problem z wirusem i internetem

[nomik]

witam! mam problem z internetem: łączę się z internetem i mogę korzystać z komunikatorów, ale w 9/10 przypadków nie wyświetla mi się żadna strona....załączam loga, może tu jest ukryta przyczyna?

Logfile of HijackThis v1.99.1
Scan saved at 18:55:14, on 2007-11-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
E:\simon\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {09F1A1C0-CD54-4EBC-83D2-7D893684277D} - C:\WINDOWS\System32\mllmj.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7C49273-3D5D-45B5-80F4-A135C473DB14}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

[code][/code]

[wojtas]

Wykonaj to co jest podane w tym temacie

O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O2 - BHO: (no name) - {09F1A1C0-CD54-4EBC-83D2-7D893684277D} - C:\WINDOWS\System32\mllmj.dll
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach, które wymieniłem => klikasz Fix checked i potwierdzasz usunięcie.

pobierasz:combofixa

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\System32\wbem\scrcons32.exe
C:\WINDOWS\System32\mllmj.dll
C:\WINDOWS\System32\winIogon.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[nomik]

niestety, nie udało mi się poprzednio zalogować:( zrobiłem formatowanie, ale teraz widze ze problem z wirusami dalej jest...czy ktos moze mi pomóc? podaje log z hijacka:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 21:54:38, on 2007-12-02
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\DialNet\wrdialer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\wbem\scrcs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
E:\simon\hijackthis.com

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: Windows Internet Connection Sharing Service (Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\system32\dllcache\msfav32.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE


[quote][/quote]

[wojtas]

skasuj te wpisy:

O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\System32\wbem\scrcs.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Windows Internet Connection Sharing Service (Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\system32\dllcache\msfav32.exe

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\System32\wbem\scrcs.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\system32\dllcache\msfav32.exe

Driver::
MSDisk
MSWindows
Windows Internet Connection Sharing

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[nomik]

wykonałem polecenia, podaje logi:

1.hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:32:25, on 2007-12-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\DialNet\wrdialer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
E:\simon\hijackthis.com

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

[code][/code]

2.combofix

[quote]ComboFix 07-12-02.5 - Administrator 2007-12-09 11:28:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.16 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\dllcache\msfav32.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\wbem\scrcs.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\00055B56.bin
C:\Program Files\myglobalsearch\bar\Cache\00056316.bin
C:\Program Files\myglobalsearch\bar\Cache\00058767.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\knjbjhnr.exe
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\system32\dllcache\msfav32.exe
C:\WINDOWS\system32\drivers\ctl_w32.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\firewall.exe
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\system32\isass.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\wbem\scrcs.exe
C:\WINDOWS\system32\win.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CTL_W32
-------\LEGACY_MSDISK
-------\LEGACY_MSWINDOWS
-------\LEGACY_RUNTIME
-------\LEGACY_WINDOWS_INTERNET_CONNECTION_SHARING
-------\MSDisk
-------\MSWindows
-------\runtime
-------\Windows Internet Connection Sharing


