWS\System32\hhhkj.bak1
D:\WINDOWS\System32\pmkji.dll
D:\WINDOWS\System32\yybeg.bak1
D:\WINDOWS\System32\uktnvstk.dll
D:\WINDOWS\System32\ddccc.dll
D:\WINDOWS\System32\ndltq.exe
D:\WINDOWS\System32\vkwmtc.exe
D:\WINDOWS\System32\slqxnckz.exe
D:\WINDOWS\System32\xticwrdn.exe
D:\WINDOWS\System32\wanbbmu.exe
D:\WINDOWS\System32\hllueb.exe
D:\WINDOWS\System32\twxrkuw.exe
D:\WINDOWS\System32\xuwv.exe
D:\WINDOWS\System32\zxzjmk.exe
D:\WINDOWS\System32\qacx.exe
D:\WINDOWS\System32\rbluon.exe
D:\WINDOWS\System32\najtbdf.exe
D:\WINDOWS\System32\ndotyw.exe
D:\WINDOWS\System32\ax.exe
D:\WINDOWS\System32\wmupdat50561.exe
D:\WINDOWS\System32\aetrwf.exe
D:\WINDOWS\System32\ssqqron.dll
D:\WINDOWS\System32\wmupdat47233.exe

wyskoczyl mi komunikat "System Windows nie moze odnalezc pliku "D:\PROGRA~1\INSTAL~1\{53550~1\Setup.exe"

i

"Wystapił bład podczas ladowania D:\WINDOWS\System32\hmiflxgr.dll"

RAPORT Z AVANGERA

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\foloebbx

*******************

Script file located at: \??\D:\Documents and Settings\rvvjnnpg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

File D:\WINDOWS\System32\ssqqron.dll deleted successfully.
File D:\WINDOWS\System32\ubdgwtga.dll deleted successfully.
File D:\WINDOWS\System32\cptcrspr.dll deleted successfully.
File D:\WINDOWS\System32\hmiflxgr.dll deleted successfully.
File D:\WINDOWS\System32\hhhkj.bak1 deleted successfully.
File D:\WINDOWS\System32\pmkji.dll deleted successfully.
File D:\WINDOWS\System32\yybeg.bak1 deleted successfully.
File D:\WINDOWS\System32\uktnvstk.dll deleted successfully.
File D:\WINDOWS\System32\ddccc.dll deleted successfully.
File D:\WINDOWS\System32\ndltq.exe deleted successfully.
File D:\WINDOWS\System32\vkwmtc.exe deleted successfully.
File D:\WINDOWS\System32\slqxnckz.exe deleted successfully.
File D:\WINDOWS\System32\xticwrdn.exe deleted successfully.
File D:\WINDOWS\System32\wanbbmu.exe deleted successfully.
File D:\WINDOWS\System32\hllueb.exe deleted successfully.
File D:\WINDOWS\System32\twxrkuw.exe deleted successfully.
File D:\WINDOWS\System32\xuwv.exe deleted successfully.
File D:\WINDOWS\System32\zxzjmk.exe deleted successfully.
File D:\WINDOWS\System32\qacx.exe deleted successfully.
File D:\WINDOWS\System32\rbluon.exe deleted successfully.
File D:\WINDOWS\System32\najtbdf.exe deleted successfully.
File D:\WINDOWS\System32\ndotyw.exe deleted successfully.
File D:\WINDOWS\System32\ax.exe deleted successfully.
File D:\WINDOWS\System32\wmupdat50561.exe deleted successfully.
File D:\WINDOWS\System32\aetrwf.exe deleted successfully.

File D:\WINDOWS\System32\ssqqron.dll not found!
Deletion of file D:\WINDOWS\System32\ssqqron.dll failed!

Could not process line:
D:\WINDOWS\System32\ssqqron.dll
Status: 0xc0000034

File D:\WINDOWS\System32\wmupdat47233.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

LOG Z SILENT

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"]
"AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4B50DEB2-891B-4CEE-A06C-144207F4015E}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [file not found]
{921628CF-B8F1-413D-BBA5-7925E4CF56FF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\jkkli.dll" [file not found]
{B797CBF2-48B7-49D2-905C-212DD8CE721e}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\ubdgwtga.dll" [file not found]
{C4064320-0A1A-4406-A1A4-2E145C9B5932}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\gebcd.dll" [null data]
{D38439EC-4A7F-42b4-90C2-D810D7778FDD}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\cptcrspr.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{4B50DEB2-891B-4CEE-A06C-144207F4015E}" = "*]" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\ssqqron.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> gebcd\DLLName = "D:\WINDOWS\System32\gebcd.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Startup items in "Jacek" & "All Users" startup folders:
-------------------------------------------------------

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 28 seconds.
---------- (total run time: 113 seconds)

LOG Z COMBOSCANA&HJ

ComboScan v20070306.20 run by Jacek on 2007-03-17 at 18:18:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jacek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:18:38, on 2007-03-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\WINDOWS\System32\devldr32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Netia\Net\netianet.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Jacek\Pulpit\comboscan.exe
D:\DOCUME~1\Jacek\Pulpit\HIJACK~1\Jacek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll (file missing)
O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing)
O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\ubdgwtga.dll (file missing)
O2 - BHO: (no name) - {C4064320-0A1A-4406-A1A4-2E145C9B5932} - D:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76
O20 - Winlogon Notify: gebcd - D:\WINDOWS\System32\gebcd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