((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-07 13:13 . 2007-12-07 13:14 120,832 -r-hs---- C:\WINDOWS\system32\Tilecomfc.com
2007-12-07 13:10 . 2007-12-07 13:10 40,960 --a------ C:\WINDOWS\system32\diiduqc.exe
2007-12-06 21:40 . 2007-12-06 21:40 40,960 --a------ C:\WINDOWS\system32\krdcj.exe
2007-12-06 20:39 . 2007-12-06 20:39 40,960 --a------ C:\WINDOWS\system32\pxyg.exe
2007-12-06 20:18 . 2007-12-06 20:18 40,960 --a------ C:\WINDOWS\system32\bgerbmdh.exe
2007-12-06 18:39 . 2007-12-06 18:39 40,960 --a------ C:\WINDOWS\system32\qayf.exe
2007-12-06 18:10 . 2007-12-06 18:10 40,960 --a------ C:\WINDOWS\system32\bplbhemt.exe
2007-12-06 16:55 . 2007-12-06 16:55 40,960 --a------ C:\WINDOWS\system32\wyfhubjh.exe
2007-12-06 16:44 . 2007-12-06 16:44 490 --a------ C:\1.vbs
2007-12-06 16:41 . 2007-12-06 16:41 40,960 --a------ C:\WINDOWS\system32\jxrfexuo.exe
2007-12-06 16:04 . 2007-12-06 16:04 40,960 --a------ C:\WINDOWS\system32\ionkusw.exe
2007-12-06 11:55 . 2007-12-06 11:55 <DIR> d-------- C:\Program Files\sdfhfgd
2007-12-06 11:55 . 2007-12-06 11:56 547,770 --a------ C:\uryteqa23.exe
2007-12-06 11:50 . 2007-12-06 18:09 1,138,688 --a------ C:\WINDOWS\system32\Gothic.exe
2007-12-06 11:43 . 2007-12-07 22:46 392,704 --a------ C:\WINDOWS\system32\fk.exe
2007-12-06 11:42 . 2007-12-06 11:42 40,960 --a------ C:\WINDOWS\system32\qmrnzbv.exe
2007-12-05 21:49 . 2007-12-06 20:34 <DIR> d-------- C:\Program Files\dfrerter
2007-12-05 21:49 . 2007-12-06 20:34 991,310 --a------ C:\cg.pif
2007-12-05 21:45 . 2007-12-05 21:45 1,134,592 --a------ C:\WINDOWS\system32\SADASDA.exe
2007-12-05 21:18 . 2007-12-06 16:07 547,770 --a------ C:\WINDOWS\system32\ghhgjhjdfg.exe
2007-12-05 20:56 . 2007-12-05 20:56 48,748 --a------ C:\WINDOWS\system32\ttrrtt.exe
2007-12-05 20:56 . 2007-12-05 20:56 35,328 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
2007-12-05 19:59 . 2007-12-05 21:16 547,770 --a------ C:\WINDOWS\system32\ghhgjhj.exe
2007-12-05 19:59 . 2007-12-05 21:09 458,752 --a------ C:\WINDOWS\system32\nope.dll
2007-12-05 19:57 . 2007-12-05 19:57 547,770 --a------ C:\wdintoage.exe
2007-12-05 19:57 . 2007-12-05 21:09 458,752 --------- C:\WINDOWS\system32\Wseclayer.exe
2007-12-05 19:57 . 2007-12-05 20:14 27 --a------ C:\WINDOWS\system32\kuki.bat
2007-12-05 19:57 . 2007-12-07 22:15 0 --a------ C:\adware.exe
2007-12-05 19:47 . 2007-12-05 19:47 40,960 --a------ C:\WINDOWS\system32\zfgzt.exe
2007-12-05 17:25 . 2007-12-05 17:26 110,431 --a------ C:\cjntekap.exe
2007-12-05 15:53 . 2007-12-05 15:53 40,960 --a------ C:\WINDOWS\system32\ncbxk.exe
2007-12-05 14:05 . 2007-12-05 14:05 40,960 --a------ C:\WINDOWS\system32\mdetkrq.exe
2007-12-03 18:18 . 2007-12-03 18:18 40,960 --a------ C:\WINDOWS\system32\tlgy.exe
2007-12-03 17:37 . 2007-12-03 17:37 40,960 --a------ C:\WINDOWS\system32\qxgvkzpf.exe
2007-12-03 17:26 . 2007-12-03 17:29 1,159,168 --a------ C:\WINDOWS\system32\Syst3m32.exe
2007-12-03 17:17 . 2007-12-03 17:17 6,546,276 --a------ C:\WINDOWS\system32\setup_53465.exe
2007-12-03 16:45 . 2007-12-03 16:45 6,546,276 --a------ C:\WINDOWS\system32\setup_85355.exe
2007-12-03 16:35 . 2007-12-03 16:35 40,960 --a------ C:\WINDOWS\system32\xjzicuqg.exe
2007-12-03 16:29 . 2007-12-03 16:29 1,253,888 --a------ C:\WINDOWS\system32\afe.exe
2007-12-03 16:25 . 2007-12-03 16:25 6,546,276 --a------ C:\WINDOWS\system32\setup_12482.exe
2007-12-03 16:24 . 2007-12-03 16:24 <DIR> d-------- C:\Program Files\BearShare
2007-12-03 16:24 . 2007-12-03 16:24 <DIR> d-------- C:\My Downloads
2007-12-03 16:23 . 2007-12-03 16:23 569,856 --a------ C:\WINDOWS\system32\tez.exe
2007-12-03 16:10 . 2007-12-03 16:11 995,328 --a------ C:\WINDOWS\system32\load.exe
2007-12-03 15:22 . 2007-12-03 15:27 1,253,888 --a------ C:\WINDOWS\system32\znc.exe
2007-12-03 14:52 . 2007-12-03 17:30 167,936 --a------ C:\WINDOWS\system32\spdemo.exe
2007-12-03 14:52 . 2007-12-03 17:30 167,936 -r-hsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe
2007-12-03 14:44 . 2007-12-03 14:44 6,546,276 --a------ C:\WINDOWS\system32\setup_07444.exe
2007-12-03 14:40 . 2007-12-03 14:40 0 --a------ C:\WINDOWS\system32\eraseme_86885.exe
2007-12-03 09:59 . 2007-12-04 20:43 178,688 --a------ C:\WINDOWS\system32\mpdemo.exe
2007-12-02 23:35 . 2001-07-21 23:23 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2007-12-02 23:34 . 2001-10-26 18:28 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-02 23:33 . 2001-10-26 17:29 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2007-12-02 23:31 . 2007-12-02 23:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-02 23:31 . 2007-12-02 23:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-02 23:31 . 2007-12-02 23:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-02 23:31 . 2007-12-02 23:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-02 23:31 . 2007-12-02 23:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-02 23:31 . 2007-12-02 23:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-02 23:28 . 2001-10-26 18:30 540,672 --a------ C:\WINDOWS\system32\spider.exe
2007-12-02 23:26 . 2001-08-17 20:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-12-02 23:23 . 2001-10-26 18:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-12-02 23:23 . 2001-10-26 18:29 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-12-02 23:23 . 2001-10-26 18:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-12-02 23:23 . 2001-10-26 18:29 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-12-02 23:22 . 2001-10-27 12:35 1,085,938 -ra------ C:\WINDOWS\SET28.tmp
2007-12-02 23:22 . 2001-10-27 12:34 13,923 -ra------ C:\WINDOWS\SET34.tmp
2007-12-02 23:08 . 2001-10-26 18:27 1,041,491 --a--c--- C:\WINDOWS\system32\dllcache\cmnresm.dll
2007-12-02 23:08 . 2001-10-26 18:29 217,160 --a--c--- C:\WINDOWS\system32\dllcache\cmnclim.dll
2007-12-02 23:08 . 2001-10-26 18:29 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2007-12-02 23:08 . 2001-10-26 18:29 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2007-12-02 23:08 . 2001-10-26 18:30 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2007-12-02 23:08 . 2001-10-26 18:29 32,339 --a--c--- C:\WINDOWS\system32\dllcache\uniansi.dll
2007-12-02 23:08 . 2001-10-26 18:29 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2007-12-02 23:08 . 2001-10-26 18:29 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2007-12-02 23:08 . 2001-10-26 18:29 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2007-12-02 21:12 . 2007-12-02 21:12 98,304 --a------ C:\WINDOWS\system32\rab.exe
2007-12-02 21:02 . 2007-12-02 21:02 3,072 --ah----- C:\WINDOWS\system32\wker.exe
2007-12-02 20:50 . 2007-12-02 20:50 569,856 --a------ C:\WINDOWS\system32\dxw.exe
2007-12-02 20:08 . 2007-12-02 20:09 1,253,888 --a------ C:\WINDOWS\system32\ykc.exe
2007-12-02 17:28 . 2007-12-02 17:28 129 --a------ C:\WINDOWS\system32\492.reg
2007-12-02 17:20 . 2001-10-26 18:29 694,272 --a--c--- C:\WINDOWS\system32\dllcache\helpsvc.exe
2007-12-02 17:20 . 2001-10-26 18:30 67,072 --a--c--- C:\WINDOWS\system32\dllcache\setup50.exe
2007-12-02 17:18 . 2001-10-26 18:29 99,328 --a--c--- C:\WINDOWS\system32\dllcache\clipbrd.exe
2007-12-02 17:18 . 2001-10-26 18:29 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-12-02 17:18 . 2001-10-26 18:30 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-12-02 17:18 . 2001-10-26 18:30 15,360 --a--c--- C:\WINDOWS\system32\dllcache\shadow.exe
2007-12-02 17:10 . 2001-10-27 12:34 1,622,956 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-12-02 17:10 . 2001-10-27 12:35 1,085,938 -ra------ C:\WINDOWS\SET2A.tmp
2007-12-02 17:10 . 2001-10-27 12:34 609,642 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2007-12-02 17:10 . 2001-10-27 12:34 13,923 -ra------ C:\WINDOWS\SET36.tmp
2007-12-02 15:03 . 2007-12-02 15:03 129 --a------ C:\WINDOWS\system32\353.reg
2007-12-02 15:02 . 2007-12-03 16:29 1,253,888 -r-hs---- C:\WINDOWS\Mrshield.exe
2007-12-02 15:01 . 2007-12-02 15:02 95,232 --ah----- C:\WINDOWS\system32\gknjox.exe
2007-12-02 14:54 . 2007-12-02 14:58 39,212 --ah----- C:\WINDOWS\system32\nzfeg.exe
2007-12-02 14:42 . 2007-12-02 14:42 30,720 --a------ C:\WINDOWS\system32\setup_71031.exe
2007-12-02 14:36 . 2007-12-02 14:37 58,820 -ra------ C:\WINDOWS\system32\scrcs.exe
2007-12-02 14:33 . 2007-12-02 14:33 0 --a------ C:\WINDOWS\system32\hqghumea.dll
2007-12-02 14:32 . 2007-12-02 14:32 129 --a------ C:\WINDOWS\system32\577.reg
2007-12-02 14:29 . 2007-12-02 14:29 129 --a------ C:\WINDOWS\system32\892.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 10:19 --------- d-----w C:\Program Files\DialNet
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\zeektjlr.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\tjsnlncx.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\stleqtrb.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\bnkrcrqq.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\xnejeese.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\nvsbqtlx.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\kvzexhbs.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\zwjcbxql.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\jlskvkjt.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\hhktjkel.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\tcjqbtst.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\nrbhslcz.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\eqlrejrl.exe
2007-12-02 22:41 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\brvhkxjh.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\tsbjbtvn.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\jjlenkbt.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\jbnshhqj.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\hwexrtne.exe
2007-12-02 22:41 121,856 ----a-w C:\WINDOWS\Help\bzehxvnz.exe
2007-12-02 13:09 130,144 ----a-w C:\msets.exe
2007-11-24 15:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-18 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 21:44 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-14 20:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 20:54 --------- d-----w C:\Program Files\directx
2007-11-12 19:10 6,668,248 ----a-w C:\Program Files\Firefox Setup 2.0.0.9.exe
2007-11-12 18:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-12 18:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-12 18:44 --------- d-----w C:\Program Files\Intel
2007-11-12 18:35 --------- d-----w C:\Program Files\Usługi online
2001-10-26 17:29 1,017,344 --sha-r C:\WINDOWS\system32\dygeqs.exe
2001-10-26 17:29 1,488,896 --sha-r C:\WINDOWS\system32\jjv.exe
2001-10-26 17:29 1,029,679 --sha-r C:\WINDOWS\system32\mavzhh.exe
2001-10-26 17:29 81,408 --sha-r C:\WINDOWS\system32\wbem\scricon.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_ 0.58.53,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-20 15:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2001-10-26 17:29:58 73,728 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2001-10-26 17:29:58 67,072 ----a-w C:\WINDOWS\notepad.exe
- 2001-10-26 17:29:54 700,928 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
+ 2001-10-26 17:29:54 694,272 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
- 2007-11-12 18:35:56 8,738 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cntstore.bin
+ 2007-12-02 22:31:51 8,738 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cntstore.bin
- 2007-11-12 18:35:53 80,007 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat
+ 2007-12-02 22:31:50 80,345 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat
- 2007-11-25 13:56:45 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe
+ 2007-12-02 22:41:24 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe
- 2007-11-25 13:56:45 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe
+ 2007-12-02 22:41:24 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe
- 2007-11-25 13:56:45 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe
+ 2007-12-02 22:41:24 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe
+ 2007-12-02 22:41:24 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe
- 2007-11-25 13:56:46 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe
+ 2007-12-02 22:41:25 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe
- 2007-11-25 13:56:47 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe
+ 2007-12-02 22:41:26 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe
- 2007-11-25 13:56:48 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe
- 2007-11-25 13:56:48 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe
- 2007-11-25 13:56:48 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe
- 2007-11-25 13:56:48 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe
+ 2007-12-02 22:41:27 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe
- 2007-11-25 13:56:49 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe
+ 2007-12-02 22:41:28 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe
- 2007-11-25 13:56:50 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe
+ 2007-12-02 22:41:29 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe
- 2007-11-25 13:56:50 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe
+ 2007-12-02 22:41:29 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe
- 2007-11-25 13:56:52 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe
+ 2007-12-02 22:41:32 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe
- 2007-11-25 13:56:50 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe
+ 2007-12-02 22:41:30 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe
- 2007-11-25 13:56:51 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe
+ 2007-12-02 22:41:30 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe
- 2007-11-25 13:56:52 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe
+ 2007-12-02 22:41:31 121,856 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe
- 2007-11-25 13:56:50 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe
+ 2007-12-02 22:41:29 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe
- 2007-11-25 13:56:50 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe
+ 2007-12-02 22:41:29 77,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe
- 2007-11-22 21:43:48 5,108 ----a-w C:\WINDOWS\rdrive\del2.exe
+ 2007-11-29 23:05:14 5,192 ----a-w C:\WINDOWS\rdrive\del2.exe
- 2007-11-22 21:43:48 5,108 ----a-w C:\WINDOWS\rdrive\del3.exe
+ 2007-11-29 23:05:14 5,192 ----a-w C:\WINDOWS\rdrive\del3.exe
+ 2007-11-30 12:15:56 5,660 ----a-w C:\WINDOWS\rdrive\ju.exe
- 2007-11-23 23:44:48 67,072 ----a-w C:\WINDOWS\rdrive\locop.exe
+ 2007-11-23 23:44:48 60,416 ----a-w C:\WINDOWS\rdrive\locop.exe
- 2007-11-12 18:36:51 237,568 ---ha-w C:\WINDOWS\repair\ntuser.dat
+ 2007-12-02 22:33:00 303,104 ---ha-w C:\WINDOWS\repair\ntuser.dat
- 2007-12-01 22:17:40 922,624 --sh--r C:\WINDOWS\system\msnrav.exe
+ 2007-12-07 21:46:30 898,048 --sh--r C:\WINDOWS\system\msnrav.exe
- 2007-11-21 20:05:07 6,277,261 ----a-w C:\WINDOWS\system32\algs.exe
+ 2001-10-26 17:29:52 53,134 ---h--w C:\WINDOWS\system32\algs.exe
- 2001-10-26 17:29:46 17,920 ----a-w C:\WINDOWS\system32\attrib.exe
+ 2001-10-26 17:29:46 11,264 ----a-w C:\WINDOWS\system32\attrib.exe
- 2005-01-28 12:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2001-10-26 17:29:26 204,800 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-07-25 08:28:06 6,921 ----a-w C:\WINDOWS\system32\cnick.dll