-- Files created between 2007-02-17 and 2007-03-17 -----------------------------

2007-03-17 18:00:37 0 d-------- D:\avenger
2007-03-17 17:50:54 59392 --a------ D:\WINDOWS\System32\drivers\kvpndrv.sys
2007-03-17 17:34:39 0 d-------- D:\WINDOWS\System32\appmgmt
2007-03-17 16:42:52 43176 --a------ D:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-17 16:42:52 23352 --a------ D:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-17 16:42:52 31560 --a------ D:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-17 16:42:47 94424 --a------ D:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-17 16:42:47 85952 --a------ D:\WINDOWS\System32\drivers\aswmon.sys
2007-03-17 16:42:40 1060864 --a------ D:\WINDOWS\System32\MFC71.dll
2007-03-17 16:42:40 90112 --a------ D:\WINDOWS\System32\AVASTSS.scr
2007-03-17 16:42:40 689280 --a------ D:\WINDOWS\System32\aswBoot.exe
2007-03-17 16:42:34 0 d-------- D:\Program Files\Alwil Software<ALWILS~1>
2007-03-17 15:57:29 282212 ---hs---- D:\WINDOWS\System32\gebcd.dll
2007-03-17 13:28:12 0 d--hs---- D:\FOUND.007
2007-03-17 10:18:28 0 d-------- D:\Program Files\GIMP-2.0
2007-03-17 09:14:27 460024 ---hs---- D:\WINDOWS\System32\hhhkj.ini2<HHHKJ~1.INI>
2007-03-16 22:37:03 1168 --a------ D:\WINDOWS\mozver.dat
2007-03-16 20:43:30 0 d-------- D:\VundoFix Backups<VUNDOF~1>
2007-03-16 20:40:20 0 d-------- D:\winamp
2007-03-16 20:32:00 115880 -----n--- D:\WINDOWS\System32\pxinsi64.exe
2007-03-16 20:32:00 129784 -----n--- D:\WINDOWS\System32\pxafs.dll
2007-03-16 20:32:00 36528 -----n--- D:\WINDOWS\System32\drivers\PxHelp20.sys
2007-03-16 20:32:00 2560 -----n--- D:\WINDOWS\System32\drivers\cdralw2k.sys
2007-03-16 20:32:00 2432 -----n--- D:\WINDOWS\System32\drivers\cdr4_xp.sys
2007-03-16 20:31:53 0 d-------- D:\Program Files\Winamp
2007-03-16 19:03:30 0 d--hs---- D:\FOUND.006
2007-03-16 18:36:38 0 d-------- D:\Program Files\Gadu-Gadu<GADU-G~1>
2007-03-16 18:17:18 0 d-------- D:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-16 18:13:50 348160 --a------ D:\WINDOWS\System32\msvcr71.dll
2007-03-16 18:13:50 499712 --a------ D:\WINDOWS\System32\msvcp71.dll
2007-03-16 18:10:44 0 --a------ D:\WINDOWS\nsreg.dat
2007-03-16 18:10:04 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-16 17:53:09 24064 --a------ D:\WINDOWS\System32\devldr32.exe
2007-03-16 17:38:02 0 d-------- D:\Program Files\Netia
2007-03-16 14:29:50 0 d--hs---- D:\FOUND.005
2007-03-15 16:57:29 208896 --a------ D:\WINDOWS\System32\nvudisp.exe
2007-03-15 16:55:23 42752 --a------ D:\WINDOWS\System32\drivers\stream.sys
2007-03-15 16:55:23 36480 --a------ D:\WINDOWS\System32\drivers\sfmanm.sys
2007-03-15 16:55:22 51200 --a------ D:\WINDOWS\System32\sfman32.dll
2007-03-15 16:55:22 495616 --a------ D:\WINDOWS\System32\sblfx.dll
2007-03-15 16:55:22 4096 --a------ D:\WINDOWS\System32\ksuser.dll
2007-03-15 16:55:22 135040 --a------ D:\WINDOWS\System32\drivers\portcls.sys
2007-03-15 16:55:22 134144 --a------ D:\WINDOWS\System32\drivers\ks.sys
2007-03-15 16:55:21 283904 --a------ D:\WINDOWS\System32\drivers\emu10k1m.sys
2007-03-15 16:55:21 57344 --a------ D:\WINDOWS\System32\drivers\drmk.sys
2007-03-15 16:55:19 256512 --a------ D:\WINDOWS\System32\devcon32.dll
2007-03-15 16:55:17 4096 --a------ D:\WINDOWS\System32\ctwdm32.dll
2007-03-15 16:55:16 6912 --a------ D:\WINDOWS\System32\drivers\ctlfacem.sys
2007-03-14 17:11:48 0 d--hs---- D:\FOUND.004
2007-03-12 13:33:04 0 d--hs---- D:\FOUND.003
2007-03-12 12:04:54 0 d--hs---- D:\FOUND.002
2007-03-11 15:34:58 0 d--hs---- D:\FOUND.001
2007-03-10 17:53:51 0 d-------- D:\Program Files\Real Alternative<REALAL~1>
2007-03-10 17:53:51 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-10 17:41:35 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-10 17:40:31 208896 --a------ D:\WINDOWS\System32\NVUNINST.EXE
2007-03-10 15:54:43 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1>
2007-03-10 15:22:50 32768 --a------ D:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL>
2007-03-10 15:22:02 127497 --a------ D:\WINDOWS\System32\drivers\adiusbaw.sys
2007-03-10 15:22:02 155648 --a------ D:\WINDOWS\System32\adadix32.dll
2007-03-10 15:22:01 127456 --a------ D:\WINDOWS\System32\ipdetect.exe
2007-03-10 15:22:00 126976 --a------ D:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL>
2007-03-10 15:21:59 135168 --a------ D:\WINDOWS\System32\unaddrv.exe
2007-03-10 15:21:59 46167 --a------ D:\WINDOWS\System32\drivers\adildr.sys
2007-03-10 15:21:59 4981 --a------ D:\WINDOWS\System32\adadix2k.dll
2007-03-10 15:21:59 46892 --a------ D:\WINDOWS\System32\adadix16.dll
2007-03-10 15:21:58 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 15:21:56 0 d-------- D:\Program Files\SAGEM
2007-03-10 15:20:56 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-10 15:17:23 0 d--hs---- D:\Recycled
2007-03-10 15:14:17 41984 --a------ D:\WINDOWS\CTREGRUN.EXE
2007-03-10 15:12:36 90112 --a------ D:\WINDOWS\Updreg.exe
2007-03-10 15:12:31 36992 --a------ D:\WINDOWS\System32\drivers\sfman.sys
2007-03-10 15:12:30 775296 --a------ D:\WINDOWS\System32\drivers\emu10k1f.sys
2007-03-10 15:12:30 6912 --a------ D:\WINDOWS\System32\drivers\ctlface.sys
2007-03-10 15:12:30 59392 --a------ D:\WINDOWS\System32\a3d.dll
2007-03-10 15:10:00 1048576 -----n--- D:\WINDOWS\System32\sfman.dat
2007-03-10 15:10:00 84992 -----n--- D:\WINDOWS\System32\sfcvrt32.dll
2007-03-10 15:10:00 108032 -----n--- D:\WINDOWS\System32\mfcuia32.dll
2007-03-10 15:10:00 149504 -----n--- D:\WINDOWS\System32\mfcans32.dll
2007-03-10 15:10:00 82432 -----n--- D:\WINDOWS\System32\Ctwflt32.dll
2007-03-10 15:10:00 26768 -----n--- D:\WINDOWS\System32\ctl3d.dll
2007-03-10 15:10:00 34816 -----n--- D:\WINDOWS\CTRes32.dll
2007-03-10 15:10:00 24976 -----n--- D:\WINDOWS\ctres.dll
2007-03-10 15:10:00 53552 -----n--- D:\WINDOWS\ctccw.dll
2007-03-10 15:08:28 3584 --a------ D:\WINDOWS\System32\Ahqcpres.dll
2007-03-10 15:08:04 25088 --a------ D:\WINDOWS\System32\CTSVCCTL.EXE
2007-03-10 15:08:04 0 d-------- D:\Media
2007-03-10 15:07:40 307200 -----n--- D:\WINDOWS\System32\CtMp3Lib.dll
2007-03-10 15:07:40 110592 -----n--- D:\WINDOWS\System32\ctmp3io2.dll
2007-03-10 15:07:39 54784 -----n--- D:\WINDOWS\System32\Inetwh32.dll
2007-03-10 15:07:39 24576 -----n--- D:\WINDOWS\System32\CTMERes.DLL
2007-03-10 15:07:39 393216 -----n--- D:\WINDOWS\System32\CTMedEng.dll
2007-03-10 15:07:39 28672 -----n--- D:\WINDOWS\System32\CTIntRes.dll
2007-03-10 15:07:39 155648 -----n--- D:\WINDOWS\System32\CTDrmUI.dll
2007-03-10 15:07:39 73728 -----n--- D:\WINDOWS\System32\CTDrmRes.dll
2007-03-10 15:07:39 57856 -----n--- D:\WINDOWS\System32\CTDETRES.DLL
2007-03-10 15:07:04 6752 -----n--- D:\WINDOWS\System32\PfModNT.sys
2007-03-10 15:07:04 0 d-------- D:\Program Files\Creative
2007-03-10 15:02:33 0 d-------- D:\WINDOWS\SiS
2007-03-10 15:02:32 0 d-------- D:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-03-10 15:02:32 27392 -ra------ D:\WINDOWS\System32\drivers\SISAGP.SYS
2007-03-10 15:02:19 306688 --a------ D:\WINDOWS\IsUninst.exe
2007-03-10 15:02:14 304640 --a------ D:\WINDOWS\IsUn0415.exe
2007-03-10 15:02:13 3583 -ra------ D:\WINDOWS\SiSport.sys
2007-03-10 15:02:13 32768 -ra------ D:\WINDOWS\SIS_LIB.DLL
2007-03-10 15:02:12 102400 -ra------ D:\WINDOWS\SiSUSBrg.exe
2007-03-10 15:01:44 0 d-------- D:\WINDOWS\System32\Tools
2007-03-10 15:01:38 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 14:59:23 0 d--hs---- D:\WINDOWS\Installer<INSTAL~1>
2007-03-10 14:58:26 0 d--hs---- D:\System Volume Information<SYSTEM~1>
2007-03-10 14:58:25 0 d-------- D:\WINDOWS\Prefetch
2007-03-10 14:51:35 0 d-------- D:\WINDOWS\System32\xircom
2007-03-10 14:51:35 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-10 14:50:57 112128 --a------ D:\WINDOWS\System32\mapi32.dll
2007-03-10 14:50:02 0 dr------- D:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-10 14:50:01 0 d---s---- D:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-10 14:49:38 0 d-------- D:\WINDOWS\srchasst
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\Macromed
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\DirectX
2007-03-10 14:49:21 17408 --a------ D:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 14:49:21 179200 --a------ D:\WINDOWS\System32\qmgr.dll
2007-03-10 14:49:20 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1>
2007-03-10 14:49:06 40960 --a------ D:\WINDOWS\System32\safrslv.dll
2007-03-10 14:49:06 26624 --a------ D:\WINDOWS\System32\safrdm.dll
2007-03-10 14:49:05 39424 --a------ D:\WINDOWS\System32\safrcdlg.dll
2007-03-10 14:49:05 33792 --a------ D:\WINDOWS\System32\racpldlg.dll
2007-03-10 14:49:05 11264 --a------ D:\WINDOWS\System32\atrace.dll
2007-03-10 14:48:56 155648 --a------ D:\WINDOWS\System32\srsvc.dll
2007-03-10 14:48:56 219136 --a------ D:\WINDOWS\System32\srrstr.dll
2007-03-10 14:48:56 61952 --a------ D:\WINDOWS\System32\srclient.dll
2007-03-10 14:48:56 0 d-------- D:\WINDOWS\System32\Restore
2007-03-10 14:48:56 70400 --a------ D:\WINDOWS\System32\drivers\sr.sys
2007-03-10 14:48:55 24576 --a------ D:\WINDOWS\System32\nmmkcert.dll
2007-03-10 14:48:55 12288 --a------ D:\WINDOWS\System32\nmevtmsg.dll
2007-03-10 14:48:55 32768 --a------ D:\WINDOWS\System32\mnmsrvc.exe
2007-03-10 14:48:55 32384 --a------ D:\WINDOWS\System32\mnmdd.dll
2007-03-10 14:48:55 28672 --a------ D:\WINDOWS\System32\isrdbg32.dll
2007-03-10 14:48:55 73728 --a------ D:\WINDOWS\System32\ils.dll
2007-03-10 14:48:54 65536 --a------ D:\WINDOWS\System32\msconf.dll
2007-03-10 14:48:52 90624 --a------ D:\WINDOWS\System32\msoert2.dll
2007-03-10 14:48:52 67584 --a------ D:\WINDOWS\System32\acctres.dll
2007-03-10 14:48:52 0 d-------- D:\WINDOWS\PCHEALTH
2007-03-10 14:48:51 228864 --a------ D:\WINDOWS\System32\msoeacct.dll
2007-03-10 14:48:50 49152 --a------ D:\WINDOWS\System32\inetres.dll
2007-03-10 14:48:50 593920 --a------ D:\WINDOWS\System32\inetcomm.dll
2007-03-10 14:48:46 0 d---s---- D:\WINDOWS\Tasks
2007-03-10 14:48:46 159744 --a------ D:\WINDOWS\System32\schedsvc.dll
2007-03-10 14:48:46 9728 --a------ D:\WINDOWS\System32\mstinit.exe
2007-03-10 14:48:46 253440 --a------ D:\WINDOWS\System32\mstask.dll
2007-03-10 14:48:46 81920 --a------ D:\WINDOWS\System32\isign32.dll
2007-03-10 14:48:46 270336 --a------ D:\WINDOWS\System32\inetcfg.dll
2007-03-10 14:48:46 61440 --a------ D:\WINDOWS\System32\icwphbk.dll
2007-03-10 14:48:46 69632 --a------ D:\WINDOWS\System32\icwdial.dll
2007-03-10 14:48:46 16384 --a------ D:\WINDOWS\System32\icfgnt5.dll
2007-03-10 14:48:44 0 d-------- D:\Program Files\Common Files\MSSoap
2007-03-10 14:48:03 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-10 14:47:47 0 d-------- D:\WINDOWS\Registration<REGIST~1>
2007-03-10 14:47:42 0 d--h----- D:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-10 14:47:42 0 d-------- D:\Program Files\Usługi online<USŁUGI~1>
2007-03-10 14:47:36 0 d-------- D:\Program Files\Messenger<MESSEN~1>
2007-03-10 14:47:29 5632 --a------ D:\WINDOWS\System32\write.exe
2007-03-10 14:47:29 0 d-------- D:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-10 14:47:20 139264 --a------ D:\WINDOWS\System32\sndvol32.exe
2007-03-10 14:47:20 125440 --a------ D:\WINDOWS\System32\sndrec32.exe
2007-03-10 14:47:20 118272 --a------ D:\WINDOWS\System32\mplay32.exe
2007-03-10 14:47:20 494592 --a------ D:\WINDOWS\System32\hypertrm.dll
2007-03-10 14:47:20 44544 --a------ D:\WINDOWS\System32\hticons.dll
2007-03-10 14:47:20 73216 --a------ D:\WINDOWS\System32\avwav.dll
2007-03-10 14:47:20 231424 --a------ D:\WINDOWS\System32\avtapi.dll
2007-03-10 14:47:20 16384 --a------ D:\WINDOWS\System32\avmeter.dll
2007-03-10 14:47:20 183296 --a------ D:\WINDOWS\System32\accwiz.exe
2007-03-10 14:47:19 35328 --a------ D:\WINDOWS\System32\winchat.exe
2007-03-10 14:47:19 0 d-------- D:\Program Files\Windows NT<WINDOW~1>
2007-03-10 14:47:18 342016 --a------ D:\WINDOWS\System32\mspaint.exe
2007-03-10 14:47:14 605696 --a------ D:\WINDOWS\System32\getuname.dll
2007-03-10 14:47:14 99328 --a------ D:\WINDOWS\System32\clipbrd.exe
2007-03-10 14:47:13 534016 --a------ D:\WINDOWS\System32\spider.exe
2007-03-10 14:47:13 57344 --a------ D:\WINDOWS\System32\sol.exe
2007-03-10 14:47:13 80896 --a------ D:\WINDOWS\System32\charmap.exe
2007-03-10 14:47:13 115200 --a------ D:\WINDOWS\System32\calc.exe
2007-03-10 14:47:12 4096 --a------ D:\WINDOWS\System32\wuauserv.dll
2007-03-10 14:47:12 95744 --a------ D:\WINDOWS\System32\wuaueng.dll
2007-03-10 14:47:12 113664 --a------ D:\WINDOWS\System32\wuauclt.exe
2007-03-10 14:47:12 119808 --a------ D:\WINDOWS\System32\winmine.exe
2007-03-10 14:47:12 128000 --a------ D:\WINDOWS\System32\mshearts.exe
2007-03-10 14:47:12 55808 --a------ D:\WINDOWS\System32\freecell.exe
2007-03-10 14:47:12 20232 --a------ D:\WINDOWS\System32\drivers\tdtcp.sys
2007-03-10 14:47:12 11144 --a------ D:\WINDOWS\System32\drivers\tdpipe.sys
2007-03-10 14:47:12 107912 --a------ D:\WINDOWS\System32\drivers\rdpwd.sys
2007-03-10 14:47:11 1225 --a------ D:\WINDOWS\System32\usrlogon.cmd
2007-03-10 14:47:11 40448 --a------ D:\WINDOWS\System32\tscupgrd.exe
2007-03-10 14:47:11 89600 --a------ D:\WINDOWS\System32\tscfgwmi.dll
2007-03-10 14:47:11 131072 --a------ D:\WINDOWS\System32\sessmgr.exe
2007-03-10 14:47:11 9728 --a------ D:\WINDOWS\System32\reset.exe
2007-03-10 14:47:11 56832 --a------ D:\WINDOWS\System32\remotepg.dll
2007-03-10 14:47:11 61952 --a------ D:\WINDOWS\System32\rdshost.exe
2007-03-10 14:47:11 12288 --a------ D:\WINDOWS\System32\rdsaddin.exe
2007-03-10 14:47:11 134656 --a------ D:\WINDOWS\System32\rdchost.dll
2007-03-10 14:47:11 503296 --a------ D:\WINDOWS\System32\mstscax.dll
2007-03-10 14:47:11 387072 --a------ D:\WINDOWS\System32\mstsc.exe
2007-03-10 14:47:10 17920 --a------ D:\WINDOWS\System32\tsshutdn.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\tskill.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tsdiscon.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tscon.exe
2007-03-10 14:47:10 198656 --a------ D:\WINDOWS\System32\termsrv.dll
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\shadow.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\rwinsta.exe
2007-03-10 14:47:10 33792 --a------ D:\WINDOWS\System32\regini.exe
2007-03-10 14:47:10 73864 --a------ D:\WINDOWS\System32\rdpwsx.dll
2007-03-10 14:47:10 14848 --a------ D:\WINDOWS\System32\rdpsnd.dll
2007-03-10 14:47:10 41984 --a------ D:\WINDOWS\System32\rdpclip.exe
2007-03-10 14:47:10 4608 --a------ D:\WINDOWS\System32\rdpcfgex.dll
2007-03-10 14:47:10 22528 --a------ D:\WINDOWS\System32\qwinsta.exe
2007-03-10 14:47:10 19456 --a------ D:\WINDOWS\System32\qprocess.exe
2007-03-10 14:47:10 17408 --a------ D:\WINDOWS\System32\qappsrv.exe
2007-03-10 14:47:09 83968 --a------ D:\WINDOWS\System32\mtxoci.dll
2007-03-10 14:47:09 22528 --a------ D:\WINDOWS\System32\msg.exe
2007-03-10 14:47:09 151040 --a------ D:\WINDOWS\System32\msdtcuiu.dll
2007-03-10 14:47:09 869376 --a------ D:\WINDOWS\System32\msdtctm.dll
2007-03-10 14:47:09 360960 --a------ D:\WINDOWS\System32\msdtcprx.dll
2007-03-10 14:47:09 0 d-------- D:\WINDOWS\System32\MsDtc
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\logoff.exe
2007-03-10 14:47:09 8704 --a------ D:\WINDOWS\System32\icaapi.dll
2007-03-10 14:47:09 32768 --a------ D:\WINDOWS\System32\cfgbkend.dll
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\cdmodem.dll
2007-03-10 14:47:08 9728 --a------ D:\WINDOWS\System32\xolehlp.dll
2007-03-10 14:47:08 54784 --a------ D:\WINDOWS\System32\msdtclog.dll
2007-03-10 14:47:08 6144 --a------ D:\WINDOWS\System32\msdtc.exe
2007-03-10 14:47:07 54272 --a------ D:\WINDOWS\System32\stclient.dll
2007-03-10 14:47:07 25088 --a------ D:\WINDOWS\System32\mtxlegih.dll
2007-03-10 14:47:07 4096 --a------ D:\WINDOWS\System32\mtxex.dll
2007-03-10 14:47:07 20480 --a------ D:\WINDOWS\System32\mtxdm.dll
2007-03-10 14:47:07 5120 --a------ D:\WINDOWS\System32\dcomcnfg.exe
2007-03-10 14:47:07 82432 --a------ D:\WINDOWS\System32\comrepl.dll
2007-03-10 14:47:07 25600 --a------ D:\WINDOWS\System32\comaddin.dll
2007-03-10 14:47:07 0 d-------- D:\WINDOWS\System32\Com
2007-03-10 14:47:07 56832 --a------ D:\WINDOWS\System32\colbact.dll
2007-03-10 14:47:07 100864 --a------ D:\WINDOWS\System32\clbcatex.dll
2007-03-10 14:47:07 85504 --a------ D:\WINDOWS\System32\catsrvps.dll
2007-03-10 14:47:06 495616 --a------ D:\WINDOWS\System32\comuid.dll
2007-03-10 14:47:06 1139200 --a------ D:\WINDOWS\System32\comsvcs.dll
2007-03-10 14:47:06 147456 --a------ D:\WINDOWS\System32\comsnap.dll
2007-03-10 14:47:06 468480 --a------ D:\WINDOWS\System32\clbcatq.dll
2007-03-10 14:47:06 583168 --a------ D:\WINDOWS\System32\catsrvut.dll
2007-03-10 14:47:06 215040 --a------ D:\WINDOWS\System32\catsrv.dll
2007-03-10 14:46:57 53248 --a------ D:\WINDOWS\System32\servdeps.dll
2007-03-10 14:46:57 16896 --a------ D:\WINDOWS\System32\mmfutil.dll
2007-03-10 14:46:56 57344 --a------ D:\WINDOWS\System32\licwmi.dll
2007-03-10 14:46:56 177152 --a------ D:\WINDOWS\System32\cmprops.dll
2007-03-10 14:46:54 37896 --a------ D:\WINDOWS\System32\drivers\termdd.sys
2007-03-10 14:46:54 181632 --a------ D:\WINDOWS\System32\drivers\rdpdr.sys
2007-03-10 14:42:58 0 d--hs---- D:\FOUND.000
2007-03-10 14:38:01 5632 --a------ D:\WINDOWS\System32\drivers\splitter.sys
2007-03-10 14:38:00 122472 --a------ D:\WINDOWS\System32\drivers\aec.sys
2007-03-10 14:37:59 2816 --a------ D:\WINDOWS\System32\drivers\drmkaud.sys
2007-03-10 14:37:57 4608 --a------ D:\WINDOWS\System32\drivers\MSPQM.sys
2007-03-10 14:37:56 54272 --a------ D:\WINDOWS\System32\drivers\swmidi.sys
2007-03-10 14:37:55 50048 --a------ D:\WINDOWS\System32\drivers\DMusic.sys
2007-03-10 14:37:54 79616 --a------ D:\WINDOWS\System32\drivers\wdmaud.sys
2007-03-10 14:37:52 6400 --a------ D:\WINDOWS\System32\drivers\MSKSSRV.sys
2007-03-10 14:37:51 159232 --a------ D:\WINDOWS\System32\drivers\kmixer.sys
2007-03-10 14:37:50 57472 --a------ D:\WINDOWS\System32\drivers\sysaudio.sys
2007-03-10 14:37:49 5120 --a------ D:\WINDOWS\System32\drivers\MSPCLOCK.sys
2007-03-10 14:37:45 3072 --a------ D:\WINDOWS\System32\drivers\audstub.sys
2007-03-10 14:37:26 57088 --a------ D:\WINDOWS\System32\drivers\redbook.sys
2007-03-10 14:37:17 1738496 --a------ D:\WINDOWS\System32\nv4.dll
2007-03-10 14:37:17 731648 --a------ D:\WINDOWS\System32\drivers\nv4.sys
2007-03-10 14:37:07 3712 --a------ D:\WINDOWS\System32\drivers\ctljystk.sys
2007-03-10 14:37:02 2944 --a------ D:\WINDOWS\System32\drivers\msmpu401.sys
2007-03-10 14:37:00 9728 --a------ D:\WINDOWS\System32\drivers\gameenum.sys
2007-03-10 14:36:41 70144 --a------ D:\WINDOWS\System32\usbui.dll
2007-03-10 14:35:45 0 d-------- D:\Program Files\Common Files\ODBC
2007-03-10 14:35:42 0 dr------- D:\Program Files<PROGRA~1>
2007-03-10 14:35:42 0 d-------- D:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-10 14:35:40 6144 -ra------ D:\WINDOWS\System32\kbdtuq.dll
2007-03-10 14:35:40 5632 -ra------ D:\WINDOWS\System32\kbdazel.dll
2007-03-10 14:35:39 6144 -ra------ D:\WINDOWS\System32\kbdtuf.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdmon.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdkyr.dll
2007-03-10 14:35:36 8192 -ra------ D:\WINDOWS\System32\kbdhept.dll
2007-03-10 14:35:36 6656 -ra------ D:\WINDOWS\System32\kbdhela3.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdhela2.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe319.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe220.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdgkl.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv1.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt1.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdest.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdycl.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdro.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdhu1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdhu.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz2.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz1.dll
2007-03-10 14:35:32 7168 --a------ D:\WINDOWS\System32\kbdcz.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcr.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\KBDAL.DLL
2007-03-10 14:35:31 24661 --a------ D:\WINDOWS\System32\spxcoins.dll
2007-03-10 14:35:31 13312 --a------ D:\WINDOWS\System32\irclass.dll
2007-03-10 14:35:31 103424 --a------ D:\WINDOWS\System32\EqnClass.Dll
2007-03-10 14:35:31 10496 --a------ D:\WINDOWS\System32\drivers\irenum.sys
2007-03-10 14:35:31 85532 --a------ D:\WINDOWS\System32\dgsetup.dll
2007-03-10 14:35:31 176157 --a------ D:\WINDOWS\System32\dgrpsetu.dll
2007-03-10 14:35:30 6656 --a------ D:\WINDOWS\System32\batt.dll
2007-03-10 14:35:30 9168 --a------ D:\WINDOWS\system\VER.DLL
2007-03-10 14:35:30 19200 --a------ D:\WINDOWS\system\TAPI.DLL
2007-03-10 14:35:30 5120 --a------ D:\WINDOWS\system\SHELL.DLL
2007-03-10 14:35:30 24064 --a------ D:\WINDOWS\system\OLESVR.DLL
2007-03-10 14:35:30 83456 --a------ D:\WINDOWS\system\OLECLI.DLL
2007-03-10 14:35:30 127008 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2007-03-10 14:35:29 15360 --a------ D:\WINDOWS\TASKMAN.EXE
2007-03-10 14:35:29 69712 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2007-03-10 14:35:29 9936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2007-03-10 14:35:29 33376 --a------ D:\WINDOWS\system\COMMDLG.DLL
2007-03-10 14:35:29 109488 --a------ D:\WINDOWS\system\AVIFILE.DLL
2007-03-10 14:35:29 70096 --a------ D:\WINDOWS\system\AVICAP.DLL
2007-03-10 14:35:29 67072 --a------ D:\WINDOWS\NOTEPAD.EXE
2007-03-10 14:35:28 71680 --a------ D:\WINDOWS\System32\storprop.dll
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot2
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot
2007-03-10 14:34:51 0 d-------- D:\Documents and Settings<DOCUME~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\WinSxS
2007-03-10 14:30:51 0 dr------- D:\WINDOWS\Web
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\twain_32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wins
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wbem
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\usmt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\spool
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ShellExt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\Setup
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ras
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\oobe
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\npp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\inetsrv
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\IME
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\icsxml
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ias
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\export
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\etc
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\disdn
2007-03-10 14:30:51 0 dr-hs---- D:\WINDOWS\System32\dllcache
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\dhcp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3com_dmi
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3076
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\2052
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1054
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1045
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1042
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1041
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1037
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1033
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1031
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1028
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1025
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\security
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Resources<RESOUR~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\repair
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msapps
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msagent
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Media
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\java
2007-03-10 14:30:51 0 d--h----- D:\WINDOWS\inf
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\ime
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Help
2007-03-10 14:30:51 0 dr--s---- D:\WINDOWS\Fonts
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Debug
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Cursors
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\AppPatch
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2007-03-17 18:01:52 355486 --a------ D:\WINDOWS\System32\perfh015.dat
2007-03-17 18:01:52 49492 --a------ D:\WINDOWS\System32\perfc015.dat
2007-03-17 17:52:10 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Kerio
2007-03-16 22:37:12 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Macromedia<MACROM~1>
2007-03-16 18:43:38 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\SearchToolbarCorp<SEARCH~1>
2007-03-16 18:10:30 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Mozilla
2007-03-15 16:51:24 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\vlc
2007-03-11 11:00:54 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\DeepBurner<DEEPBU~1>
2007-03-11 09:10:04 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Help
2007-03-10 18:06:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Leadertech<LEADER~1>
2007-03-10 17:53:52 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Real
2007-03-10 14:59:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Identities<IDENTI~1>
2007-03-10 14:43:36 62 --ahs---- D:\Documents and Settings\Jacek\Dane aplikacji\desktop.ini
2007-03-10 14:43:18 0 d---s---- D:\Documents and Settings\Jacek\Dane aplikacji\Microsoft<MICROS~1>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="D:\\WINDOWS\\SiSUSBrg.exe"
"Disc Detector"="D:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="D:\\WINDOWS\\Updreg.exe"
"AHQInit"="D:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"AudioHQ"="D:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4B50DEB2-891B-4CEE-A06C-144207F4015E}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e1bb1f-cf12-11db-bd42-806d6172696f}]
Shell\AutoRun\command E:\autorun\autorun.exe