+ 2006-05-12 19:08:54 20,652 ----a-w C:\WINDOWS\system32\colfld.dll
- 2007-12-01 23:49:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-09 10:30:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-01 23:49:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-09 10:30:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-02 22:38:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007120220071203\index.dat
- 2007-12-01 23:49:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-09 10:30:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-06 15:44:33 357,500 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UQY2EVXN\84785_winhtb[1].exe
- 2001-10-26 17:29:50 31,232 ----a-w C:\WINDOWS\system32\conime.exe
+ 2001-10-26 17:29:50 24,576 ----a-w C:\WINDOWS\system32\conime.exe
- 2001-10-26 17:29:50 14,848 ----a-w C:\WINDOWS\system32\control.exe
+ 2001-10-26 17:29:50 8,192 ----a-w C:\WINDOWS\system32\control.exe
- 2001-10-26 17:29:50 20,480 ----a-w C:\WINDOWS\system32\convert.exe
+ 2001-10-26 17:29:50 13,824 ----a-w C:\WINDOWS\system32\convert.exe
- 2001-10-26 17:29:50 102,450 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2001-10-26 17:29:50 110,642 ----a-w C:\WINDOWS\system32\cscript.exe
- 2001-10-26 17:29:50 19,968 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2001-10-26 17:29:50 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2005-01-28 12:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2001-10-26 17:29:26 204,800 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 12:44:28 258,296 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2001-10-26 17:29:28 258,048 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2001-10-26 17:29:28 76,830 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2005-01-28 12:44:28 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2001-10-26 17:29:28 589,824 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2001-10-26 17:29:32 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
- 2005-01-28 12:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2001-10-26 17:29:36 174,592 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2001-10-26 17:29:40 152,576 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2001-10-26 17:29:46 274,432 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2003-03-16 14:49:00 33,792 --s-a-w C:\WINDOWS\system32\dmans.dll
- 2001-10-26 17:29:52 25,600 ----a-w C:\WINDOWS\system32\dpnsvr.exe
+ 2001-10-26 17:29:52 18,944 ----a-w C:\WINDOWS\system32\dpnsvr.exe
- 2001-10-26 17:29:52 67,072 ----a-w C:\WINDOWS\system32\driverquery.exe
+ 2001-10-26 17:29:52 60,416 ----a-w C:\WINDOWS\system32\driverquery.exe
- 2001-07-24 00:25:14 122,472 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2001-10-26 18:03:24 122,472 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2001-08-17 20:58:00 25,472 ----a-w C:\WINDOWS\system32\drivers\AGP440.SYS
+ 2001-10-26 18:03:24 25,472 ----a-w C:\WINDOWS\system32\drivers\agp440.sys
- 2001-08-17 20:51:56 86,656 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
+ 2001-08-17 21:51:54 86,656 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
- 2001-08-17 21:01:20 57,344 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2001-10-26 18:03:24 57,344 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2001-08-17 21:02:32 9,728 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2001-10-26 18:03:24 9,728 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
- 2001-10-26 15:47:28 36,224 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
+ 2001-10-26 16:47:26 36,224 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
- 2001-08-17 21:00:54 159,232 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2001-10-26 18:03:24 159,232 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2001-08-18 05:24:30 134,144 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2001-10-26 18:03:24 134,144 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2001-08-17 20:48:48 6,400 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
+ 2001-10-26 18:03:24 6,400 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
- 2001-08-17 20:48:42 5,120 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
+ 2001-10-26 18:03:24 5,120 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
- 2001-08-17 20:48:46 4,608 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
+ 2001-10-26 18:03:24 4,608 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
- 2001-10-26 15:56:44 62,848 ----a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2001-10-26 16:56:42 62,848 ----a-w C:\WINDOWS\system32\drivers\pci.sys
- 2001-10-26 15:56:44 3,456 ----a-w C:\WINDOWS\system32\drivers\pciide.sys
+ 2001-10-26 16:56:42 3,456 ----a-w C:\WINDOWS\system32\drivers\pciide.sys
- 2001-08-17 20:51:50 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2001-08-17 21:51:48 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
- 2001-08-18 05:24:38 135,040 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2001-10-26 18:03:24 135,040 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2001-08-17 21:01:22 42,752 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2001-10-26 18:03:24 42,752 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2001-08-17 21:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2001-10-26 18:03:24 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
- 2001-08-18 05:24:44 57,472 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2001-10-26 18:03:24 57,472 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
- 2001-08-17 21:03:32 24,960 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2001-08-17 22:03:30 24,960 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
- 2001-08-17 21:03:16 50,688 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2001-08-17 22:03:14 50,688 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
- 2001-08-17 21:03:18 123,264 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2001-08-17 22:03:16 123,264 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
- 2001-08-17 21:03:22 21,760 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2001-08-17 22:03:20 21,760 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys
- 2001-08-17 21:03:08 18,944 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
+ 2001-08-17 22:03:06 18,944 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
- 2001-08-18 05:24:46 79,616 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2001-10-26 18:03:24 79,616 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2005-01-28 12:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2001-10-26 17:29:28 258,048 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2005-01-28 12:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2001-10-26 17:29:28 76,830 ----a-w C:\WINDOWS\system32\drmstor.dll
- 2005-01-28 12:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2001-10-26 17:29:28 589,824 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2001-10-26 17:29:52 36,864 ----a-w C:\WINDOWS\system32\dumprep.exe
+ 2001-10-26 17:29:52 30,208 ----a-w C:\WINDOWS\system32\dumprep.exe
- 2007-12-01 21:08:34 86,260 ----a-w C:\WINDOWS\system32\E0chis.exe
+ 2007-12-06 17:44:00 79,604 ----a-w C:\WINDOWS\system32\E0chis.exe
+ 2005-03-28 13:31:48 88,944 ----a-w C:\WINDOWS\system32\eciysaw.dll
+ 2001-10-26 17:29:30 514,587 ----a-w C:\WINDOWS\system32\edb500.dll
- 2007-11-12 18:32:28 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
+ 2007-12-02 22:29:27 23,040 ----a-w C:\WINDOWS\system32\emptyregdb.dat
- 2001-10-26 17:29:54 9,728 ----a-w C:\WINDOWS\system32\fixmapi.exe
+ 2001-10-26 17:29:54 3,072 ----a-w C:\WINDOWS\system32\fixmapi.exe
- 2007-11-15 21:49:32 181,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-02 22:37:53 181,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-01 22:17:40 403,456 ----a-w C:\WINDOWS\system32\fuck.exe
+ 2007-12-02 22:41:36 922,624 ----a-w C:\WINDOWS\system32\fuck.exe
+ 2006-05-13 04:06:02 696,320 ----a-w C:\WINDOWS\system32\fvist.com
- 2007-11-12 18:59:49 983,040 ----a-w C:\WINDOWS\system32\G0ahic.exe
+ 2007-12-06 15:55:29 983,040 ----a-w C:\WINDOWS\system32\G0ahic.exe
- 2001-10-26 17:29:54 44,544 ----a-w C:\WINDOWS\system32\grpconv.exe
+ 2001-10-26 17:29:54 37,888 ----a-w C:\WINDOWS\system32\grpconv.exe
- 2001-10-26 17:29:54 34,816 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2001-10-26 17:29:54 28,160 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2000-06-22 15:31:00 198,144 ----a-w C:\WINDOWS\system32\Ir50_qc.dll
+ 2001-10-26 17:28:12 200,192 ----a-w C:\WINDOWS\system32\ir50_qc.dll
- 2000-06-22 15:31:46 181,760 ----a-w C:\WINDOWS\system32\Ir50_qcx.dll
+ 2001-10-26 17:27:04 183,808 ----a-w C:\WINDOWS\system32\ir50_qcx.dll
- 2001-10-26 17:29:54 29,696 ----a-w C:\WINDOWS\system32\lights.exe
+ 2001-10-26 17:29:54 36,352 ----a-w C:\WINDOWS\system32\lights.exe
- 2001-10-26 17:29:54 33,280 ----a-w C:\WINDOWS\system32\lnkstub.exe
+ 2001-10-26 17:29:54 26,624 ----a-w C:\WINDOWS\system32\lnkstub.exe
- 2001-10-26 17:29:56 11,776 ----a-w C:\WINDOWS\system32\lodctr.exe
+ 2001-10-26 17:29:56 5,120 ----a-w C:\WINDOWS\system32\lodctr.exe
- 2001-10-26 17:29:56 31,232 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2001-10-26 17:29:56 24,576 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
+ 2007-12-04 12:45:07 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2006-01-06 05:39:32 24,065 ----a-w C:\WINDOWS\system32\mansor.exe
- 1999-05-17 11:56:00 135,168 ----a-w C:\WINDOWS\system32\MAPISTUB.DLL
+ 2001-10-26 17:29:34 112,128 ----a-w C:\WINDOWS\system32\mapistub.dll
- 2001-10-26 17:29:56 142,848 ----a-w C:\WINDOWS\system32\mobsync.exe
+ 2001-10-26 17:29:56 136,192 ----a-w C:\WINDOWS\system32\mobsync.exe
+ 2007-12-02 12:59:50 1,109,657 ----a-w C:\WINDOWS\system32\MrSonic.exe
+ 2001-10-26 17:29:58 34,816 ----a-w C:\WINDOWS\system32\msiregmv.exe
- 2005-01-28 12:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2001-10-26 17:29:36 174,592 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2005-01-27 12:53:04 89,005 ----a-w C:\WINDOWS\system32\na4.dll
+ 2003-09-25 18:27:28 35,328 ----a-w C:\WINDOWS\system32\NITE.exe
+ 2006-05-11 05:50:58 13,765 ----a-w C:\WINDOWS\system32\nmessd.dll
- 2001-10-26 17:30:00 38,400 ----a-w C:\WINDOWS\system32\ntsd.exe
+ 2001-10-26 17:30:00 31,744 ----a-w C:\WINDOWS\system32\ntsd.exe
+ 2004-10-30 14:50:04 35,840 ----a-w C:\WINDOWS\system32\NTSX.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\blvccbsx.exe
+ 2007-12-02 22:41:51 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\blvccbsx.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\brvecwcs.exe
+ 2007-12-02 22:41:51 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\brvecwcs.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\btesnnel.exe
+ 2007-12-02 22:41:51 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\btesnnel.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\btqkxenz.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\btqkxenz.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\cwbbnetr.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\cwbbnetr.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\hlrrerkq.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\hlrrerkq.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\knkskthw.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\knkskthw.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\lrlzztll.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\lrlzztll.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\nzzwhebn.exe
+ 2007-12-02 22:41:50 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\nzzwhebn.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\rkjenssc.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\rkjenssc.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\rrthsntk.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\rrthsntk.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\tchekrqt.exe
+ 2007-12-02 22:41:52 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\tchekrqt.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\vrrkkhbn.exe
+ 2007-12-02 22:41:50 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\vrrkkhbn.exe
- 2007-11-25 13:57:09 77,312 ----a-w C:\WINDOWS\system32\oobe\actsetup\zvswnlev.exe
+ 2007-12-02 22:41:50 121,856 ----a-w C:\WINDOWS\system32\oobe\actsetup\zvswnlev.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\ektltnch.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\error\ektltnch.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\erettxjr.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\error\erettxjr.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\jkhehnjn.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\error\jkhehnjn.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\kbwnhlkk.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\error\kbwnhlkk.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\lktkttrb.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\error\lktkttrb.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\neehnzxl.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\error\neehnzxl.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\error\sswzlttc.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\error\sswzlttc.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\error\xenjnbqe.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\error\xenjnbqe.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe
+ 2007-12-02 22:41:55 121,856 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\qxztllwj.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\qxztllwj.exe
- 2007-11-25 13:57:11 77,312 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\slhcezwb.exe
+ 2007-12-02 22:41:54 121,856 ----a-w C:\WINDOWS\system32\oobe\html\dslmain\slhcezwb.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\iconnect\jsnsljzh.exe
+ 2007-12-02 22:41:55 121,856 ----a-w C:\WINDOWS\system32\oobe\html\iconnect\jsnsljzh.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\iconnect\shrtrsbs.exe
+ 2007-12-02 22:41:55 121,856 ----a-w C:\WINDOWS\system32\oobe\html\iconnect\shrtrsbs.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\isptype\lnvlnzbq.exe
+ 2007-12-02 22:41:55 121,856 ----a-w C:\WINDOWS\system32\oobe\html\isptype\lnvlnzbq.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\bccxejnc.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\bccxejnc.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\bzrbbsrn.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\bzrbbsrn.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\cjxsjlbr.exe
+ 2007-12-02 22:41:57 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\cjxsjlbr.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\jjlhknhh.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\jjlhknhh.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\jlkshlvl.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\jlkshlvl.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\khkvhhsb.exe
+ 2007-12-02 22:41:57 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\khkvhhsb.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\klkhkrts.exe
+ 2007-12-02 22:41:57 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\klkhkrts.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\lbzcxver.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\lbzcxver.exe
- 2007-11-25 13:57:12 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\nrlcnzsh.exe
+ 2007-12-02 22:41:56 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\nrlcnzsh.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\qetvqlnw.exe
+ 2007-12-02 22:41:57 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\qetvqlnw.exe
- 2007-11-25 13:57:13 77,312 ----a-w C:\WINDOWS\system32\oobe\html\mouse\rbnrnnxt.exe
+ 2007-12-02 22:41:57 121,856 ----a-w C:\WINDOWS\system32\oobe\html\mouse\rbnrnnxt.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\html\sconnect\jkhjlhbb.exe
+ 2007-12-02 22:41:58 121,856 ----a-w C:\WINDOWS\system32\oobe\html\sconnect\jkhjlhbb.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\html\sconnect\vznnebet.exe
+ 2007-12-02 22:41:58 121,856 ----a-w C:\WINDOWS\system32\oobe\html\sconnect\vznnebet.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\icserror\vcejlxkt.exe
+ 2007-12-02 22:41:58 121,856 ----a-w C:\WINDOWS\system32\oobe\icserror\vcejlxkt.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\hkenntsl.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\hkenntsl.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\jjtrkbnj.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\jjtrkbnj.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\knkbrnbn.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\knkbrnbn.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\ktkbeknl.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\ktkbeknl.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\rkeetqew.exe
+ 2007-12-02 22:41:58 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\rkeetqew.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\skqbvxsq.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\skqbvxsq.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\tsjhshcj.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\tsjhshcj.exe
- 2007-11-25 13:57:14 77,312 ----a-w C:\WINDOWS\system32\oobe\isperror\ztceskls.exe
+ 2007-12-02 22:41:59 121,856 ----a-w C:\WINDOWS\system32\oobe\isperror\ztceskls.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\krcxzncj.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\krcxzncj.exe
- 2001-10-26 17:29:58 28,160 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
+ 2001-10-26 17:29:58 34,816 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\qjeejeej.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\qjeejeej.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\cetrjwtt.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\cetrjwtt.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\ehxzeshx.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\ehxzeshx.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\etnwxxnv.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\etnwxxnv.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\kjtzrlbb.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\kjtzrlbb.exe
- 2007-11-25 13:57:15 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\rcwnttzv.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\rcwnttzv.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\wlkbbnrq.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\wlkbbnrq.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\wtkkxrlr.exe
+ 2007-12-02 22:42:01 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\wtkkxrlr.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\regerror\xcjnkske.exe
+ 2007-12-02 22:42:00 121,856 ----a-w C:\WINDOWS\system32\oobe\regerror\xcjnkske.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\bknkjheh.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\bknkjheh.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\bvqncler.exe
+ 2007-12-03 08:56:46 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\bvqncler.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\crjrhltv.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\crjrhltv.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\enbsjwre.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\enbsjwre.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\esjhxblq.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\esjhxblq.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\eskcxkhr.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\eskcxkhr.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\hlqstwxz.exe
+ 2007-12-02 22:42:01 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\hlqstwxz.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\hnhkkene.exe
+ 2007-12-03 08:56:43 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\hnhkkene.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\hwncrnhh.exe
+ 2007-12-03 08:56:43 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\hwncrnhh.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\hxckwnzl.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\hxckwnzl.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\hxxttskn.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\hxxttskn.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\jejrhnvh.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\jejrhnvh.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\jtxsbxwn.exe
+ 2007-12-03 08:56:43 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\jtxsbxwn.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\kjqkxtnz.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\kjqkxtnz.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\kksksesr.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\kksksesr.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\knkhrczb.exe
+ 2007-12-02 22:42:01 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\knkhrczb.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\lhkhbjzl.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\lhkhbjzl.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\lkjtrhks.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\lkjtrhks.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\nleevxqj.exe
+ 2007-12-02 22:42:03 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\nleevxqj.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\nvbbshss.exe
+ 2007-12-02 22:42:01 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\nvbbshss.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe
- 2007-11-25 13:57:16 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\rresnsct.exe
+ 2007-12-02 22:42:01 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\rresnsct.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\rserkten.exe
+ 2007-12-03 08:56:43 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\rserkten.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\sejkhevn.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\sejkhevn.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\seqtjbee.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\seqtjbee.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe
+ 2007-12-03 08:56:43 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\tthzxntk.exe
+ 2007-12-02 16:37:00 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\tthzxntk.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\wnklretl.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\wnklretl.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\wtenslnj.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\wtenslnj.exe
- 2007-11-25 13:57:18 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe
+ 2007-12-03 08:56:44 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe
- 2007-11-25 13:57:17 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe
+ 2007-12-02 22:42:02 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe
- 2007-11-25 13:57:19 77,312 ----a-w C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe
+ 2007-12-03 08:56:45 121,856 ----a-w C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe
- 2007-11-25 13:57:10 77,312 ----a-w C:\WINDOWS\system32\oobe\tttnwshl.exe
+ 2007-12-02 22:41:53 121,856 ----a-w C:\WINDOWS\system32\oobe\tttnwshl.exe
- 2001-10-26 17:30:00 219,648 ----a-w C:\WINDOWS\system32\osk.exe
+ 2001-10-26 17:30:00 212,992 ----a-w C:\WINDOWS\system32\osk.exe
- 2007-11-13 20:24:42 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-07 21:37:00 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-13 20:24:42 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-12-07 21:37:00 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-11-13 20:24:42 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-07 21:37:00 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-13 20:24:42 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-12-07 21:37:00 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2001-10-26 17:30:00 22,528 ----a-w C:\WINDOWS\system32\ping.exe
+ 2001-10-26 17:30:00 15,872 ----a-w C:\WINDOWS\system32\ping.exe
- 2001-10-26 17:30:00 214,016 ----a-w C:\WINDOWS\system32\progman.exe
+ 2001-10-26 17:30:00 207,360 ----a-w C:\WINDOWS\system32\progman.exe
- 2001-10-26 17:30:00 52,224 ----a-w C:\WINDOWS\system32\proquota.exe
+ 2001-10-26 17:30:00 45,568 ----a-w C:\WINDOWS\system32\proquota.exe
+ 2006-01-06 05:38:18 38,401 ----a-w C:\WINDOWS\system32\psme2.exe
+ 1999-04-25 22:48:20 21,167 ---ha-w C:\WINDOWS\system32\q8war.exe
- 2001-10-26 17:30:00 17,408 ----a-w C:\WINDOWS\system32\qappsrv.exe
+ 2001-10-26 17:30:00 24,064 ----a-w C:\WINDOWS\system32\qappsrv.exe
+ 2007-12-03 16:13:53 172,544 ----a-w C:\WINDOWS\system32\qe.exe
- 2001-10-26 17:30:00 40,960 ----a-w C:\WINDOWS\system32\rcimlby.exe
+ 2001-10-26 17:30:00 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
- 2001-10-26 17:30:02 18,944 ----a-w C:\WINDOWS\system32\runonce.exe
+ 2001-10-26 17:30:02 12,288 ----a-w C:\WINDOWS\system32\runonce.exe
- 2007-11-30 16:37:03 392,704 ----a-w C:\WINDOWS\system32\secur.exe
+ 2007-12-02 13:59:46 392,704 ----a-w C:\WINDOWS\system32\secur.exe
+ 2007-12-02 13:26:12 30,720 ----a-w C:\WINDOWS\system32\setup_73483.exe
- 2001-10-26 17:30:02 21,504 ----a-w C:\WINDOWS\system32\shmgrate.exe
+ 2001-10-26 17:30:02 28,160 ----a-w C:\WINDOWS\system32\shmgrate.exe
- 2001-10-26 17:30:02 70,144 ----a-w C:\WINDOWS\system32\shrpubw.exe
+ 2001-10-26 17:30:02 76,800 ----a-w C:\WINDOWS\system32\shrpubw.exe
- 2001-10-26 17:30:02 18,944 ----a-w C:\WINDOWS\system32\shutdown.exe
+ 2001-10-26 17:30:02 25,600 ----a-w C:\WINDOWS\system32\shutdown.exe
+ 2006-05-13 04:19:44 24,492 ----a-w C:\WINDOWS\system32\sohid.com
+ 2007-04-06 08:11:00 21,167 ----a-w C:\WINDOWS\system32\Sonic.exe
+ 2007-04-06 08:17:38 1,777,664 ----a-w C:\WINDOWS\system32\Sonic22.exe
+ 2003-02-19 22:06:00 35,840 ----a-w C:\WINDOWS\system32\sostop.exe
+ 2007-11-17 16:55:50 16,646 ----a-w C:\WINDOWS\system32\Spex.sys
+ 2005-11-26 07:44:36 25,248 ----a-w C:\WINDOWS\system32\spn1k.dll
- 2007-11-16 14:09:39 6,277,261 ----a-w C:\WINDOWS\system32\spooIsv.exe
+ 2001-10-26 17:29:52 125,354 ---h--w C:\WINDOWS\system32\spooIsv.exe
- 2001-10-26 17:29:52 58,024 ---h--w C:\WINDOWS\system32\spoolsvc.exe
+ 2001-10-26 17:29:52 339,448 ---h--w C:\WINDOWS\system32\spoolsvc.exe
- 2007-11-29 11:27:31 1,185,328 ----a-w C:\WINDOWS\system32\Srb0ty.exe
+ 2007-12-04 09:52:53 1,859,584 ----a-w C:\WINDOWS\system32\Srb0ty.exe
+ 2003-11-15 20:15:30 1,777,664 ----a-w C:\WINDOWS\system32\Start.exe
- 2007-11-25 13:36:43 6,546,276 --sh--r C:\WINDOWS\system32\svshost.exe
+ 2007-12-02 13:42:58 6,546,276 --sh--r C:\WINDOWS\system32\svshost.exe
- 2001-10-26 16:29:46 70,144 ----a-w C:\WINDOWS\system32\usbui.dll
+ 2001-10-26 18:03:24 70,144 ----a-w C:\WINDOWS\system32\usbui.dll
- 2001-10-26 17:30:04 53,248 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2001-10-26 17:30:04 46,592 ----a-w C:\WINDOWS\system32\utilman.exe
- 2001-10-26 17:29:52 58,024 ---h--w C:\WINDOWS\system32\winamp.exe
+ 2001-10-26 17:29:52 339,448 ---h--w C:\WINDOWS\system32\winamp.exe
- 2001-10-26 17:30:06 14,848 ----a-w C:\WINDOWS\system32\winhlp32.exe
+ 2001-10-26 17:30:06 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
- 2001-10-26 17:30:06 34,816 ----a-w C:\WINDOWS\system32\xcopy.exe
+ 2001-10-26 17:30:06 28,160 ----a-w C:\WINDOWS\system32\xcopy.exe
+ 2006-05-11 04:03:04 23,490 ----a-w C:\WINDOWS\system32\xl4m3r.dll
+ 2007-04-22 13:21:20 6,636 ----a-w C:\WINDOWS\system32\xxx-spam.dll
+ 2006-07-08 19:08:02 5,185 ----a-w C:\WINDOWS\system32\xxxx-inviter.dll
+ 2006-05-12 19:08:46 21,882 ----a-w C:\WINDOWS\system32\ybn1e.dll
+ 2007-04-22 13:23:06 41,909 ----a-w C:\WINDOWS\system32\ybn2e.dll
+ 2007-04-22 13:23:36 29,359 ----a-w C:\WINDOWS\system32\ybn3e.dll
+ 2006-05-18 23:09:18 5,317 ----a-w C:\WINDOWS\system32\ybn4e.dll
- 2007-11-25 13:57:27 77,312 ----a-w C:\WINDOWS\Web\wcxnjhhj.exe
+ 2007-12-03 08:56:50 121,856 ----a-w C:\WINDOWS\Web\wcxnjhhj.exe
- 2001-10-26 17:30:06 275,456 ----a-w C:\WINDOWS\winhlp32.exe
+ 2001-10-26 17:30:06 268,800 ----a-w C:\WINDOWS\winhlp32.exe
+ 2001-08-18 06:37:18 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\48320\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2002-05-03 10:06 C:\WINDOWS\system32\nwiz.exe]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 10:26]
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 13:18]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 10:21 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
"HOT FIX"="Gothic.exe" [2007-12-06 18:09 C:\WINDOWS\system32\Gothic.exe]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [2007-11-12 20:04]
"Microsoft Winedows rpdate"="kegpzv.exe" []
"MicroSoft ssadsadas3s1"="eXtream.exe" [2007-12-01 15:34 C:\WINDOWS\system32\eXtream.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 10:52 C:\WINDOWS\system32\Srb0ty.exe]
"Auto File System Conversion Utility"="C:\WINDOWS\System32\wbem\scricon.exe" [2001-10-26 18:29]
"syswin.txt"="jjv.exe" [2001-10-26 18:29 C:\WINDOWS\system32\jjv.exe]
"WMI Standard Event Consumer - hosting"="C:\WINDOWS\System32\wbem\scrcs.exe" []
"Windows Secure Update"="load.exe" [2007-12-03 16:11 C:\WINDOWS\system32\load.exe]
"Windows LoL Layer"="osqywtb.exe" []
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 17:29 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft ssas3s1"="SADASDA.exe" [2007-12-05 21:45 C:\WINDOWS\system32\SADASDA.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"HOT FIX"="Gothic.exe" [2007-12-06 18:09 C:\WINDOWS\system32\Gothic.exe]
"MicroSoft ssadsadas3s1"="eXtream.exe" [2007-12-01 15:34 C:\WINDOWS\system32\eXtream.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 10:52 C:\WINDOWS\system32\Srb0ty.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2001-10-26 18:30]
"Windows Secure Update"="load.exe" [2007-12-03 16:11 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 17:29 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft ssas3s1"="SADASDA.exe" [2007-12-05 21:45 C:\WINDOWS\system32\SADASDA.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [2007-11-12 20:04]
"Auto File System Conversion Utility"="C:\WINDOWS\System32\wbem\scricon.exe" [2001-10-26 18:29]
"WMI Standard Event Consumer - hosting"="C:\WINDOWS\System32\wbem\scrcs.exe" []