-- End of ComboScan: finished at 2007-03-17 at 18:19:02 ------------------------

aha i moglbys polecic cos zamiennego do kerio personal bo ten cos mi nie chce dzialac

Z gory dzieki!

**Posty:** 18165 · przez **wojtas** 17 Mar 2007, 20:31

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\System32\gebcd.dll
D:\WINDOWS\System32\cptcrspr.dl
D:\WINDOWS\System32\hhhkj.ini2

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O2 - BHO: (no name) - {4B50DEB2-891B-4CEE-A06C-144207F4015E} - D:\WINDOWS\System32\ssqqron.dll (file missing)
O2 - BHO: (no name) - {921628CF-B8F1-413D-BBA5-7925E4CF56FF} - D:\WINDOWS\System32\jkkli.dll (file missing)
O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\ubdgwtga.dll (file missing)
O2 - BHO: (no name) - {C4064320-0A1A-4406-A1A4-2E145C9B5932} - D:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - D:\WINDOWS\System32\cptcrspr.dll (file missing)
O20 - Winlogon Notify: gebcd - D:\WINDOWS\System32\gebcd.dll

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.

bluejack napisał(a):aha i moglbys polecic cos zamiennego do kerio personal bo ten cos mi nie chce dzialac

http://www.itpartner.pl/ftp/program/1138/Outpost.Firewall.Free.1.0.1.PL.html

potem nowy log z HJ, silenta ,comboscana

**Posty:** 127 · przez **bluejack** 17 Mar 2007, 22:57

LOG Z SILENTA

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"]
"AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"2chkdsk" = "rundll32.exe "D:\WINDOWS\System32\wyyjlhrp.dll",setvm" [MS]
"Outpost Firewall" = "D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B797CBF2-48B7-49D2-905C-212DD8CE721e}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\pihbspmi.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
-> {HKLM...CLSID} = "oshdlr.ShellHandler"
\InProcServer32\(Default) = "D:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> gebcd\DLLName = "D:\WINDOWS\System32\gebcd.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Startup items in "Jacek" & "All Users" startup folders:
-------------------------------------------------------

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 11 seconds.
---------- (total run time: 70 seconds)

LOG Z COMBOSCANA

ComboScan v20070306.20 run by Jacek on 2007-03-17 at 21:48:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jacek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:48:07, on 2007-03-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Netia\Net\netianet.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
D:\Program Files\Common Files\Agnitum Shared\Aupdate\aupdrun.exe
D:\Documents and Settings\Jacek\Pulpit\comboscan.exe
D:\DOCUME~1\Jacek\Pulpit\HIJACK~1\Jacek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\pihbspmi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\wyyjlhrp.dll",setvm
O4 - HKLM\..\Run: [Outpost Firewall] D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76
O20 - Winlogon Notify: gebcd - D:\WINDOWS\System32\gebcd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