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe
"WMI Standard Event Consumer - hosting"= C:\WINDOWS\System32\wbem\scrcs.exe

[Dzi@dek]

Skończymy sprawdzać logi jeśli nie zainstalujesz antywirusa.

[nomik]

zainstalowałem antywira dalej mi sie komp wiesza:/ a oto log z hijacka:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:02:43, on 2007-12-22
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cmd.exe
E:\simon\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {51E7A28B-0AEA-4928-8A22-1A41C5BEF23B} - C:\WINDOWS\System32\pmnnl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{629572AC-CC2B-4CA8-A00C-F8AD5120C074}: NameServer = 217.30.129.149 217.30.137.200
O20 - Winlogon Notify:  X -  X (file missing)
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

[quote][/quote]

[wojtas]

zastosuj:

smitfraudfix z opcji 2


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[nomik]

wrzucam logi:

1 sdfix:

Kod: Zaznacz wszystko


SDFix: Version 1.119

Run by bedik on 2007-12-22 at 17:12

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Distributed Allocated Memory Unit

Path:
"C:\WINDOWS\system32\dllcache\mravsc32.exe"

Distributed Allocated Memory Unit - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CXDSFS.EXE - Deleted
C:\WINDOWS\SYSTEM32\WDFYSUIH.TMP - Deleted
C:\WINDOWS\system32\eraseme_52308.exe - Deleted
C:\WINDOWS\system32\3.tmp  - Deleted
C:\WINDOWS\system32\5.tmp  - Deleted
C:\WINDOWS\system32\dllcache\mravsc32.exe  - Deleted
C:\WINDOWS\system32\Gothic.exe  - Deleted
C:\WINDOWS\system32\i  - Deleted
C:\WINDOWS\system32\iexplore.exe  - Deleted
C:\WINDOWS\system32\o  - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Folder C:\Program Files\Helper - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:17:32
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\RCXA.tmp 335360 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"h"="h:*:Enabled:Microsoft Winedows rpdate"
"C:\\WINDOWS\\System32\\iexplore.exe"="C:\\WINDOWS\\System32\\iexplore.exe:*:Enabled:Microsoft Internet Explorer"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 26 Oct 2001       502,784 ..SHR --- "C:\WINDOWS\system32\furqqj.exe"
Fri 14 Dec 2007        71,175 A..H. --- "C:\WINDOWS\system32\hdyhllu.exe"
Tue 18 Dec 2007        81,920 ..SH. --- "C:\WINDOWS\system32\Wseclayer.exe"

Finished!


2 combofix

Kod: Zaznacz wszystko

ComboFix 07-12-21.4 - bedik 2007-12-22 17:38:26.1 - NTFSx86

Running from: C:\Documents and Settings\bedik\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hggffgd.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnonkj.dll
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\vtstr.dll

.
(((((((((((((((((((((((((   Files Created from 2007-11-22 to 2007-12-22  )))))))))))))))))))))))))))))))
.

2007-12-22 17:41 . 2007-12-22 17:41   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2007-12-22 17:32 . 2007-12-22 17:36   335,360   --a------   C:\WINDOWS\system32\vtstr.exe
2007-12-22 17:30 . 2007-12-22 17:30   2,294   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-22 17:29 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2007-12-22 17:29 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2007-12-22 17:29 . 2007-12-20 23:11   81,920   --a------   C:\WINDOWS\system32\IEDFix.exe
2007-12-22 17:29 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2007-12-22 17:29 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2007-12-22 17:29 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2007-12-22 17:26 . 2007-12-22 17:26   335,360   --a------   C:\WINDOWS\system32\RCX14.tmp
2007-12-22 17:23 . 2007-12-22 17:23   1,024   --ah-----   C:\WINDOWS\system32\ntzblrf.exe
2007-12-22 17:22 . 2007-12-22 17:22   411,648   --ah-----   C:\WINDOWS\system32\ntyfbor.exe
2007-12-22 17:22 . 2007-12-22 17:22   71,854   --a------   C:\WINDOWS\system32\ntyfbor .exe
2007-12-22 17:22 . 2007-12-22 17:22   59,773   --a------   C:\WINDOWS\system32\lzzndnxm.exe
2007-12-22 17:22 . 2007-12-22 17:22   59,607   --a------   C:\WINDOWS\system32\dpvejdwx.exe
2007-12-22 17:22 . 2007-12-22 17:22   29,820   --a------   C:\WINDOWS\system32\igfxsrvc32.exe
2007-12-22 17:22 . 2007-12-22 17:22   75   --a------   C:\WINDOWS\system32\ii
2007-12-22 17:21 . 2007-12-22 17:21   71,854   --a------   C:\WINDOWS\system32\prfvjpb .exe
2007-12-22 17:21 . 2007-12-22 17:24   71,854   --a------   C:\WINDOWS\system32\firewall .exe
2007-12-22 17:21 . 2007-12-22 17:23   23,552   --ah-----   C:\WINDOWS\system32\cgdcenb.exe
2007-12-22 17:21 . 2007-12-22 17:37   71   --a------   C:\WINDOWS\system32\i
2007-12-22 17:12 . 2007-12-22 17:12   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-22 17:09 . 2007-12-22 17:41   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-22 17:09 . 2007-12-14 20:41   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-12-22 17:09 . 2007-12-14 20:47   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-12-22 17:09 . 2007-12-14 20:41   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-12-22 17:09 . 2007-12-14 20:41   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-22 17:09 . 2007-12-14 20:41   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-12-22 17:09 . 2007-12-14 20:41   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-22 15:55 . 2007-12-22 15:55   57,344   --a------   C:\WINDOWS\system32\xqqiyc.exe
2007-12-22 15:55 . 2007-12-22 15:55   57,344   --a------   C:\WINDOWS\system32\dmfnx.exe
2007-12-22 15:55 . 2007-12-22 15:55   20,480   --a------   C:\WINDOWS\system32\zbnir.exe
2007-12-22 15:39 . 2007-12-22 15:40   471,040   --a------   C:\WINDOWS\system32\load.exe
2007-12-22 15:36 . 2007-12-22 15:36   24,430   --a------   C:\WINDOWS\system32\hmjy.exe
2007-12-22 15:33 . 2007-12-22 17:17   335,360   --a------   C:\WINDOWS\system32\pmnnl.exe
2007-12-22 15:11 . 2007-12-22 15:11   24,430   --a------   C:\WINDOWS\system32\xrdf.exe
2007-12-22 15:10 . 2007-12-22 15:10   466,944   --a------   C:\WINDOWS\system32\iPod.exe
2007-12-22 12:15 . 2007-12-22 12:15   335,360   --a------   C:\WINDOWS\system32\RCX62.tmp
2007-12-22 12:03 . 2007-12-22 12:03   61,357   --a------   C:\WINDOWS\system32\rjrqggbq.exe
2007-12-22 12:03 . 2007-12-22 12:03   60,727   --a------   C:\WINDOWS\system32\vfdf.exe
2007-12-22 11:32 . 2007-12-22 14:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-22 11:17 . 2007-12-22 11:17   60,727   --a------   C:\WINDOWS\system32\hifb.exe
2007-12-22 11:05 . 2007-12-22 11:54   155,648   --a------   C:\WINDOWS\system32\NeroCheck .exe
2007-12-22 11:00 . 2007-12-22 15:53   71,854   --a------   C:\WINDOWS\system32\iexplore .exe
2007-12-22 10:59 . 2007-12-22 10:59   71,854   --a------   C:\WINDOWS\system32\ridate .exe
2007-12-21 22:04 . 2007-12-21 22:04   465,408   --a------   C:\Documents and Settings\bedik\xing.exe
2007-12-21 21:39 . 2007-12-21 21:39   135,217   --a------   C:\Documents and Settings\bedik\tteryal.exe
2007-12-21 12:19 . 2007-12-22 10:54   <DIR>   d--------   C:\WINDOWS\system32\ksomik
2007-12-21 12:17 . 2007-12-21 12:19   725,861   --a------   C:\WINDOWS\system32\fds.pif
2007-12-21 12:00 . 2007-12-21 12:00   992,082   --a------   C:\WINDOWS\system32\sdfsdfs.exe
2007-12-21 11:50 . 2007-12-21 11:52   94,208   --a------   C:\WINDOWS\system32\Srb0ty.exe
2007-12-20 18:47 . 2007-12-20 21:33   69   --a------   C:\WINDOWS\NeroDigital.ini
2007-12-20 18:27 . 2007-12-20 18:27   <DIR>   d--------   C:\Program Files\uTorrent
2007-12-20 18:26 . 2007-12-22 12:04   <DIR>   d--------   C:\Documents and Settings\bedik\Dane aplikacji\uTorrent
2007-12-20 18:02 . 2007-12-20 18:02   466,432   --a------   C:\Documents and Settings\bedik\xlifefor.exe
2007-12-20 17:56 . 2007-12-20 17:56   135,217   --a------   C:\Documents and Settings\bedik\ret7ail.exe
2007-12-20 11:17 . 2007-12-20 11:17   135,217   --a------   C:\Documents and Settings\bedik\o0s4odb1tf.exe
2007-12-19 22:11 . 2007-12-19 22:11   502,784   --a------   C:\WINDOWS\system32\ndates.exe
2007-12-19 20:11 . 2007-12-19 20:11   991,310   --a------   C:\WINDOWS\system32\cgdsfs.pif
2007-12-19 19:59 . 2007-12-19 20:03   535,767   --a------   C:\WINDOWS\cx.exe
2007-12-19 19:59 . 2007-12-20 11:17   535,448   --a------   C:\WINDOWS\system32\cx.exe
2007-12-19 19:54 . 2007-12-19 20:11   <DIR>   d--------   C:\Program Files\dfrerter
2007-12-19 19:52 . 2007-12-19 19:54   991,310   --a------   C:\WINDOWS\system32\cg.pif
2007-12-19 19:19 . 2007-12-22 12:12   585,264   --a------   C:\WINDOWS\system32\hqghumea.dll
2007-12-19 19:19 . 2007-12-22 15:17   63   --a------   C:\WINDOWS\system32\x
2007-12-19 12:40 . 2007-12-22 17:37   2,840   --a------   C:\WINDOWS\system32\mcaffe.exe
2007-12-18 21:12 . 2007-12-18 21:12   992,082   --a------   C:\WINDOWS\system32\csdfsds.exe
2007-12-18 21:11 . 2007-12-21 12:00   <DIR>   d--------   C:\Program Files\dfdsfsd
2007-12-18 21:11 . 2007-12-18 21:11   992,082   --a------   C:\WINDOWS\system32\cxdsfsdfsds.exe
2007-12-18 19:03 . 2007-12-18 19:05   548,864   --a------   C:\WINDOWS\system32\Syst3m32.exe
2007-12-18 15:09 . 2007-12-18 15:09   81,920   ---hs----   C:\WINDOWS\system32\Wseclayer.exe
2007-12-16 23:11 . 2007-12-16 23:11   <DIR>   d--------   C:\Program Files\Common Files\Nero
2007-12-16 23:09 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2007-12-16 23:09 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 23:09 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 23:09 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2007-12-16 23:09 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 23:09 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 23:05 . 2007-12-16 23:05   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2007-12-16 23:05 . 2007-12-16 23:09   <DIR>   d--------   C:\Program Files\Ahead
2007-12-16 18:01 . 2007-12-16 18:01   221   --a------   C:\WINDOWS\NCLogConfig.ini
2007-12-16 17:58 . 2007-12-21 11:53   <DIR>   d--------   C:\Documents and Settings\bedik\Dane aplikacji\Image Zone Express
2007-12-16 17:57 . 2007-12-16 17:57   <DIR>   d---s----   C:\Documents and Settings\bedik\UserData
2007-12-16 17:48 . 2007-12-16 18:01   <DIR>   d--------   C:\Documents and Settings\bedik\Dane aplikacji\HP
2007-12-16 17:47 . 2007-12-16 17:47   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-12-16 17:46 . 2007-12-16 17:47   <DIR>   d--------   C:\Program Files\Common Files\HP
2007-12-16 17:45 . 2007-12-16 17:45   <DIR>   d--------   C:\Program Files\Hewlett-Packard
2007-12-16 17:44 . 2007-12-16 17:44   <DIR>   d--------   C:\Program Files\Common Files\Hewlett-Packard
2007-12-16 17:43 . 2006-01-03 18:12   77,824   -ra------   C:\WINDOWS\system32\HPZIDS01.dll
2007-12-16 17:43 . 2006-04-12 11:04   49,664   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-16 17:43 . 2006-04-10 14:03   48,128   --a------   C:\WINDOWS\system32\hpzll054.dll
2007-12-16 17:43 . 2006-04-12 11:04   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-16 17:43 . 2001-08-17 21:53   13,824   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-16 17:43 . 2001-08-17 21:53   13,824   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-16 17:42 . 2006-03-03 21:03   282,680   --a------   C:\WINDOWS\system32\HPZidr12.dll
2007-12-16 17:42 . 2006-03-03 21:02   204,800   --a------   C:\WINDOWS\system32\HPZipr12.dll
2007-12-16 17:42 . 2006-03-03 21:02   94,208   --a------   C:\WINDOWS\system32\HPZipt12.dll
2007-12-16 17:42 . 2006-03-03 21:03   69,632   --a------   C:\WINDOWS\system32\HPZipm12.exe
2007-12-16 17:42 . 2006-03-03 21:03   65,536   --a------   C:\WINDOWS\system32\HPZinw12.exe
2007-12-16 17:42 . 2006-03-03 21:02   57,344   --a------   C:\WINDOWS\system32\HPZisn12.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 16:43   16,768   ----a-w   C:\WINDOWS\system32\tcpip_patcher.sys
2007-12-22 16:43   ---------   d-----w   C:\Program Files\DialNet
2007-12-19 21:47   8,192   ----a-w   C:\WINDOWS\system32\winhlp32.exe
2007-12-19 21:47   77,824   ----a-w   C:\WINDOWS\system32\wmpstub.exe
2007-12-19 21:47   61,440   ----a-w   C:\WINDOWS\system32\wextract.exe
2007-12-19 21:47   5,632   ----a-w   C:\WINDOWS\system32\write.exe
2007-12-19 21:47   4,096   ----a-w   C:\WINDOWS\system32\winver.exe
2007-12-19 21:47   32,256   ----a-w   C:\WINDOWS\system32\wupdmgr.exe
2007-12-19 21:47   31,232   ----a-w   C:\WINDOWS\system32\wpabaln.exe
2007-12-19 21:47   29,696   ----a-w   C:\WINDOWS\system32\wpnpinst.exe
2007-12-19 21:47   119,808   ----a-w   C:\WINDOWS\system32\winmine.exe
2007-12-19 21:47   118,784   ----a-w   C:\WINDOWS\system32\wscript.exe
2007-12-19 21:47   113,664   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-12-19 21:47   11,776   ----a-w   C:\WINDOWS\system32\winmsd.exe
2007-12-19 21:46   74,752   ----a-w   C:\WINDOWS\system32\taskkill.exe
2007-12-19 21:46   73,728   ----a-w   C:\WINDOWS\system32\tasklist.exe
2007-12-19 21:46   72,192   ----a-w   C:\WINDOWS\system32\tlntsess.exe
2007-12-19 21:46   72,192   ----a-w   C:\WINDOWS\system32\telnet.exe
2007-12-19 21:46   70,144   ----a-w   C:\WINDOWS\system32\systeminfo.exe
2007-12-19 21:46   54,272   ----a-w   C:\WINDOWS\system32\tlntadmn.exe
2007-12-19 21:46   51,200   ----a-w   C:\WINDOWS\system32\w32tm.exe
2007-12-19 21:46   46,592   ----a-w   C:\WINDOWS\system32\utilman.exe
2007-12-19 21:46   40,448   ----a-w   C:\WINDOWS\system32\tscupgrd.exe
2007-12-19 21:46   4,096   ----a-w   C:\WINDOWS\system32\unlodctr.exe
2007-12-19 21:46   36,864   ----a-w   C:\WINDOWS\system32\typeperf.exe
2007-12-19 21:46   33,792   ----a-w   C:\WINDOWS\system32\vssadmin.exe
2007-12-19 21:46   32,256   ----a-w   C:\WINDOWS\system32\tracert6.exe
2007-12-19 21:46   3,072   ----a-w   C:\WINDOWS\system32\systray.exe
2007-12-19 21:46   232,448   ----a-w   C:\WINDOWS\system32\tracerpt.exe
2007-12-19 21:46   19,456   ----a-w   C:\WINDOWS\system32\tcpsvcs.exe
2007-12-19 21:46   17,920   ----a-w   C:\WINDOWS\system32\tsshutdn.exe
2007-12-19 21:46   16,896   ----a-w   C:\WINDOWS\system32\tftp.exe
2007-12-19 21:46   16,384   ----a-w   C:\WINDOWS\system32\tskill.exe
2007-12-19 21:46   15,360   ----a-w   C:\WINDOWS\system32\tsdiscon.exe
2007-12-19 21:46   15,360   ----a-w   C:\WINDOWS\system32\tscon.exe
2007-12-19 21:46   15,360   ----a-w   C:\WINDOWS\system32\taskman.exe
2007-12-19 21:46   14,848   ----a-w   C:\WINDOWS\system32\upnpcont.exe
2007-12-19 21:46   13,312   ----a-w   C:\WINDOWS\system32\tcmsetup.exe
2007-12-19 21:46   102,400   ----a-w   C:\WINDOWS\system32\verifier.exe
2007-12-19 21:46   10,240   ----a-w   C:\WINDOWS\system32\tracert.exe
2007-12-19 21:45   9,728   ----a-w   C:\WINDOWS\system32\sfc.exe
2007-12-19 21:45   9,728   ----a-w   C:\WINDOWS\system32\reset.exe
2007-12-19 21:45   9,216   ----a-w   C:\WINDOWS\system32\subst.exe
2007-12-19 21:45   8,192   ----a-w   C:\WINDOWS\system32\scrnsave.scr
2007-12-19 21:45   74,752   ----a-w   C:\WINDOWS\system32\rtcshare.exe
2007-12-19 21:45   70,144   ----a-w   C:\WINDOWS\system32\shrpubw.exe
2007-12-19 21:45   7,168   ----a-w   C:\WINDOWS\system32\recover.exe
2007-12-19 21:45   671,744   ----a-w   C:\WINDOWS\system32\ss3dfo.scr
2007-12-19 21:45   66,560   ----a-w   C:\WINDOWS\system32\sigverif.exe
2007-12-19 21:45   638,976   ----a-w   C:\WINDOWS\system32\sstext3d.scr
2007-12-19 21:45   62,976   ----a-w   C:\WINDOWS\system32\rsopprov.exe
2007-12-19 21:45   61,952   ----a-w   C:\WINDOWS\system32\rdshost.exe
2007-12-19 21:45   569,344   ----a-w   C:\WINDOWS\system32\sspipes.scr
2007-12-19 21:45   54,272   ----a-w   C:\WINDOWS\system32\rsm.exe
2007-12-19 21:45   54,272   ----a-w   C:\WINDOWS\system32\rasphone.exe
2007-12-19 21:45   51,200   ----a-w   C:\WINDOWS\system32\syncapp.exe
2007-12-19 21:45   51,200   ----a-w   C:\WINDOWS\system32\reg.exe
2007-12-19 21:45   49,152   ----a-w   C:\WINDOWS\system32\rsmui.exe
2007-12-19 21:45   43,008   ----a-w   C:\WINDOWS\system32\ssmypics.scr
2007-12-19 21:45   41,984   ----a-w   C:\WINDOWS\system32\rdpclip.exe
2007-12-19 21:45   4,608   ----a-w   C:\WINDOWS\system32\regwiz.exe
2007-12-19 21:45   38,400   ----a-w   C:\WINDOWS\system32\sdbinst.exe
2007-12-19 21:45   37,376   ----a-w   C:\WINDOWS\system32\syskey.exe
2007-12-19 21:45   364,544   ----a-w   C:\WINDOWS\system32\ssflwbox.scr
2007-12-19 21:45   34,304   ----a-w   C:\WINDOWS\system32\rcimlby.exe
2007-12-19 21:45   33,792   ----a-w   C:\WINDOWS\system32\relog.exe
2007-12-19 21:45   33,792   ----a-w   C:\WINDOWS\system32\regini.exe
2007-12-19 21:45   31,232   ----a-w   C:\WINDOWS\system32\sc.exe
2007-12-19 21:45   30,208   ----a-w   C:\WINDOWS\system32\sethc.exe
2007-12-19 21:45   3,584   ----a-w   C:\WINDOWS\system32\regedt32.exe
2007-12-19 21:45   25,600   ----a-w   C:\WINDOWS\system32\routemon.exe
2007-12-19 21:45   24,576   ----a-w   C:\WINDOWS\system32\rsmsink.exe
2007-12-19 21:45   24,064   ----a-w   C:\WINDOWS\system32\skeys.exe
2007-12-19 21:45   23,552   ----a-w   C:\WINDOWS\system32\sort.exe
2007-12-19 21:45   22,528   ----a-w   C:\WINDOWS\system32\qwinsta.exe
2007-12-19 21:45   21,504   ----a-w   C:\WINDOWS\system32\shmgrate.exe
2007-12-19 21:45   20,992   ----a-w   C:\WINDOWS\system32\stimon.exe
2007-12-19 21:45   20,992   ----a-w   C:\WINDOWS\system32\setup.exe
2007-12-19 21:45   20,480   ----a-w   C:\WINDOWS\system32\route.exe
2007-12-19 21:45   20,480   ----a-w   C:\WINDOWS\system32\rcp.exe
2007-12-19 21:45   19,968   ----a-w   C:\WINDOWS\system32\savedump.exe
2007-12-19 21:45   19,456   ----a-w   C:\WINDOWS\system32\ssmarque.scr
2007-12-19 21:45   19,456   ----a-w   C:\WINDOWS\system32\qprocess.exe
2007-12-19 21:45   18,944   ----a-w   C:\WINDOWS\system32\ssbezier.scr
2007-12-19 21:45   18,944   ----a-w   C:\WINDOWS\system32\shutdown.exe
2007-12-19 21:45   17,408   ----a-w   C:\WINDOWS\system32\ssmyst.scr
2007-12-19 21:45   17,408   ----a-w   C:\WINDOWS\system32\secedit.exe
2007-12-19 21:45   17,408   ----a-w   C:\WINDOWS\system32\qappsrv.exe
2007-12-19 21:45   16,896   ----a-w   C:\WINDOWS\system32\runas.exe
2007-12-19 21:45   16,384   ----a-w   C:\WINDOWS\system32\rwinsta.exe
2007-12-19 21:45   15,360   ----a-w   C:\WINDOWS\system32\shadow.exe
2007-12-19 21:45   139,264   ----a-w   C:\WINDOWS\system32\sndvol32.exe
2007-12-19 21:45   13,824   ----a-w   C:\WINDOWS\system32\rsh.exe
2007-12-19 21:45   13,312   ----a-w   C:\WINDOWS\system32\ssstars.scr
2007-12-19 21:45   125,440   ----a-w   C:\WINDOWS\system32\sndrec32.exe
2007-12-19 21:45   12,800   ----a-w   C:\WINDOWS\system32\replace.exe
2007-12-19 21:45   12,288   ----a-w   C:\WINDOWS\system32\rexec.exe
2007-12-19 21:45   12,288   ----a-w   C:\WINDOWS\system32\rdsaddin.exe
2007-12-19 21:45   119,808   ----a-w   C:\WINDOWS\system32\schtasks.exe
2007-12-19 21:45   11,776   ----a-w   C:\WINDOWS\system32\rasdial.exe
2001-10-26 17:29   502,784   --sh--r   C:\WINDOWS\system32\furqqj.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg   .exe" []
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2007-12-14 22:02 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-14 22:02 C:\WINDOWS\system32\nwiz.exe]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" []
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2007-12-14 22:21]
"Microsoft Winedows rpdate"="furqqj.exe" [2001-10-26 18:29 C:\WINDOWS\system32\furqqj.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-18 19:05 C:\WINDOWS\system32\Syst3m32.exe]
"Microsoft Winedows WinServ"="iPod.exe" [2007-12-22 15:10 C:\WINDOWS\system32\iPod.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-18 19:05 C:\WINDOWS\system32\Syst3m32.exe]
"Microsoft Winedows WinServ"="iPod.exe" [2007-12-22 15:10 C:\WINDOWS\system32\iPod.exe]