-- Files created between 2007-02-17 and 2007-03-17 -----------------------------

2007-03-17 21:38:27 0 d-------- D:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-03-17 21:38:25 0 d-------- D:\Program Files\Agnitum
2007-03-17 21:28:13 0 d-------- D:\avenger
2007-03-17 18:57:49 123412 --a------ D:\WINDOWS\System32\wyyjlhrp.dll
2007-03-17 18:57:46 132116 --a------ D:\WINDOWS\System32\pihbspmi.dll
2007-03-17 18:57:46 455807 ---hs---- D:\WINDOWS\System32\dcbeg.bak2<DCBEG~2.BAK>
2007-03-17 17:50:54 59392 --a------ D:\WINDOWS\System32\drivers\kvpndrv.sys
2007-03-17 17:34:39 0 d-------- D:\WINDOWS\System32\appmgmt
2007-03-17 16:42:52 43176 --a------ D:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-17 16:42:52 23352 --a------ D:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-17 16:42:52 31560 --a------ D:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-17 16:42:47 94424 --a------ D:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-17 16:42:47 85952 --a------ D:\WINDOWS\System32\drivers\aswmon.sys
2007-03-17 16:42:40 1060864 --a------ D:\WINDOWS\System32\MFC71.dll
2007-03-17 16:42:40 90112 --a------ D:\WINDOWS\System32\AVASTSS.scr
2007-03-17 16:42:40 689280 --a------ D:\WINDOWS\System32\aswBoot.exe
2007-03-17 16:42:34 0 d-------- D:\Program Files\Alwil Software<ALWILS~1>
2007-03-17 13:28:12 0 d--hs---- D:\FOUND.007
2007-03-17 10:18:28 0 d-------- D:\Program Files\GIMP-2.0
2007-03-16 22:37:03 1168 --a------ D:\WINDOWS\mozver.dat
2007-03-16 20:43:30 0 d-------- D:\VundoFix Backups<VUNDOF~1>
2007-03-16 20:40:20 0 d-------- D:\winamp
2007-03-16 20:32:00 115880 -----n--- D:\WINDOWS\System32\pxinsi64.exe
2007-03-16 20:32:00 129784 -----n--- D:\WINDOWS\System32\pxafs.dll
2007-03-16 20:32:00 36528 -----n--- D:\WINDOWS\System32\drivers\PxHelp20.sys
2007-03-16 20:32:00 2560 -----n--- D:\WINDOWS\System32\drivers\cdralw2k.sys
2007-03-16 20:32:00 2432 -----n--- D:\WINDOWS\System32\drivers\cdr4_xp.sys
2007-03-16 20:31:53 0 d-------- D:\Program Files\Winamp
2007-03-16 19:03:30 0 d--hs---- D:\FOUND.006
2007-03-16 18:36:38 0 d-------- D:\Program Files\Gadu-Gadu<GADU-G~1>
2007-03-16 18:17:18 0 d-------- D:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-16 18:13:50 348160 --a------ D:\WINDOWS\System32\msvcr71.dll
2007-03-16 18:13:50 499712 --a------ D:\WINDOWS\System32\msvcp71.dll
2007-03-16 18:10:44 0 --a------ D:\WINDOWS\nsreg.dat
2007-03-16 18:10:04 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-16 17:53:09 24064 --a------ D:\WINDOWS\System32\devldr32.exe
2007-03-16 17:38:02 0 d-------- D:\Program Files\Netia
2007-03-16 14:29:50 0 d--hs---- D:\FOUND.005
2007-03-15 16:57:29 208896 --a------ D:\WINDOWS\System32\nvudisp.exe
2007-03-15 16:55:23 42752 --a------ D:\WINDOWS\System32\drivers\stream.sys
2007-03-15 16:55:23 36480 --a------ D:\WINDOWS\System32\drivers\sfmanm.sys
2007-03-15 16:55:22 51200 --a------ D:\WINDOWS\System32\sfman32.dll
2007-03-15 16:55:22 495616 --a------ D:\WINDOWS\System32\sblfx.dll
2007-03-15 16:55:22 4096 --a------ D:\WINDOWS\System32\ksuser.dll
2007-03-15 16:55:22 135040 --a------ D:\WINDOWS\System32\drivers\portcls.sys
2007-03-15 16:55:22 134144 --a------ D:\WINDOWS\System32\drivers\ks.sys
2007-03-15 16:55:21 283904 --a------ D:\WINDOWS\System32\drivers\emu10k1m.sys
2007-03-15 16:55:21 57344 --a------ D:\WINDOWS\System32\drivers\drmk.sys
2007-03-15 16:55:19 256512 --a------ D:\WINDOWS\System32\devcon32.dll
2007-03-15 16:55:17 4096 --a------ D:\WINDOWS\System32\ctwdm32.dll
2007-03-15 16:55:16 6912 --a------ D:\WINDOWS\System32\drivers\ctlfacem.sys
2007-03-14 17:11:48 0 d--hs---- D:\FOUND.004
2007-03-12 13:33:04 0 d--hs---- D:\FOUND.003
2007-03-12 12:04:54 0 d--hs---- D:\FOUND.002
2007-03-11 15:34:58 0 d--hs---- D:\FOUND.001
2007-03-10 17:53:51 0 d-------- D:\Program Files\Real Alternative<REALAL~1>
2007-03-10 17:53:51 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-10 17:41:35 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-10 17:40:31 208896 --a------ D:\WINDOWS\System32\NVUNINST.EXE
2007-03-10 15:54:43 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1>
2007-03-10 15:22:50 32768 --a------ D:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL>
2007-03-10 15:22:02 127497 --a------ D:\WINDOWS\System32\drivers\adiusbaw.sys
2007-03-10 15:22:02 155648 --a------ D:\WINDOWS\System32\adadix32.dll
2007-03-10 15:22:01 127456 --a------ D:\WINDOWS\System32\ipdetect.exe
2007-03-10 15:22:00 126976 --a------ D:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL>
2007-03-10 15:21:59 135168 --a------ D:\WINDOWS\System32\unaddrv.exe
2007-03-10 15:21:59 46167 --a------ D:\WINDOWS\System32\drivers\adildr.sys
2007-03-10 15:21:59 4981 --a------ D:\WINDOWS\System32\adadix2k.dll
2007-03-10 15:21:59 46892 --a------ D:\WINDOWS\System32\adadix16.dll
2007-03-10 15:21:58 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 15:21:56 0 d-------- D:\Program Files\SAGEM
2007-03-10 15:20:56 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-10 15:17:23 0 d--hs---- D:\Recycled
2007-03-10 15:14:17 41984 --a------ D:\WINDOWS\CTREGRUN.EXE
2007-03-10 15:12:36 90112 --a------ D:\WINDOWS\Updreg.exe
2007-03-10 15:12:31 36992 --a------ D:\WINDOWS\System32\drivers\sfman.sys
2007-03-10 15:12:30 775296 --a------ D:\WINDOWS\System32\drivers\emu10k1f.sys
2007-03-10 15:12:30 6912 --a------ D:\WINDOWS\System32\drivers\ctlface.sys
2007-03-10 15:12:30 59392 --a------ D:\WINDOWS\System32\a3d.dll
2007-03-10 15:10:00 1048576 -----n--- D:\WINDOWS\System32\sfman.dat
2007-03-10 15:10:00 84992 -----n--- D:\WINDOWS\System32\sfcvrt32.dll
2007-03-10 15:10:00 108032 -----n--- D:\WINDOWS\System32\mfcuia32.dll
2007-03-10 15:10:00 149504 -----n--- D:\WINDOWS\System32\mfcans32.dll
2007-03-10 15:10:00 82432 -----n--- D:\WINDOWS\System32\Ctwflt32.dll
2007-03-10 15:10:00 26768 -----n--- D:\WINDOWS\System32\ctl3d.dll
2007-03-10 15:10:00 34816 -----n--- D:\WINDOWS\CTRes32.dll
2007-03-10 15:10:00 24976 -----n--- D:\WINDOWS\ctres.dll
2007-03-10 15:10:00 53552 -----n--- D:\WINDOWS\ctccw.dll
2007-03-10 15:08:28 3584 --a------ D:\WINDOWS\System32\Ahqcpres.dll
2007-03-10 15:08:04 25088 --a------ D:\WINDOWS\System32\CTSVCCTL.EXE
2007-03-10 15:08:04 0 d-------- D:\Media
2007-03-10 15:07:40 307200 -----n--- D:\WINDOWS\System32\CtMp3Lib.dll
2007-03-10 15:07:40 110592 -----n--- D:\WINDOWS\System32\ctmp3io2.dll
2007-03-10 15:07:39 54784 -----n--- D:\WINDOWS\System32\Inetwh32.dll
2007-03-10 15:07:39 24576 -----n--- D:\WINDOWS\System32\CTMERes.DLL
2007-03-10 15:07:39 393216 -----n--- D:\WINDOWS\System32\CTMedEng.dll
2007-03-10 15:07:39 28672 -----n--- D:\WINDOWS\System32\CTIntRes.dll
2007-03-10 15:07:39 155648 -----n--- D:\WINDOWS\System32\CTDrmUI.dll
2007-03-10 15:07:39 73728 -----n--- D:\WINDOWS\System32\CTDrmRes.dll
2007-03-10 15:07:39 57856 -----n--- D:\WINDOWS\System32\CTDETRES.DLL
2007-03-10 15:07:04 6752 -----n--- D:\WINDOWS\System32\PfModNT.sys
2007-03-10 15:07:04 0 d-------- D:\Program Files\Creative
2007-03-10 15:02:33 0 d-------- D:\WINDOWS\SiS
2007-03-10 15:02:32 0 d-------- D:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-03-10 15:02:32 27392 -ra------ D:\WINDOWS\System32\drivers\SISAGP.SYS
2007-03-10 15:02:19 306688 --a------ D:\WINDOWS\IsUninst.exe
2007-03-10 15:02:14 304640 --a------ D:\WINDOWS\IsUn0415.exe
2007-03-10 15:02:13 3583 -ra------ D:\WINDOWS\SiSport.sys
2007-03-10 15:02:13 32768 -ra------ D:\WINDOWS\SIS_LIB.DLL
2007-03-10 15:02:12 102400 -ra------ D:\WINDOWS\SiSUSBrg.exe
2007-03-10 15:01:44 0 d-------- D:\WINDOWS\System32\Tools
2007-03-10 15:01:38 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 14:59:23 0 d--hs---- D:\WINDOWS\Installer<INSTAL~1>
2007-03-10 14:58:26 0 d--hs---- D:\System Volume Information<SYSTEM~1>
2007-03-10 14:58:25 0 d-------- D:\WINDOWS\Prefetch
2007-03-10 14:51:35 0 d-------- D:\WINDOWS\System32\xircom
2007-03-10 14:51:35 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-10 14:50:57 112128 --a------ D:\WINDOWS\System32\mapi32.dll
2007-03-10 14:50:02 0 dr------- D:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-10 14:50:01 0 d---s---- D:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-10 14:49:38 0 d-------- D:\WINDOWS\srchasst
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\Macromed
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\DirectX
2007-03-10 14:49:21 17408 --a------ D:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 14:49:21 179200 --a------ D:\WINDOWS\System32\qmgr.dll
2007-03-10 14:49:20 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1>
2007-03-10 14:49:06 40960 --a------ D:\WINDOWS\System32\safrslv.dll
2007-03-10 14:49:06 26624 --a------ D:\WINDOWS\System32\safrdm.dll
2007-03-10 14:49:05 39424 --a------ D:\WINDOWS\System32\safrcdlg.dll
2007-03-10 14:49:05 33792 --a------ D:\WINDOWS\System32\racpldlg.dll
2007-03-10 14:49:05 11264 --a------ D:\WINDOWS\System32\atrace.dll
2007-03-10 14:48:56 155648 --a------ D:\WINDOWS\System32\srsvc.dll
2007-03-10 14:48:56 219136 --a------ D:\WINDOWS\System32\srrstr.dll
2007-03-10 14:48:56 61952 --a------ D:\WINDOWS\System32\srclient.dll
2007-03-10 14:48:56 0 d-------- D:\WINDOWS\System32\Restore
2007-03-10 14:48:56 70400 --a------ D:\WINDOWS\System32\drivers\sr.sys
2007-03-10 14:48:55 24576 --a------ D:\WINDOWS\System32\nmmkcert.dll
2007-03-10 14:48:55 12288 --a------ D:\WINDOWS\System32\nmevtmsg.dll
2007-03-10 14:48:55 32768 --a------ D:\WINDOWS\System32\mnmsrvc.exe
2007-03-10 14:48:55 32384 --a------ D:\WINDOWS\System32\mnmdd.dll
2007-03-10 14:48:55 28672 --a------ D:\WINDOWS\System32\isrdbg32.dll
2007-03-10 14:48:55 73728 --a------ D:\WINDOWS\System32\ils.dll
2007-03-10 14:48:54 65536 --a------ D:\WINDOWS\System32\msconf.dll
2007-03-10 14:48:52 90624 --a------ D:\WINDOWS\System32\msoert2.dll
2007-03-10 14:48:52 67584 --a------ D:\WINDOWS\System32\acctres.dll
2007-03-10 14:48:52 0 d-------- D:\WINDOWS\PCHEALTH
2007-03-10 14:48:51 228864 --a------ D:\WINDOWS\System32\msoeacct.dll
2007-03-10 14:48:50 49152 --a------ D:\WINDOWS\System32\inetres.dll
2007-03-10 14:48:50 593920 --a------ D:\WINDOWS\System32\inetcomm.dll
2007-03-10 14:48:46 0 d---s---- D:\WINDOWS\Tasks
2007-03-10 14:48:46 159744 --a------ D:\WINDOWS\System32\schedsvc.dll
2007-03-10 14:48:46 9728 --a------ D:\WINDOWS\System32\mstinit.exe
2007-03-10 14:48:46 253440 --a------ D:\WINDOWS\System32\mstask.dll
2007-03-10 14:48:46 81920 --a------ D:\WINDOWS\System32\isign32.dll
2007-03-10 14:48:46 270336 --a------ D:\WINDOWS\System32\inetcfg.dll
2007-03-10 14:48:46 61440 --a------ D:\WINDOWS\System32\icwphbk.dll
2007-03-10 14:48:46 69632 --a------ D:\WINDOWS\System32\icwdial.dll
2007-03-10 14:48:46 16384 --a------ D:\WINDOWS\System32\icfgnt5.dll
2007-03-10 14:48:44 0 d-------- D:\Program Files\Common Files\MSSoap
2007-03-10 14:48:03 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-10 14:47:47 0 d-------- D:\WINDOWS\Registration<REGIST~1>
2007-03-10 14:47:42 0 d--h----- D:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-10 14:47:42 0 d-------- D:\Program Files\Usługi online<USŁUGI~1>
2007-03-10 14:47:36 0 d-------- D:\Program Files\Messenger<MESSEN~1>
2007-03-10 14:47:29 5632 --a------ D:\WINDOWS\System32\write.exe
2007-03-10 14:47:29 0 d-------- D:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-10 14:47:20 139264 --a------ D:\WINDOWS\System32\sndvol32.exe
2007-03-10 14:47:20 125440 --a------ D:\WINDOWS\System32\sndrec32.exe
2007-03-10 14:47:20 118272 --a------ D:\WINDOWS\System32\mplay32.exe
2007-03-10 14:47:20 494592 --a------ D:\WINDOWS\System32\hypertrm.dll
2007-03-10 14:47:20 44544 --a------ D:\WINDOWS\System32\hticons.dll
2007-03-10 14:47:20 73216 --a------ D:\WINDOWS\System32\avwav.dll
2007-03-10 14:47:20 231424 --a------ D:\WINDOWS\System32\avtapi.dll
2007-03-10 14:47:20 16384 --a------ D:\WINDOWS\System32\avmeter.dll
2007-03-10 14:47:20 183296 --a------ D:\WINDOWS\System32\accwiz.exe
2007-03-10 14:47:19 35328 --a------ D:\WINDOWS\System32\winchat.exe
2007-03-10 14:47:19 0 d-------- D:\Program Files\Windows NT<WINDOW~1>
2007-03-10 14:47:18 342016 --a------ D:\WINDOWS\System32\mspaint.exe
2007-03-10 14:47:14 605696 --a------ D:\WINDOWS\System32\getuname.dll
2007-03-10 14:47:14 99328 --a------ D:\WINDOWS\System32\clipbrd.exe
2007-03-10 14:47:13 534016 --a------ D:\WINDOWS\System32\spider.exe
2007-03-10 14:47:13 57344 --a------ D:\WINDOWS\System32\sol.exe
2007-03-10 14:47:13 80896 --a------ D:\WINDOWS\System32\charmap.exe
2007-03-10 14:47:13 115200 --a------ D:\WINDOWS\System32\calc.exe
2007-03-10 14:47:12 4096 --a------ D:\WINDOWS\System32\wuauserv.dll
2007-03-10 14:47:12 95744 --a------ D:\WINDOWS\System32\wuaueng.dll
2007-03-10 14:47:12 113664 --a------ D:\WINDOWS\System32\wuauclt.exe
2007-03-10 14:47:12 119808 --a------ D:\WINDOWS\System32\winmine.exe
2007-03-10 14:47:12 128000 --a------ D:\WINDOWS\System32\mshearts.exe
2007-03-10 14:47:12 55808 --a------ D:\WINDOWS\System32\freecell.exe
2007-03-10 14:47:12 20232 --a------ D:\WINDOWS\System32\drivers\tdtcp.sys
2007-03-10 14:47:12 11144 --a------ D:\WINDOWS\System32\drivers\tdpipe.sys
2007-03-10 14:47:12 107912 --a------ D:\WINDOWS\System32\drivers\rdpwd.sys
2007-03-10 14:47:11 1225 --a------ D:\WINDOWS\System32\usrlogon.cmd
2007-03-10 14:47:11 40448 --a------ D:\WINDOWS\System32\tscupgrd.exe
2007-03-10 14:47:11 89600 --a------ D:\WINDOWS\System32\tscfgwmi.dll
2007-03-10 14:47:11 131072 --a------ D:\WINDOWS\System32\sessmgr.exe
2007-03-10 14:47:11 9728 --a------ D:\WINDOWS\System32\reset.exe
2007-03-10 14:47:11 56832 --a------ D:\WINDOWS\System32\remotepg.dll
2007-03-10 14:47:11 61952 --a------ D:\WINDOWS\System32\rdshost.exe
2007-03-10 14:47:11 12288 --a------ D:\WINDOWS\System32\rdsaddin.exe
2007-03-10 14:47:11 134656 --a------ D:\WINDOWS\System32\rdchost.dll
2007-03-10 14:47:11 503296 --a------ D:\WINDOWS\System32\mstscax.dll
2007-03-10 14:47:11 387072 --a------ D:\WINDOWS\System32\mstsc.exe
2007-03-10 14:47:10 17920 --a------ D:\WINDOWS\System32\tsshutdn.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\tskill.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tsdiscon.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tscon.exe
2007-03-10 14:47:10 198656 --a------ D:\WINDOWS\System32\termsrv.dll
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\shadow.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\rwinsta.exe
2007-03-10 14:47:10 33792 --a------ D:\WINDOWS\System32\regini.exe
2007-03-10 14:47:10 73864 --a------ D:\WINDOWS\System32\rdpwsx.dll
2007-03-10 14:47:10 14848 --a------ D:\WINDOWS\System32\rdpsnd.dll
2007-03-10 14:47:10 41984 --a------ D:\WINDOWS\System32\rdpclip.exe
2007-03-10 14:47:10 4608 --a------ D:\WINDOWS\System32\rdpcfgex.dll
2007-03-10 14:47:10 22528 --a------ D:\WINDOWS\System32\qwinsta.exe
2007-03-10 14:47:10 19456 --a------ D:\WINDOWS\System32\qprocess.exe
2007-03-10 14:47:10 17408 --a------ D:\WINDOWS\System32\qappsrv.exe
2007-03-10 14:47:09 83968 --a------ D:\WINDOWS\System32\mtxoci.dll
2007-03-10 14:47:09 22528 --a------ D:\WINDOWS\System32\msg.exe
2007-03-10 14:47:09 151040 --a------ D:\WINDOWS\System32\msdtcuiu.dll
2007-03-10 14:47:09 869376 --a------ D:\WINDOWS\System32\msdtctm.dll
2007-03-10 14:47:09 360960 --a------ D:\WINDOWS\System32\msdtcprx.dll
2007-03-10 14:47:09 0 d-------- D:\WINDOWS\System32\MsDtc
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\logoff.exe
2007-03-10 14:47:09 8704 --a------ D:\WINDOWS\System32\icaapi.dll
2007-03-10 14:47:09 32768 --a------ D:\WINDOWS\System32\cfgbkend.dll
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\cdmodem.dll
2007-03-10 14:47:08 9728 --a------ D:\WINDOWS\System32\xolehlp.dll
2007-03-10 14:47:08 54784 --a------ D:\WINDOWS\System32\msdtclog.dll
2007-03-10 14:47:08 6144 --a------ D:\WINDOWS\System32\msdtc.exe
2007-03-10 14:47:07 54272 --a------ D:\WINDOWS\System32\stclient.dll
2007-03-10 14:47:07 25088 --a------ D:\WINDOWS\System32\mtxlegih.dll
2007-03-10 14:47:07 4096 --a------ D:\WINDOWS\System32\mtxex.dll
2007-03-10 14:47:07 20480 --a------ D:\WINDOWS\System32\mtxdm.dll
2007-03-10 14:47:07 5120 --a------ D:\WINDOWS\System32\dcomcnfg.exe
2007-03-10 14:47:07 82432 --a------ D:\WINDOWS\System32\comrepl.dll
2007-03-10 14:47:07 25600 --a------ D:\WINDOWS\System32\comaddin.dll
2007-03-10 14:47:07 0 d-------- D:\WINDOWS\System32\Com
2007-03-10 14:47:07 56832 --a------ D:\WINDOWS\System32\colbact.dll
2007-03-10 14:47:07 100864 --a------ D:\WINDOWS\System32\clbcatex.dll
2007-03-10 14:47:07 85504 --a------ D:\WINDOWS\System32\catsrvps.dll
2007-03-10 14:47:06 495616 --a------ D:\WINDOWS\System32\comuid.dll
2007-03-10 14:47:06 1139200 --a------ D:\WINDOWS\System32\comsvcs.dll
2007-03-10 14:47:06 147456 --a------ D:\WINDOWS\System32\comsnap.dll
2007-03-10 14:47:06 468480 --a------ D:\WINDOWS\System32\clbcatq.dll
2007-03-10 14:47:06 583168 --a------ D:\WINDOWS\System32\catsrvut.dll
2007-03-10 14:47:06 215040 --a------ D:\WINDOWS\System32\catsrv.dll
2007-03-10 14:46:57 53248 --a------ D:\WINDOWS\System32\servdeps.dll
2007-03-10 14:46:57 16896 --a------ D:\WINDOWS\System32\mmfutil.dll
2007-03-10 14:46:56 57344 --a------ D:\WINDOWS\System32\licwmi.dll
2007-03-10 14:46:56 177152 --a------ D:\WINDOWS\System32\cmprops.dll
2007-03-10 14:46:54 37896 --a------ D:\WINDOWS\System32\drivers\termdd.sys
2007-03-10 14:46:54 181632 --a------ D:\WINDOWS\System32\drivers\rdpdr.sys
2007-03-10 14:42:58 0 d--hs---- D:\FOUND.000
2007-03-10 14:38:01 5632 --a------ D:\WINDOWS\System32\drivers\splitter.sys
2007-03-10 14:38:00 122472 --a------ D:\WINDOWS\System32\drivers\aec.sys
2007-03-10 14:37:59 2816 --a------ D:\WINDOWS\System32\drivers\drmkaud.sys
2007-03-10 14:37:57 4608 --a------ D:\WINDOWS\System32\drivers\MSPQM.sys
2007-03-10 14:37:56 54272 --a------ D:\WINDOWS\System32\drivers\swmidi.sys
2007-03-10 14:37:55 50048 --a------ D:\WINDOWS\System32\drivers\DMusic.sys
2007-03-10 14:37:54 79616 --a------ D:\WINDOWS\System32\drivers\wdmaud.sys
2007-03-10 14:37:52 6400 --a------ D:\WINDOWS\System32\drivers\MSKSSRV.sys
2007-03-10 14:37:51 159232 --a------ D:\WINDOWS\System32\drivers\kmixer.sys
2007-03-10 14:37:50 57472 --a------ D:\WINDOWS\System32\drivers\sysaudio.sys
2007-03-10 14:37:49 5120 --a------ D:\WINDOWS\System32\drivers\MSPCLOCK.sys
2007-03-10 14:37:45 3072 --a------ D:\WINDOWS\System32\drivers\audstub.sys
2007-03-10 14:37:26 57088 --a------ D:\WINDOWS\System32\drivers\redbook.sys
2007-03-10 14:37:17 1738496 --a------ D:\WINDOWS\System32\nv4.dll
2007-03-10 14:37:17 731648 --a------ D:\WINDOWS\System32\drivers\nv4.sys
2007-03-10 14:37:07 3712 --a------ D:\WINDOWS\System32\drivers\ctljystk.sys
2007-03-10 14:37:02 2944 --a------ D:\WINDOWS\System32\drivers\msmpu401.sys
2007-03-10 14:37:00 9728 --a------ D:\WINDOWS\System32\drivers\gameenum.sys
2007-03-10 14:36:41 70144 --a------ D:\WINDOWS\System32\usbui.dll
2007-03-10 14:35:45 0 d-------- D:\Program Files\Common Files\ODBC
2007-03-10 14:35:42 0 dr------- D:\Program Files<PROGRA~1>
2007-03-10 14:35:42 0 d-------- D:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-10 14:35:40 6144 -ra------ D:\WINDOWS\System32\kbdtuq.dll
2007-03-10 14:35:40 5632 -ra------ D:\WINDOWS\System32\kbdazel.dll
2007-03-10 14:35:39 6144 -ra------ D:\WINDOWS\System32\kbdtuf.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdmon.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdkyr.dll
2007-03-10 14:35:36 8192 -ra------ D:\WINDOWS\System32\kbdhept.dll
2007-03-10 14:35:36 6656 -ra------ D:\WINDOWS\System32\kbdhela3.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdhela2.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe319.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe220.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdgkl.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv1.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt1.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdest.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdycl.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdro.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdhu1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdhu.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz2.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz1.dll
2007-03-10 14:35:32 7168 --a------ D:\WINDOWS\System32\kbdcz.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcr.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\KBDAL.DLL
2007-03-10 14:35:31 24661 --a------ D:\WINDOWS\System32\spxcoins.dll
2007-03-10 14:35:31 13312 --a------ D:\WINDOWS\System32\irclass.dll
2007-03-10 14:35:31 103424 --a------ D:\WINDOWS\System32\EqnClass.Dll
2007-03-10 14:35:31 10496 --a------ D:\WINDOWS\System32\drivers\irenum.sys
2007-03-10 14:35:31 85532 --a------ D:\WINDOWS\System32\dgsetup.dll
2007-03-10 14:35:31 176157 --a------ D:\WINDOWS\System32\dgrpsetu.dll
2007-03-10 14:35:30 6656 --a------ D:\WINDOWS\System32\batt.dll
2007-03-10 14:35:30 9168 --a------ D:\WINDOWS\system\VER.DLL
2007-03-10 14:35:30 19200 --a------ D:\WINDOWS\system\TAPI.DLL
2007-03-10 14:35:30 5120 --a------ D:\WINDOWS\system\SHELL.DLL
2007-03-10 14:35:30 24064 --a------ D:\WINDOWS\system\OLESVR.DLL
2007-03-10 14:35:30 83456 --a------ D:\WINDOWS\system\OLECLI.DLL
2007-03-10 14:35:30 127008 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2007-03-10 14:35:29 15360 --a------ D:\WINDOWS\TASKMAN.EXE
2007-03-10 14:35:29 69712 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2007-03-10 14:35:29 9936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2007-03-10 14:35:29 33376 --a------ D:\WINDOWS\system\COMMDLG.DLL
2007-03-10 14:35:29 109488 --a------ D:\WINDOWS\system\AVIFILE.DLL
2007-03-10 14:35:29 70096 --a------ D:\WINDOWS\system\AVICAP.DLL
2007-03-10 14:35:29 67072 --a------ D:\WINDOWS\NOTEPAD.EXE
2007-03-10 14:35:28 71680 --a------ D:\WINDOWS\System32\storprop.dll
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot2
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot
2007-03-10 14:34:51 0 d-------- D:\Documents and Settings<DOCUME~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\WinSxS
2007-03-10 14:30:51 0 dr------- D:\WINDOWS\Web
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\twain_32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wins
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wbem
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\usmt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\spool
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ShellExt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\Setup
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ras
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\oobe
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\npp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\inetsrv
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\IME
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\icsxml
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ias
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\export
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\etc
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\disdn
2007-03-10 14:30:51 0 dr-hs---- D:\WINDOWS\System32\dllcache
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\dhcp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3com_dmi
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3076
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\2052
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1054
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1045
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1042
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1041
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1037
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1033
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1031
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1028
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1025
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\security
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Resources<RESOUR~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\repair
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msapps
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msagent
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Media
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\java
2007-03-10 14:30:51 0 d--h----- D:\WINDOWS\inf
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\ime
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Help
2007-03-10 14:30:51 0 dr--s---- D:\WINDOWS\Fonts
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Debug
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Cursors
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\AppPatch
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2007-03-17 21:35:06 355486 --a------ D:\WINDOWS\System32\perfh015.dat
2007-03-17 21:35:06 49492 --a------ D:\WINDOWS\System32\perfc015.dat
2007-03-17 17:52:10 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Kerio
2007-03-16 22:37:12 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Macromedia<MACROM~1>
2007-03-16 18:43:38 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\SearchToolbarCorp<SEARCH~1>
2007-03-16 18:10:30 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Mozilla
2007-03-15 16:51:24 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\vlc
2007-03-11 11:00:54 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\DeepBurner<DEEPBU~1>
2007-03-11 09:10:04 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Help
2007-03-10 18:06:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Leadertech<LEADER~1>
2007-03-10 17:53:52 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Real
2007-03-10 14:59:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Identities<IDENTI~1>
2007-03-10 14:43:36 62 --ahs---- D:\Documents and Settings\Jacek\Dane aplikacji\desktop.ini
2007-03-10 14:43:18 0 d---s---- D:\Documents and Settings\Jacek\Dane aplikacji\Microsoft<MICROS~1>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="D:\\WINDOWS\\SiSUSBrg.exe"
"Disc Detector"="D:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="D:\\WINDOWS\\Updreg.exe"
"AHQInit"="D:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"AudioHQ"="D:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"2chkdsk"="rundll32.exe \"D:\\WINDOWS\\System32\\wyyjlhrp.dll\",setvm"
"Outpost Firewall"="D:\\PROGRA~1\\AGNITUM\\OUTPOS~1.0\\outpost.exe /waitservice"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4B50DEB2-891B-4CEE-A06C-144207F4015E}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ADBLOCK.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CONTENT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_DNSCACHE.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_FTPFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTMLFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_IMAPFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MAILFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NNTPFILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_POP3FILT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PROTECT.DLL
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VFILT