C:\Documents and Settings\bedik\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ X]
X

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll

R1 easdrv;easdrv;C:\WINDOWS\System32\DRIVERS\easdrv.sys [2007-11-23 21:50]
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-11-23 21:52]
R2 eamon;EAMON;C:\WINDOWS\System32\DRIVERS\eamon.sys [2007-11-23 21:50]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-23 21:51]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\System32\DRIVERS\WrKPoET2000.sys [2004-09-16 17:56]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2004-09-16 17:56]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\System32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42]
S3 EhttpSrv;Eset HTTP Server;C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-11-23 21:53]
S3 FPD;Fine Point Packet Service;C:\WINDOWS\System32\drivers\fpd.sys [2003-04-04 15:07]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:44:07
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 17:45:04 - machine was rebooted


3 hijack

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:55:05, on 2007-12-22
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dllcache\msfav32.exe
E:\simon\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg   .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{629572AC-CC2B-4CA8-A00C-F8AD5120C074}: NameServer = 217.30.129.149 217.30.137.200
O20 - Winlogon Notify:  X -  X (file missing)
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Internet Connection Sharing Service (Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\system32\dllcache\msfav32.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE



[wojtas]

Otworz notatnik i wklej w nim to:

File
C:\WINDOWS\system32\furqqj.exe
C:\WINDOWS\system32\hdyhllu.exe
C:\WINDOWS\system32\Wseclayer.exe
C:\WINDOWS\system32\vtstr.exe
C:\WINDOWS\system32\RCX14.tmp
C:\WINDOWS\system32\ntzblrf.exe
C:\WINDOWS\system32\ntyfbor.exe
C:\WINDOWS\system32\ntyfbor .exe
C:\WINDOWS\system32\lzzndnxm.exe
C:\WINDOWS\system32\dpvejdwx.exe
C:\WINDOWS\system32\igfxsrvc32.exe
C:\WINDOWS\system32\ii
C:\WINDOWS\system32\prfvjpb .exe
C:\WINDOWS\system32\firewall .exe
C:\WINDOWS\system32\cgdcenb.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\xqqiyc.exe
C:\WINDOWS\system32\dmfnx.exe
C:\WINDOWS\system32\zbnir.exe
C:\WINDOWS\system32\load.exe
C:\WINDOWS\system32\hmjy.exe
C:\WINDOWS\system32\pmnnl.exe
C:\WINDOWS\system32\xrdf.exe
C:\WINDOWS\system32\iPod.exe
C:\WINDOWS\system32\RCX62.tmp
C:\WINDOWS\system32\rjrqggbq.exe
C:\WINDOWS\system32\vfdf.exe
C:\WINDOWS\system32\hifb.exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\iexplore .exe
C:\WINDOWS\system32\ridate .exe
C:\Documents and Settings\bedik\xing.exe
C:\Documents and Settings\bedik\tteryal.exe
C:\WINDOWS\system32\fds.pif
C:\WINDOWS\system32\sdfsdfs.exe
C:\WINDOWS\system32\Srb0ty.exe
C:\Documents and Settings\bedik\xlifefor.exeC:\Documents and Settings\bedik\ret7ail.exe
C:\Documents and Settings\bedik\o0s4odb1tf.exe
C:\WINDOWS\system32\ndates.exe
C:\WINDOWS\system32\cgdsfs.pif
C:\WINDOWS\cx.exe
C:\WINDOWS\system32\cx.exe
C:\WINDOWS\system32\cg.pif
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\x
C:\WINDOWS\system32\mcaffe.exe
C:\WINDOWS\system32\csdfsds.exe
C:\WINDOWS\system32\cxdsfsdfsds.exe
C:\WINDOWS\system32\Syst3m32.exe
C:\WINDOWS\system32\winhlp32.exe
C:\WINDOWS\system32\wmpstub.exe
C:\WINDOWS\system32\wextract.ex
C:\WINDOWS\system32\write.exe
C:\WINDOWS\system32\winver.exe
C:\WINDOWS\system32\wupdmgr.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wpnpinst.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winmsd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\tasklist.exe
C:\WINDOWS\system32\tlntsess.exe
C:\WINDOWS\system32\telnet.exe
C:\WINDOWS\system32\systeminfo.exe
C:\WINDOWS\system32\tlntadmn.exe
C:\WINDOWS\system32\w32tm.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\tscupgrd.exe
C:\WINDOWS\system32\unlodctr.exe
C:\WINDOWS\system32\typeperf.exe
C:\WINDOWS\system32\vssadmin.exe
C:\WINDOWS\system32\tracert6.exe
C:\WINDOWS\system32\systray.exe
C:\WINDOWS\system32\tracerpt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\tsshutdn.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\tskill.exe
C:\WINDOWS\system32\tsdiscon.exe
C:\WINDOWS\system32\tscon.exe
C:\WINDOWS\system32\taskman.exe
C:\WINDOWS\system32\upnpcont.exe
C:\WINDOWS\system32\tcmsetup.exe
C:\WINDOWS\system32\verifier.exe
C:\WINDOWS\system32\tracert.exe
C:\WINDOWS\system32\sfc.exe
C:\WINDOWS\system32\reset.exe
C:\WINDOWS\system32\subst.exe
C:\WINDOWS\system32\scrnsave.scr
C:\WINDOWS\system32\rtcshare.exe
C:\WINDOWS\system32\shrpubw.exe
C:\WINDOWS\system32\recover.exe
C:\WINDOWS\system32\ss3dfo.scr
C:\WINDOWS\system32\sigverif.exe
C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\rsopprov.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sspipes.scr
C:\WINDOWS\system32\rsm.exe
C:\WINDOWS\system32\rasphone.exe
C:\WINDOWS\system32\syncapp.exe
C:\WINDOWS\system32\reg.exe
C:\WINDOWS\system32\rsmui.exe
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\regwiz.exe
C:\WINDOWS\system32\sdbinst.exe
C:\WINDOWS\system32\syskey.exe
C:\WINDOWS\system32\ssflwbox.scr
C:\WINDOWS\system32\rcimlby.exe
C:\WINDOWS\system32\relog.exe
C:\WINDOWS\system32\regini.exe
C:\WINDOWS\system32\sc.exe
C:\WINDOWS\system32\sethc.exe
C:\WINDOWS\system32\regedt32.exe
C:\WINDOWS\system32\routemon.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\sort.exe
C:\WINDOWS\system32\qwinsta.exe
C:\WINDOWS\system32\shmgrate.exe
C:\WINDOWS\system32\stimon.exe
C:\WINDOWS\system32\setup.exe
C:\WINDOWS\system32\route.exe
C:\WINDOWS\system32\rcp.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\ssmarque.scr
C:\WINDOWS\system32\qprocess.exe
C:\WINDOWS\system32\ssbezier.scr
C:\WINDOWS\system32\shutdown.exe
C:\WINDOWS\system32\ssmyst.scr
C:\WINDOWS\system32\secedit.exe
C:\WINDOWS\system32\qappsrv.exe
C:\WINDOWS\system32\runas.exe
C:\WINDOWS\system32\rwinsta.exe
C:\WINDOWS\system32\shadow.exe
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\system32\rsh.exe
C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\sndrec32.exe
C:\WINDOWS\system32\replace.exe
C:\WINDOWS\system32\rexec.exe
C:\WINDOWS\system32\rdsaddin.exe
C:\WINDOWS\system32\schtasks.exe
C:\WINDOWS\system32\rasdial.exe
C:\WINDOWS\system32\furqqj.exe
C:\WINDOWS\system32\dllcache\msfav32.exe