-- End of ComboScan: finished at 2007-03-17 at 21:48:30 ------------------------

**Posty:** 18165 · przez **wojtas** 18 Mar 2007, 12:40

uruchom narzędzie : The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\System32\wyyjlhrp.dll
D:\WINDOWS\System32\pihbspmi.dll
D:\WINDOWS\System32\dcbeg.bak2
D:\FOUND.007
D:\FOUND.006
D:\FOUND.005
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
D:\FOUND.000

Files\{5088595B-06C5-1045-0131-020308020030}

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O2 - BHO: (no name) - {B797CBF2-48B7-49D2-905C-212DD8CE721e} - D:\WINDOWS\System32\pihbspmi.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "D:\WINDOWS\System32\wyyjlhrp.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: gebcd - D:\WINDOWS\System32\gebcd.dll (file missing)

otwierasz notatnik wklejasz do niego:"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"2chkdsk"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Portable Device Drivers"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows Portable Device Drivers"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify]

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log comboscana + log z Silent Runners.

**Posty:** 127 · przez **bluejack** 20 Mar 2007, 14:10

AVANGER

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prpfbgwg

*******************

Script file located at: \??\D:\Documents and Settings\xitsxgts.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

File D:\WINDOWS\System32\wyyjlhrp.dll deleted successfully.
File D:\WINDOWS\System32\pihbspmi.dll deleted successfully.
File D:\WINDOWS\System32\dcbeg.bak2 deleted successfully.

Error: D:\FOUND.007 is a folder, not a file!
Deletion of file D:\FOUND.007 failed!

Could not process line:
D:\FOUND.007
Status: 0xc00000ba

Error: D:\FOUND.006 is a folder, not a file!
Deletion of file D:\FOUND.006 failed!

Could not process line:
D:\FOUND.006
Status: 0xc00000ba

Error: D:\FOUND.005 is a folder, not a file!
Deletion of file D:\FOUND.005 failed!

Could not process line:
D:\FOUND.005
Status: 0xc00000ba

Error: D:\FOUND.004 is a folder, not a file!
Deletion of file D:\FOUND.004 failed!

Could not process line:
D:\FOUND.004
Status: 0xc00000ba

Error: D:\FOUND.003 is a folder, not a file!
Deletion of file D:\FOUND.003 failed!

Could not process line:
D:\FOUND.003
Status: 0xc00000ba

Error: D:\FOUND.002 is a folder, not a file!
Deletion of file D:\FOUND.002 failed!

Could not process line:
D:\FOUND.002
Status: 0xc00000ba

Error: D:\FOUND.001 is a folder, not a file!
Deletion of file D:\FOUND.001 failed!

Could not process line:
D:\FOUND.001
Status: 0xc00000ba

Error: D:\FOUND.000 is a folder, not a file!
Deletion of file D:\FOUND.000 failed!

Could not process line:
D:\FOUND.000
Status: 0xc00000ba

Could not open file Files\{5088595B-06C5-1045-0131-020308020030} for deletion
Deletion of file Files\{5088595B-06C5-1045-0131-020308020030} failed!

Could not process line:
Files\{5088595B-06C5-1045-0131-020308020030}
Status: 0xc000003a

Completed script processing.

*******************

Finished! Terminate.

COMBOSCAN

ComboScan v20070306.20 run by Jacek on 2007-03-20 at 12:55:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jacek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:55:09, on 2007-03-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Program Files\Netia\Net\netianet.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Jacek\Pulpit\comboscan.exe
D:\DOCUME~1\Jacek\Pulpit\HIJACK~1\Jacek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] D:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0332024-7778-4F14-A012-7DA42281EAB2}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: WMDM PMSP Service - Unknown owner - D:\WINDOWS\System32\MsPMSPSv.exe (file missing)

-- Files created between 2007-02-20 and 2007-03-20 -----------------------------

2007-03-19 15:21:54 0 d--hs---- D:\FOUND.009
2007-03-18 16:30:40 0 d-------- D:\Program Files\Inkscape
2007-03-18 12:52:38 0 d-------- D:\avenger
2007-03-18 10:46:56 0 d--hs---- D:\FOUND.008
2007-03-17 21:38:27 0 d-------- D:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-03-17 21:38:25 0 d-------- D:\Program Files\Agnitum
2007-03-17 17:50:54 59392 --a------ D:\WINDOWS\System32\drivers\kvpndrv.sys
2007-03-17 17:34:39 0 d-------- D:\WINDOWS\System32\appmgmt
2007-03-17 16:42:52 43176 --a------ D:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-17 16:42:52 23352 --a------ D:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-17 16:42:52 31560 --a------ D:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-17 16:42:47 94424 --a------ D:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-17 16:42:47 85952 --a------ D:\WINDOWS\System32\drivers\aswmon.sys
2007-03-17 16:42:40 1060864 --a------ D:\WINDOWS\System32\MFC71.dll
2007-03-17 16:42:40 90112 --a------ D:\WINDOWS\System32\AVASTSS.scr
2007-03-17 16:42:40 689280 --a------ D:\WINDOWS\System32\aswBoot.exe
2007-03-17 16:42:34 0 d-------- D:\Program Files\Alwil Software<ALWILS~1>
2007-03-17 13:28:12 0 d--hs---- D:\FOUND.007
2007-03-17 10:18:28 0 d-------- D:\Program Files\GIMP-2.0
2007-03-16 22:37:03 1168 --a------ D:\WINDOWS\mozver.dat
2007-03-16 20:43:30 0 d-------- D:\VundoFix Backups<VUNDOF~1>
2007-03-16 20:40:20 0 d-------- D:\winamp
2007-03-16 20:32:00 115880 -----n--- D:\WINDOWS\System32\pxinsi64.exe
2007-03-16 20:32:00 129784 -----n--- D:\WINDOWS\System32\pxafs.dll
2007-03-16 20:32:00 36528 -----n--- D:\WINDOWS\System32\drivers\PxHelp20.sys
2007-03-16 20:32:00 2560 -----n--- D:\WINDOWS\System32\drivers\cdralw2k.sys
2007-03-16 20:32:00 2432 -----n--- D:\WINDOWS\System32\drivers\cdr4_xp.sys
2007-03-16 20:31:53 0 d-------- D:\Program Files\Winamp
2007-03-16 19:03:30 0 d--hs---- D:\FOUND.006
2007-03-16 18:36:38 0 d-------- D:\Program Files\Gadu-Gadu<GADU-G~1>
2007-03-16 18:17:18 0 d-------- D:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-16 18:13:50 348160 --a------ D:\WINDOWS\System32\msvcr71.dll
2007-03-16 18:13:50 499712 --a------ D:\WINDOWS\System32\msvcp71.dll
2007-03-16 18:10:44 0 --a------ D:\WINDOWS\nsreg.dat
2007-03-16 18:10:04 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-16 17:53:09 24064 --a------ D:\WINDOWS\System32\devldr32.exe
2007-03-16 17:38:02 0 d-------- D:\Program Files\Netia
2007-03-16 14:29:50 0 d--hs---- D:\FOUND.005
2007-03-15 16:57:29 208896 --a------ D:\WINDOWS\System32\nvudisp.exe
2007-03-15 16:55:23 42752 --a------ D:\WINDOWS\System32\drivers\stream.sys
2007-03-15 16:55:23 36480 --a------ D:\WINDOWS\System32\drivers\sfmanm.sys
2007-03-15 16:55:22 51200 --a------ D:\WINDOWS\System32\sfman32.dll
2007-03-15 16:55:22 495616 --a------ D:\WINDOWS\System32\sblfx.dll
2007-03-15 16:55:22 4096 --a------ D:\WINDOWS\System32\ksuser.dll
2007-03-15 16:55:22 135040 --a------ D:\WINDOWS\System32\drivers\portcls.sys
2007-03-15 16:55:22 134144 --a------ D:\WINDOWS\System32\drivers\ks.sys
2007-03-15 16:55:21 283904 --a------ D:\WINDOWS\System32\drivers\emu10k1m.sys
2007-03-15 16:55:21 57344 --a------ D:\WINDOWS\System32\drivers\drmk.sys
2007-03-15 16:55:19 256512 --a------ D:\WINDOWS\System32\devcon32.dll
2007-03-15 16:55:17 4096 --a------ D:\WINDOWS\System32\ctwdm32.dll
2007-03-15 16:55:16 6912 --a------ D:\WINDOWS\System32\drivers\ctlfacem.sys
2007-03-14 17:11:48 0 d--hs---- D:\FOUND.004
2007-03-12 13:33:04 0 d--hs---- D:\FOUND.003
2007-03-12 12:04:54 0 d--hs---- D:\FOUND.002
2007-03-11 15:34:58 0 d--hs---- D:\FOUND.001
2007-03-10 17:53:51 0 d-------- D:\Program Files\Real Alternative<REALAL~1>
2007-03-10 17:53:51 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-10 17:41:35 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-10 17:40:31 208896 --a------ D:\WINDOWS\System32\NVUNINST.EXE
2007-03-10 15:54:43 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1>
2007-03-10 15:22:50 32768 --a------ D:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL>
2007-03-10 15:22:02 127497 --a------ D:\WINDOWS\System32\drivers\adiusbaw.sys
2007-03-10 15:22:02 155648 --a------ D:\WINDOWS\System32\adadix32.dll
2007-03-10 15:22:01 127456 --a------ D:\WINDOWS\System32\ipdetect.exe
2007-03-10 15:22:00 126976 --a------ D:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL>
2007-03-10 15:21:59 135168 --a------ D:\WINDOWS\System32\unaddrv.exe
2007-03-10 15:21:59 46167 --a------ D:\WINDOWS\System32\drivers\adildr.sys
2007-03-10 15:21:59 4981 --a------ D:\WINDOWS\System32\adadix2k.dll
2007-03-10 15:21:59 46892 --a------ D:\WINDOWS\System32\adadix16.dll
2007-03-10 15:21:58 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 15:21:56 0 d-------- D:\Program Files\SAGEM
2007-03-10 15:20:56 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-10 15:17:23 0 d--hs---- D:\Recycled
2007-03-10 15:14:17 41984 --a------ D:\WINDOWS\CTREGRUN.EXE
2007-03-10 15:12:36 90112 --a------ D:\WINDOWS\Updreg.exe
2007-03-10 15:12:31 36992 --a------ D:\WINDOWS\System32\drivers\sfman.sys
2007-03-10 15:12:30 775296 --a------ D:\WINDOWS\System32\drivers\emu10k1f.sys
2007-03-10 15:12:30 6912 --a------ D:\WINDOWS\System32\drivers\ctlface.sys
2007-03-10 15:12:30 59392 --a------ D:\WINDOWS\System32\a3d.dll
2007-03-10 15:10:00 1048576 -----n--- D:\WINDOWS\System32\sfman.dat
2007-03-10 15:10:00 84992 -----n--- D:\WINDOWS\System32\sfcvrt32.dll
2007-03-10 15:10:00 108032 -----n--- D:\WINDOWS\System32\mfcuia32.dll
2007-03-10 15:10:00 149504 -----n--- D:\WINDOWS\System32\mfcans32.dll
2007-03-10 15:10:00 82432 -----n--- D:\WINDOWS\System32\Ctwflt32.dll
2007-03-10 15:10:00 26768 -----n--- D:\WINDOWS\System32\ctl3d.dll
2007-03-10 15:10:00 34816 -----n--- D:\WINDOWS\CTRes32.dll
2007-03-10 15:10:00 24976 -----n--- D:\WINDOWS\ctres.dll
2007-03-10 15:10:00 53552 -----n--- D:\WINDOWS\ctccw.dll
2007-03-10 15:08:28 3584 --a------ D:\WINDOWS\System32\Ahqcpres.dll
2007-03-10 15:08:04 25088 --a------ D:\WINDOWS\System32\CTSVCCTL.EXE
2007-03-10 15:08:04 0 d-------- D:\Media
2007-03-10 15:07:40 307200 -----n--- D:\WINDOWS\System32\CtMp3Lib.dll
2007-03-10 15:07:40 110592 -----n--- D:\WINDOWS\System32\ctmp3io2.dll
2007-03-10 15:07:39 54784 -----n--- D:\WINDOWS\System32\Inetwh32.dll
2007-03-10 15:07:39 24576 -----n--- D:\WINDOWS\System32\CTMERes.DLL
2007-03-10 15:07:39 393216 -----n--- D:\WINDOWS\System32\CTMedEng.dll
2007-03-10 15:07:39 28672 -----n--- D:\WINDOWS\System32\CTIntRes.dll
2007-03-10 15:07:39 155648 -----n--- D:\WINDOWS\System32\CTDrmUI.dll
2007-03-10 15:07:39 73728 -----n--- D:\WINDOWS\System32\CTDrmRes.dll
2007-03-10 15:07:39 57856 -----n--- D:\WINDOWS\System32\CTDETRES.DLL
2007-03-10 15:07:04 6752 -----n--- D:\WINDOWS\System32\PfModNT.sys
2007-03-10 15:07:04 0 d-------- D:\Program Files\Creative
2007-03-10 15:02:33 0 d-------- D:\WINDOWS\SiS
2007-03-10 15:02:32 0 d-------- D:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-03-10 15:02:32 27392 -ra------ D:\WINDOWS\System32\drivers\SISAGP.SYS
2007-03-10 15:02:19 306688 --a------ D:\WINDOWS\IsUninst.exe
2007-03-10 15:02:14 304640 --a------ D:\WINDOWS\IsUn0415.exe
2007-03-10 15:02:13 3583 -ra------ D:\WINDOWS\SiSport.sys
2007-03-10 15:02:13 32768 -ra------ D:\WINDOWS\SIS_LIB.DLL
2007-03-10 15:02:12 102400 -ra------ D:\WINDOWS\SiSUSBrg.exe
2007-03-10 15:01:44 0 d-------- D:\WINDOWS\System32\Tools
2007-03-10 15:01:38 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 14:59:23 0 d--hs---- D:\WINDOWS\Installer<INSTAL~1>
2007-03-10 14:58:26 0 d--hs---- D:\System Volume Information<SYSTEM~1>
2007-03-10 14:58:25 0 d-------- D:\WINDOWS\Prefetch
2007-03-10 14:51:35 0 d-------- D:\WINDOWS\System32\xircom
2007-03-10 14:51:35 0 d-------- D:\Program Files\microsoft frontpage<MICROS~1>
2007-03-10 14:50:57 112128 --a------ D:\WINDOWS\System32\mapi32.dll
2007-03-10 14:50:02 0 dr------- D:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-10 14:50:01 0 d---s---- D:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-10 14:49:38 0 d-------- D:\WINDOWS\srchasst
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\Macromed
2007-03-10 14:49:31 0 d-------- D:\WINDOWS\System32\DirectX
2007-03-10 14:49:21 17408 --a------ D:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 14:49:21 179200 --a------ D:\WINDOWS\System32\qmgr.dll
2007-03-10 14:49:20 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1>
2007-03-10 14:49:06 40960 --a------ D:\WINDOWS\System32\safrslv.dll
2007-03-10 14:49:06 26624 --a------ D:\WINDOWS\System32\safrdm.dll
2007-03-10 14:49:05 39424 --a------ D:\WINDOWS\System32\safrcdlg.dll
2007-03-10 14:49:05 33792 --a------ D:\WINDOWS\System32\racpldlg.dll
2007-03-10 14:49:05 11264 --a------ D:\WINDOWS\System32\atrace.dll
2007-03-10 14:48:56 155648 --a------ D:\WINDOWS\System32\srsvc.dll
2007-03-10 14:48:56 219136 --a------ D:\WINDOWS\System32\srrstr.dll
2007-03-10 14:48:56 61952 --a------ D:\WINDOWS\System32\srclient.dll
2007-03-10 14:48:56 0 d-------- D:\WINDOWS\System32\Restore
2007-03-10 14:48:56 70400 --a------ D:\WINDOWS\System32\drivers\sr.sys
2007-03-10 14:48:55 24576 --a------ D:\WINDOWS\System32\nmmkcert.dll
2007-03-10 14:48:55 12288 --a------ D:\WINDOWS\System32\nmevtmsg.dll
2007-03-10 14:48:55 32768 --a------ D:\WINDOWS\System32\mnmsrvc.exe
2007-03-10 14:48:55 32384 --a------ D:\WINDOWS\System32\mnmdd.dll
2007-03-10 14:48:55 28672 --a------ D:\WINDOWS\System32\isrdbg32.dll
2007-03-10 14:48:55 73728 --a------ D:\WINDOWS\System32\ils.dll
2007-03-10 14:48:54 65536 --a------ D:\WINDOWS\System32\msconf.dll
2007-03-10 14:48:52 90624 --a------ D:\WINDOWS\System32\msoert2.dll
2007-03-10 14:48:52 67584 --a------ D:\WINDOWS\System32\acctres.dll
2007-03-10 14:48:52 0 d-------- D:\WINDOWS\PCHEALTH
2007-03-10 14:48:51 228864 --a------ D:\WINDOWS\System32\msoeacct.dll
2007-03-10 14:48:50 49152 --a------ D:\WINDOWS\System32\inetres.dll
2007-03-10 14:48:50 593920 --a------ D:\WINDOWS\System32\inetcomm.dll
2007-03-10 14:48:46 0 d---s---- D:\WINDOWS\Tasks
2007-03-10 14:48:46 159744 --a------ D:\WINDOWS\System32\schedsvc.dll
2007-03-10 14:48:46 9728 --a------ D:\WINDOWS\System32\mstinit.exe
2007-03-10 14:48:46 253440 --a------ D:\WINDOWS\System32\mstask.dll
2007-03-10 14:48:46 81920 --a------ D:\WINDOWS\System32\isign32.dll
2007-03-10 14:48:46 270336 --a------ D:\WINDOWS\System32\inetcfg.dll
2007-03-10 14:48:46 61440 --a------ D:\WINDOWS\System32\icwphbk.dll
2007-03-10 14:48:46 69632 --a------ D:\WINDOWS\System32\icwdial.dll
2007-03-10 14:48:46 16384 --a------ D:\WINDOWS\System32\icfgnt5.dll
2007-03-10 14:48:44 0 d-------- D:\Program Files\Common Files\MSSoap
2007-03-10 14:48:03 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-10 14:47:47 0 d-------- D:\WINDOWS\Registration<REGIST~1>
2007-03-10 14:47:42 0 d--h----- D:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-10 14:47:42 0 d-------- D:\Program Files\Usługi online<USŁUGI~1>
2007-03-10 14:47:36 0 d-------- D:\Program Files\Messenger<MESSEN~1>
2007-03-10 14:47:29 5632 --a------ D:\WINDOWS\System32\write.exe
2007-03-10 14:47:29 0 d-------- D:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-10 14:47:20 139264 --a------ D:\WINDOWS\System32\sndvol32.exe
2007-03-10 14:47:20 125440 --a------ D:\WINDOWS\System32\sndrec32.exe
2007-03-10 14:47:20 118272 --a------ D:\WINDOWS\System32\mplay32.exe
2007-03-10 14:47:20 494592 --a------ D:\WINDOWS\System32\hypertrm.dll
2007-03-10 14:47:20 44544 --a------ D:\WINDOWS\System32\hticons.dll
2007-03-10 14:47:20 73216 --a------ D:\WINDOWS\System32\avwav.dll
2007-03-10 14:47:20 231424 --a------ D:\WINDOWS\System32\avtapi.dll
2007-03-10 14:47:20 16384 --a------ D:\WINDOWS\System32\avmeter.dll
2007-03-10 14:47:20 183296 --a------ D:\WINDOWS\System32\accwiz.exe
2007-03-10 14:47:19 35328 --a------ D:\WINDOWS\System32\winchat.exe
2007-03-10 14:47:19 0 d-------- D:\Program Files\Windows NT<WINDOW~1>
2007-03-10 14:47:18 342016 --a------ D:\WINDOWS\System32\mspaint.exe
2007-03-10 14:47:14 605696 --a------ D:\WINDOWS\System32\getuname.dll
2007-03-10 14:47:14 99328 --a------ D:\WINDOWS\System32\clipbrd.exe
2007-03-10 14:47:13 534016 --a------ D:\WINDOWS\System32\spider.exe
2007-03-10 14:47:13 57344 --a------ D:\WINDOWS\System32\sol.exe
2007-03-10 14:47:13 80896 --a------ D:\WINDOWS\System32\charmap.exe
2007-03-10 14:47:13 115200 --a------ D:\WINDOWS\System32\calc.exe
2007-03-10 14:47:12 4096 --a------ D:\WINDOWS\System32\wuauserv.dll
2007-03-10 14:47:12 95744 --a------ D:\WINDOWS\System32\wuaueng.dll
2007-03-10 14:47:12 113664 --a------ D:\WINDOWS\System32\wuauclt.exe
2007-03-10 14:47:12 119808 --a------ D:\WINDOWS\System32\winmine.exe
2007-03-10 14:47:12 128000 --a------ D:\WINDOWS\System32\mshearts.exe
2007-03-10 14:47:12 55808 --a------ D:\WINDOWS\System32\freecell.exe
2007-03-10 14:47:12 20232 --a------ D:\WINDOWS\System32\drivers\tdtcp.sys
2007-03-10 14:47:12 11144 --a------ D:\WINDOWS\System32\drivers\tdpipe.sys
2007-03-10 14:47:12 107912 --a------ D:\WINDOWS\System32\drivers\rdpwd.sys
2007-03-10 14:47:11 1225 --a------ D:\WINDOWS\System32\usrlogon.cmd
2007-03-10 14:47:11 40448 --a------ D:\WINDOWS\System32\tscupgrd.exe
2007-03-10 14:47:11 89600 --a------ D:\WINDOWS\System32\tscfgwmi.dll
2007-03-10 14:47:11 131072 --a------ D:\WINDOWS\System32\sessmgr.exe
2007-03-10 14:47:11 9728 --a------ D:\WINDOWS\System32\reset.exe
2007-03-10 14:47:11 56832 --a------ D:\WINDOWS\System32\remotepg.dll
2007-03-10 14:47:11 61952 --a------ D:\WINDOWS\System32\rdshost.exe
2007-03-10 14:47:11 12288 --a------ D:\WINDOWS\System32\rdsaddin.exe
2007-03-10 14:47:11 134656 --a------ D:\WINDOWS\System32\rdchost.dll
2007-03-10 14:47:11 503296 --a------ D:\WINDOWS\System32\mstscax.dll
2007-03-10 14:47:11 387072 --a------ D:\WINDOWS\System32\mstsc.exe
2007-03-10 14:47:10 17920 --a------ D:\WINDOWS\System32\tsshutdn.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\tskill.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tsdiscon.exe
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\tscon.exe
2007-03-10 14:47:10 198656 --a------ D:\WINDOWS\System32\termsrv.dll
2007-03-10 14:47:10 15360 --a------ D:\WINDOWS\System32\shadow.exe
2007-03-10 14:47:10 16384 --a------ D:\WINDOWS\System32\rwinsta.exe
2007-03-10 14:47:10 33792 --a------ D:\WINDOWS\System32\regini.exe
2007-03-10 14:47:10 73864 --a------ D:\WINDOWS\System32\rdpwsx.dll
2007-03-10 14:47:10 14848 --a------ D:\WINDOWS\System32\rdpsnd.dll
2007-03-10 14:47:10 41984 --a------ D:\WINDOWS\System32\rdpclip.exe
2007-03-10 14:47:10 4608 --a------ D:\WINDOWS\System32\rdpcfgex.dll
2007-03-10 14:47:10 22528 --a------ D:\WINDOWS\System32\qwinsta.exe
2007-03-10 14:47:10 19456 --a------ D:\WINDOWS\System32\qprocess.exe
2007-03-10 14:47:10 17408 --a------ D:\WINDOWS\System32\qappsrv.exe
2007-03-10 14:47:09 83968 --a------ D:\WINDOWS\System32\mtxoci.dll
2007-03-10 14:47:09 22528 --a------ D:\WINDOWS\System32\msg.exe
2007-03-10 14:47:09 151040 --a------ D:\WINDOWS\System32\msdtcuiu.dll
2007-03-10 14:47:09 869376 --a------ D:\WINDOWS\System32\msdtctm.dll
2007-03-10 14:47:09 360960 --a------ D:\WINDOWS\System32\msdtcprx.dll
2007-03-10 14:47:09 0 d-------- D:\WINDOWS\System32\MsDtc
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\logoff.exe
2007-03-10 14:47:09 8704 --a------ D:\WINDOWS\System32\icaapi.dll
2007-03-10 14:47:09 32768 --a------ D:\WINDOWS\System32\cfgbkend.dll
2007-03-10 14:47:09 15872 --a------ D:\WINDOWS\System32\cdmodem.dll
2007-03-10 14:47:08 9728 --a------ D:\WINDOWS\System32\xolehlp.dll
2007-03-10 14:47:08 54784 --a------ D:\WINDOWS\System32\msdtclog.dll
2007-03-10 14:47:08 6144 --a------ D:\WINDOWS\System32\msdtc.exe
2007-03-10 14:47:07 54272 --a------ D:\WINDOWS\System32\stclient.dll
2007-03-10 14:47:07 25088 --a------ D:\WINDOWS\System32\mtxlegih.dll
2007-03-10 14:47:07 4096 --a------ D:\WINDOWS\System32\mtxex.dll
2007-03-10 14:47:07 20480 --a------ D:\WINDOWS\System32\mtxdm.dll
2007-03-10 14:47:07 5120 --a------ D:\WINDOWS\System32\dcomcnfg.exe
2007-03-10 14:47:07 82432 --a------ D:\WINDOWS\System32\comrepl.dll
2007-03-10 14:47:07 25600 --a------ D:\WINDOWS\System32\comaddin.dll
2007-03-10 14:47:07 0 d-------- D:\WINDOWS\System32\Com
2007-03-10 14:47:07 56832 --a------ D:\WINDOWS\System32\colbact.dll
2007-03-10 14:47:07 100864 --a------ D:\WINDOWS\System32\clbcatex.dll
2007-03-10 14:47:07 85504 --a------ D:\WINDOWS\System32\catsrvps.dll
2007-03-10 14:47:06 495616 --a------ D:\WINDOWS\System32\comuid.dll
2007-03-10 14:47:06 1139200 --a------ D:\WINDOWS\System32\comsvcs.dll
2007-03-10 14:47:06 147456 --a------ D:\WINDOWS\System32\comsnap.dll
2007-03-10 14:47:06 468480 --a------ D:\WINDOWS\System32\clbcatq.dll
2007-03-10 14:47:06 583168 --a------ D:\WINDOWS\System32\catsrvut.dll
2007-03-10 14:47:06 215040 --a------ D:\WINDOWS\System32\catsrv.dll
2007-03-10 14:46:57 53248 --a------ D:\WINDOWS\System32\servdeps.dll
2007-03-10 14:46:57 16896 --a------ D:\WINDOWS\System32\mmfutil.dll
2007-03-10 14:46:56 57344 --a------ D:\WINDOWS\System32\licwmi.dll
2007-03-10 14:46:56 177152 --a------ D:\WINDOWS\System32\cmprops.dll
2007-03-10 14:46:54 37896 --a------ D:\WINDOWS\System32\drivers\termdd.sys
2007-03-10 14:46:54 181632 --a------ D:\WINDOWS\System32\drivers\rdpdr.sys
2007-03-10 14:42:58 0 d--hs---- D:\FOUND.000
2007-03-10 14:38:01 5632 --a------ D:\WINDOWS\System32\drivers\splitter.sys
2007-03-10 14:38:00 122472 --a------ D:\WINDOWS\System32\drivers\aec.sys
2007-03-10 14:37:59 2816 --a------ D:\WINDOWS\System32\drivers\drmkaud.sys
2007-03-10 14:37:57 4608 --a------ D:\WINDOWS\System32\drivers\MSPQM.sys
2007-03-10 14:37:56 54272 --a------ D:\WINDOWS\System32\drivers\swmidi.sys
2007-03-10 14:37:55 50048 --a------ D:\WINDOWS\System32\drivers\DMusic.sys
2007-03-10 14:37:54 79616 --a------ D:\WINDOWS\System32\drivers\wdmaud.sys
2007-03-10 14:37:52 6400 --a------ D:\WINDOWS\System32\drivers\MSKSSRV.sys
2007-03-10 14:37:51 159232 --a------ D:\WINDOWS\System32\drivers\kmixer.sys
2007-03-10 14:37:50 57472 --a------ D:\WINDOWS\System32\drivers\sysaudio.sys
2007-03-10 14:37:49 5120 --a------ D:\WINDOWS\System32\drivers\MSPCLOCK.sys
2007-03-10 14:37:45 3072 --a------ D:\WINDOWS\System32\drivers\audstub.sys
2007-03-10 14:37:26 57088 --a------ D:\WINDOWS\System32\drivers\redbook.sys
2007-03-10 14:37:17 1738496 --a------ D:\WINDOWS\System32\nv4.dll
2007-03-10 14:37:17 731648 --a------ D:\WINDOWS\System32\drivers\nv4.sys
2007-03-10 14:37:07 3712 --a------ D:\WINDOWS\System32\drivers\ctljystk.sys
2007-03-10 14:37:02 2944 --a------ D:\WINDOWS\System32\drivers\msmpu401.sys
2007-03-10 14:37:00 9728 --a------ D:\WINDOWS\System32\drivers\gameenum.sys
2007-03-10 14:36:41 70144 --a------ D:\WINDOWS\System32\usbui.dll
2007-03-10 14:35:45 0 d-------- D:\Program Files\Common Files\ODBC
2007-03-10 14:35:42 0 dr------- D:\Program Files<PROGRA~1>
2007-03-10 14:35:42 0 d-------- D:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-10 14:35:40 6144 -ra------ D:\WINDOWS\System32\kbdtuq.dll
2007-03-10 14:35:40 5632 -ra------ D:\WINDOWS\System32\kbdazel.dll
2007-03-10 14:35:39 6144 -ra------ D:\WINDOWS\System32\kbdtuf.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdmon.dll
2007-03-10 14:35:38 5632 -ra------ D:\WINDOWS\System32\kbdkyr.dll
2007-03-10 14:35:36 8192 -ra------ D:\WINDOWS\System32\kbdhept.dll
2007-03-10 14:35:36 6656 -ra------ D:\WINDOWS\System32\kbdhela3.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdhela2.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe319.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe220.dll
2007-03-10 14:35:36 5632 -ra------ D:\WINDOWS\System32\kbdhe.dll
2007-03-10 14:35:36 6144 -ra------ D:\WINDOWS\System32\kbdgkl.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv1.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdlv.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt1.dll
2007-03-10 14:35:35 5632 -ra------ D:\WINDOWS\System32\kbdlt.dll
2007-03-10 14:35:35 6144 -ra------ D:\WINDOWS\System32\kbdest.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdycl.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdsl.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdro.dll
2007-03-10 14:35:32 5632 --a------ D:\WINDOWS\System32\kbdhu1.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdhu.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz2.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcz1.dll
2007-03-10 14:35:32 7168 --a------ D:\WINDOWS\System32\kbdcz.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\kbdcr.dll
2007-03-10 14:35:32 6656 --a------ D:\WINDOWS\System32\KBDAL.DLL
2007-03-10 14:35:31 24661 --a------ D:\WINDOWS\System32\spxcoins.dll
2007-03-10 14:35:31 13312 --a------ D:\WINDOWS\System32\irclass.dll
2007-03-10 14:35:31 103424 --a------ D:\WINDOWS\System32\EqnClass.Dll
2007-03-10 14:35:31 10496 --a------ D:\WINDOWS\System32\drivers\irenum.sys
2007-03-10 14:35:31 85532 --a------ D:\WINDOWS\System32\dgsetup.dll
2007-03-10 14:35:31 176157 --a------ D:\WINDOWS\System32\dgrpsetu.dll
2007-03-10 14:35:30 6656 --a------ D:\WINDOWS\System32\batt.dll
2007-03-10 14:35:30 9168 --a------ D:\WINDOWS\system\VER.DLL
2007-03-10 14:35:30 19200 --a------ D:\WINDOWS\system\TAPI.DLL
2007-03-10 14:35:30 5120 --a------ D:\WINDOWS\system\SHELL.DLL
2007-03-10 14:35:30 24064 --a------ D:\WINDOWS\system\OLESVR.DLL
2007-03-10 14:35:30 83456 --a------ D:\WINDOWS\system\OLECLI.DLL
2007-03-10 14:35:30 127008 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2007-03-10 14:35:29 15360 --a------ D:\WINDOWS\TASKMAN.EXE
2007-03-10 14:35:29 69712 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2007-03-10 14:35:29 9936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2007-03-10 14:35:29 33376 --a------ D:\WINDOWS\system\COMMDLG.DLL
2007-03-10 14:35:29 109488 --a------ D:\WINDOWS\system\AVIFILE.DLL
2007-03-10 14:35:29 70096 --a------ D:\WINDOWS\system\AVICAP.DLL
2007-03-10 14:35:29 67072 --a------ D:\WINDOWS\NOTEPAD.EXE
2007-03-10 14:35:28 71680 --a------ D:\WINDOWS\System32\storprop.dll
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot2
2007-03-10 14:35:09 0 d-------- D:\WINDOWS\System32\CatRoot
2007-03-10 14:34:51 0 d-------- D:\Documents and Settings<DOCUME~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\WinSxS
2007-03-10 14:30:51 0 dr------- D:\WINDOWS\Web
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\twain_32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system32
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wins
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\wbem
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\usmt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\spool
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ShellExt
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\Setup
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ras
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\oobe
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\npp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\inetsrv
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\IME
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\icsxml
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\ias
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\export
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\etc
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\drivers\disdn
2007-03-10 14:30:51 0 dr-hs---- D:\WINDOWS\System32\dllcache
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\dhcp
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3com_dmi
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\3076
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\2052
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1054
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1045
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1042
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1041
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1037
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1033
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1031
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1028
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\System32\1025
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\system
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\security
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Resources<RESOUR~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\repair
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\mui
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msapps
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\msagent
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Media
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\java
2007-03-10 14:30:51 0 d--h----- D:\WINDOWS\inf
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\ime
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Help
2007-03-10 14:30:51 0 dr--s---- D:\WINDOWS\Fonts
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Debug
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Cursors
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\Config
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\AppPatch
2007-03-10 14:30:51 0 d-------- D:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2007-03-20 12:51:40 355486 --a------ D:\WINDOWS\System32\perfh015.dat
2007-03-20 12:51:40 49492 --a------ D:\WINDOWS\System32\perfc015.dat
2007-03-18 16:36:10 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\gtk-2.0
2007-03-18 16:31:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Inkscape
2007-03-17 17:52:10 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Kerio
2007-03-16 22:37:12 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Macromedia<MACROM~1>
2007-03-16 18:43:38 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\SearchToolbarCorp<SEARCH~1>
2007-03-16 18:10:30 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Mozilla
2007-03-15 16:51:24 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\vlc
2007-03-11 11:00:54 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\DeepBurner<DEEPBU~1>
2007-03-11 09:10:04 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Help
2007-03-10 18:06:40 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Leadertech<LEADER~1>
2007-03-10 17:53:52 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Real
2007-03-10 14:59:22 0 d-------- D:\Documents and Settings\Jacek\Dane aplikacji\Identities<IDENTI~1>
2007-03-10 14:43:36 62 --ahs---- D:\Documents and Settings\Jacek\Dane aplikacji\desktop.ini
2007-03-10 14:43:18 0 d---s---- D:\Documents and Settings\Jacek\Dane aplikacji\Microsoft<MICROS~1>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="D:\\WINDOWS\\SiSUSBrg.exe"
"Disc Detector"="D:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="D:\\WINDOWS\\Updreg.exe"
"AHQInit"="D:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"AudioHQ"="D:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Outpost Firewall"="D:\\PROGRA~1\\AGNITUM\\OUTPOS~1.0\\outpost.exe /waitservice"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4B50DEB2-891B-4CEE-A06C-144207F4015E}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"NETIANET"="D:\\Program Files\\Netia\\Net\\netianet.exe"
"Windows Portable Device Drivers"="D:\\WINDOWS\\System32\\MSKSVRVS.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of ComboScan: finished at 2007-03-20 at 12:55:31 ------------------------

SILENT

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NETIANET" = "D:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "D:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Disc Detector" = "D:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "D:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"AHQInit" = "D:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"]
"AudioHQ" = "D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ["Creative Technology Ltd."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Outpost Firewall" = "D:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
-> {HKLM...CLSID} = "oshdlr.ShellHandler"
\InProcServer32\(Default) = "D:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Startup items in "Jacek" & "All Users" startup folders:
-------------------------------------------------------

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

----------
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 24 seconds.
---------- (total run time: 87 seconds)

**Posty:** 18165 · przez **wojtas** 20 Mar 2007, 17:42

skasuj sam te pliki do kosza:

D:\FOUND.007
D:\FOUND.006
D:\FOUND.005
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
D:\FOUND.000

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Windows Portable Device Drivers"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Portable Device Drivers"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows Portable Device Drivers"=-

potem:

przeskanuj www.ewido.com >> wywal wszystko co znajdzie
później odpal SmitfraudFix z opcji 2

http://siri.urz.free.fr/Fix/SmitfraudFix.php
opis >>

http://forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vt41947.html

i przejedź nim dysk

**Posty:** 127 · przez **bluejack** 23 Mar 2007, 20:12

wojtas19162 napisał(a):skasuj sam te pliki do kosza:
D:\FOUND.007
D:\FOUND.006
D:\FOUND.005
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
D:\FOUND.000

nie mam tych plikow...

Czym bym nie skanowal dysku wylacza sie komp w trakcie skanowania

nie wiem... moze chodzi o jakis problem techniczny... ostatnio wymienialem wiatraczek od k. graficznej, ale wszystko dobrze zrobilem wydaje mi sie.... nie wiem, byc moze to wlasnie zwiazane jest ze sprzetem...

**Posty:** 4043 · przez **prog** 23 Mar 2007, 20:22

Może dysk siada?
Spróbuj np. coś pokopiować i czy działa...

**Posty:** 127 · przez **bluejack** 24 Mar 2007, 09:46

prog napisał(a):Może dysk siada?
Spróbuj np. coś pokopiować i czy działa...

dziala, (ale nie robie OT bo to juz nie w tym dziale chyba

)

**Posty:** 18165 · przez **wojtas** 24 Mar 2007, 09:49

sciagnij:

gmer:
http://gmer.net/gmer.zip

1) Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V do posta
2) Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj >>> Kopiuj >>> CTRL+V do posta

**Posty:** 127 · przez **bluejack** 24 Mar 2007, 11:30

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-24 10:20:24
Windows 5.1.2600

---- Services - GMER 1.0.12 ----

Service [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\ADBLOCK.dll [MANUAL] ADBLOCK.DLL
Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER
Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw
Service [DISABLED] adpu160m
Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Alerter
Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service [AUTO] aswMon2
Service [MANUAL] aswRdr
Service [SYSTEM] aswTdi
Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv
Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service D:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus
Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner
Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner
Service BattC
Service [SYSTEM] Beep
Service D:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service D:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc
Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv
Service [DISABLED] CmdIde
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Content.dll [MANUAL] CONTENT.DLL
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service D:\WINDOWS\System32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access
Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service D:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk
Service ctlntsvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service D:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service D:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service D:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Dnscache.dll [MANUAL] DNSCACHE.DLL
Service [DISABLED] dpti2o
Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service D:\WINDOWS\system32\drivers\emu10k1f.sys [MANUAL] emu10k
Service D:\WINDOWS\system32\drivers\ctlface.sys [MANUAL] emu10k1
Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service [SYSTEM] Fs_Rec
Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Ftpfilt.dll [MANUAL] FTPFILT.DLL
Service fwdrv
Service D:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service D:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Htmlfilt.dll [MANUAL] HTMLFILT.DLL
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Httpfilt.dll [MANUAL] HTTPFILT.DLL
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Imapfilt.dll [MANUAL] IMAPFILT.DLL
Service [SYSTEM] Imapi
Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service D:\WINDOWS\System32\DRIVERS\kvpndrv.sys [MANUAL] kvpndev
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Mailfilt.dll [MANUAL] MAILFILT.DLL
Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service D:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer
Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service D:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401
Service [BOOT] Mup
Service [BOOT] NDIS
Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service D:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT
Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE
Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm
Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Nntpfilt.dll [MANUAL] NNTPFILT.DLL
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4
Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe [AUTO] OutpostFirewall
Service D:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service D:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service D:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service D:\WINDOWS\System32\PfModNT.sys [AUTO] PfModNT
Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Pop3filt.dll [MANUAL] POP3FILT.DLL
Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Protect.dll [MANUAL] PROTECT.DLL
Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service D:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service D:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry
Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv
Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service D:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy
Service D:\WINDOWS\system32\drivers\sfman.sys [MANUAL] sfman
Service D:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess
Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service D:\WINDOWS\System32\DRIVERS\sisagp.sys [BOOT] sisagp
Service [DISABLED] Sparrow
Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service D:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV
Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc
Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service D:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr
Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost
Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service USB
Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service D:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\2000\Filtnt.sys [SYSTEM] VFILT
Service D:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service D:\WINDOWS\System32\MsPMSPSv.exe [AUTO] WMDM PMSP Service
Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL
Service [DISABLED] wscsvc
Service D:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv
Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-24 10:20:58
Windows 5.1.2600

---- Services - GMER 1.0.12 ----

Service [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\ADBLOCK.dll [MANUAL] ADBLOCK.DLL
Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER
Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw
Service [DISABLED] adpu160m
Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Alerter
Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service [AUTO] aswMon2
Service [MANUAL] aswRdr
Service [SYSTEM] aswTdi
Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv
Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service D:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus
Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner
Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner
Service BattC
Service [SYSTEM] Beep
Service D:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service D:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc
Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv
Service [DISABLED] CmdIde
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Content.dll [MANUAL] CONTENT.DLL
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service D:\WINDOWS\System32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access
Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service D:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk
Service ctlntsvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service D:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service D:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service D:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Dnscache.dll [MANUAL] DNSCACHE.DLL
Service [DISABLED] dpti2o
Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service D:\WINDOWS\system32\drivers\emu10k1f.sys [MANUAL] emu10k
Service D:\WINDOWS\system32\drivers\ctlface.sys [MANUAL] emu10k1
Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service [SYSTEM] Fs_Rec
Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Ftpfilt.dll [MANUAL] FTPFILT.DLL
Service fwdrv
Service D:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service D:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Htmlfilt.dll [MANUAL] HTMLFILT.DLL
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Httpfilt.dll [MANUAL] HTTPFILT.DLL
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Imapfilt.dll [MANUAL] IMAPFILT.DLL
Service [SYSTEM] Imapi
Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service D:\WINDOWS\System32\DRIVERS\kvpndrv.sys [MANUAL] kvpndev
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Mailfilt.dll [MANUAL] MAILFILT.DLL
Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service D:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer
Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service D:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401
Service [BOOT] Mup
Service [BOOT] NDIS
Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service D:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT
Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE
Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm
Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Nntpfilt.dll [MANUAL] NNTPFILT.DLL
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4
Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe [AUTO] OutpostFirewall
Service D:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service D:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service D:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service D:\WINDOWS\System32\PfModNT.sys [AUTO] PfModNT
Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Pop3filt.dll [MANUAL] POP3FILT.DLL
Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\Protect.dll [MANUAL] PROTECT.DLL
Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service D:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service D:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry
Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv
Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service D:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy
Service D:\WINDOWS\system32\drivers\sfman.sys [MANUAL] sfman
Service D:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess
Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service D:\WINDOWS\System32\DRIVERS\sisagp.sys [BOOT] sisagp
Service [DISABLED] Sparrow
Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service D:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV
Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc
Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service D:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr
Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost
Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service USB
Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service D:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service D:\Program Files\Agnitum\Outpost Firewall 1.0\Kernel\2000\Filtnt.sys [SYSTEM] VFILT
Service D:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service D:\WINDOWS\System32\MsPMSPSv.exe [AUTO] WMDM PMSP Service
Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL
Service [DISABLED] wscsvc
Service D:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv
Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

---- EOF - GMER 1.0.12 ----
[/quote][/b]

pełno wirusów po formacie proszę o sprawdzenie loga

pełno wirusów po formacie proszę o sprawdzenie loga

Kto jest na forum