Driver::
Windows Internet Connection Sharing

Folder::

C:\Program Files\dfdsfsd
C:\WINDOWS\system32\ksomik
C:\Program Files\dfrerter

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Network Firewall"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Winedows rpdate"=-
"MicroSoft Legal Syst3m32"=-
"Microsoft Winedows WinServ"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Legal Syst3m32"=-
"Microsoft Winedows WinServ"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ X]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[nomik]

wykonałem polecenia, oto logi:

1. combofix

ComboFix 07-12-21.4 - bedik 2007-12-22 18:26:44.2 - NTFSx86

Running from: C:\Documents and Settings\bedik\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\bedik\Pulpit\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\dfdsfsd
C:\Program Files\dfdsfsd\aliases.ini
C:\Program Files\dfdsfsd\cult.exe
C:\Program Files\dfdsfsd\gt.x
C:\Program Files\dfdsfsd\hd.exe
C:\Program Files\dfdsfsd\kiss.exe
C:\Program Files\dfdsfsd\knlps.sys
C:\Program Files\dfdsfsd\ksat.bat
C:\Program Files\dfdsfsd\law.x
C:\Program Files\dfdsfsd\mirc.ini
C:\Program Files\dfdsfsd\murd3r
C:\Program Files\dfdsfsd\murdEr.sys
C:\Program Files\dfdsfsd\nassor
C:\Program Files\dfdsfsd\orrl.exe
C:\Program Files\dfdsfsd\pingy.exe
C:\Program Files\dfdsfsd\ps2m.exe
C:\Program Files\dfdsfsd\remote.ini
C:\Program Files\dfdsfsd\repcale.exe
C:\Program Files\dfdsfsd\w.e
C:\Program Files\dfrerter
C:\Program Files\dfrerter\aliases.ini
C:\Program Files\dfrerter\cult.exe
C:\Program Files\dfrerter\gt.x
C:\Program Files\dfrerter\hd.exe
C:\Program Files\dfrerter\kiss.exe
C:\Program Files\dfrerter\knlps.sys
C:\Program Files\dfrerter\ksat.bat
C:\Program Files\dfrerter\law.x
C:\Program Files\dfrerter\lovely.sys
C:\Program Files\dfrerter\mirc.ini
C:\Program Files\dfrerter\murd3r
C:\Program Files\dfrerter\orrl.exe
C:\Program Files\dfrerter\pingy.exe
C:\Program Files\dfrerter\ps2m.exe
C:\Program Files\dfrerter\remote.ini
C:\Program Files\dfrerter\repcale.exe
C:\Program Files\dfrerter\w.e
C:\WINDOWS\system32\ksomik
C:\WINDOWS\system32\ksomik\106.reg
C:\WINDOWS\system32\ksomik\134.reg
C:\WINDOWS\system32\ksomik\140.reg
C:\WINDOWS\system32\ksomik\141.reg
C:\WINDOWS\system32\ksomik\179.reg
C:\WINDOWS\system32\ksomik\197.reg
C:\WINDOWS\system32\ksomik\286.reg
C:\WINDOWS\system32\ksomik\287.reg
C:\WINDOWS\system32\ksomik\307.reg
C:\WINDOWS\system32\ksomik\313.reg
C:\WINDOWS\system32\ksomik\335.reg
C:\WINDOWS\system32\ksomik\402.reg
C:\WINDOWS\system32\ksomik\429.reg
C:\WINDOWS\system32\ksomik\521.reg
C:\WINDOWS\system32\ksomik\534.reg
C:\WINDOWS\system32\ksomik\550.reg
C:\WINDOWS\system32\ksomik\580.reg
C:\WINDOWS\system32\ksomik\585.reg
C:\WINDOWS\system32\ksomik\604.reg
C:\WINDOWS\system32\ksomik\611.reg
C:\WINDOWS\system32\ksomik\614.reg
C:\WINDOWS\system32\ksomik\616.reg
C:\WINDOWS\system32\ksomik\617.reg
C:\WINDOWS\system32\ksomik\650.reg
C:\WINDOWS\system32\ksomik\675.reg
C:\WINDOWS\system32\ksomik\676.reg
C:\WINDOWS\system32\ksomik\691.reg
C:\WINDOWS\system32\ksomik\700.reg
C:\WINDOWS\system32\ksomik\707.reg
C:\WINDOWS\system32\ksomik\712.reg
C:\WINDOWS\system32\ksomik\736.reg
C:\WINDOWS\system32\ksomik\740.reg
C:\WINDOWS\system32\ksomik\743.reg
C:\WINDOWS\system32\ksomik\761.reg
C:\WINDOWS\system32\ksomik\785.reg
C:\WINDOWS\system32\ksomik\814.reg
C:\WINDOWS\system32\ksomik\845.reg
C:\WINDOWS\system32\ksomik\911.reg
C:\WINDOWS\system32\ksomik\919.reg
C:\WINDOWS\system32\ksomik\921.reg
C:\WINDOWS\system32\ksomik\938.reg
C:\WINDOWS\system32\ksomik\958.reg
C:\WINDOWS\system32\ksomik\981.reg
C:\WINDOWS\system32\ksomik\985.reg
C:\WINDOWS\system32\ksomik\aliases.ini
C:\WINDOWS\system32\ksomik\control.ini
C:\WINDOWS\system32\ksomik\cute
C:\WINDOWS\system32\ksomik\eyes
C:\WINDOWS\system32\ksomik\jenny
C:\WINDOWS\system32\ksomik\M!rc
C:\WINDOWS\system32\ksomik\mirc.ini
C:\WINDOWS\system32\ksomik\remote.ini
C:\WINDOWS\system32\ksomik\script3
C:\WINDOWS\system32\ksomik\servers.ini
C:\WINDOWS\system32\ksomik\cenzura-spam
C:\WINDOWS\system32\ksomik\systemac.dll
C:\WINDOWS\system32\ksomik\th7yax.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS_INTERNET_CONNECTION_SHARING
-------\Windows Internet Connection Sharing


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-22 18:16 . 2007-12-22 18:16 392,192 -r-hsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe
2007-12-22 17:54 . 2007-12-22 17:54 390,656 -r-hsc--- C:\WINDOWS\system32\dllcache\msfav32.exe
2007-12-22 17:47 . 2007-12-22 17:47 126,464 --ah----- C:\WINDOWS\system32\wejz.exe
2007-12-22 17:41 . 2007-12-22 17:41 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-22 17:32 . 2007-12-22 17:36 335,360 --a------ C:\WINDOWS\system32\vtstr.exe
2007-12-22 17:30 . 2007-12-22 17:30 2,294 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-22 17:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-22 17:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-22 17:29 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-22 17:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-22 17:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-22 17:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-22 17:26 . 2007-12-22 17:26 335,360 --a------ C:\WINDOWS\system32\RCX14.tmp
2007-12-22 17:23 . 2007-12-22 17:23 1,024 --ah----- C:\WINDOWS\system32\ntzblrf.exe
2007-12-22 17:22 . 2007-12-22 17:22 411,648 --ah----- C:\WINDOWS\system32\ntyfbor.exe
2007-12-22 17:22 . 2007-12-22 17:22 71,854 --a------ C:\WINDOWS\system32\ntyfbor .exe
2007-12-22 17:22 . 2007-12-22 17:22 59,773 --a------ C:\WINDOWS\system32\lzzndnxm.exe
2007-12-22 17:22 . 2007-12-22 17:22 59,607 --a------ C:\WINDOWS\system32\dpvejdwx.exe
2007-12-22 17:22 . 2007-12-22 17:48 55,380 --a------ C:\WINDOWS\system32\igfxsrvc32.exe
2007-12-22 17:21 . 2007-12-22 17:21 71,854 --a------ C:\WINDOWS\system32\prfvjpb .exe
2007-12-22 17:21 . 2007-12-22 17:24 71,854 --a------ C:\WINDOWS\system32\firewall .exe
2007-12-22 17:21 . 2007-12-22 17:23 23,552 --ah----- C:\WINDOWS\system32\cgdcenb.exe
2007-12-22 17:21 . 2007-12-22 18:13 71 --a------ C:\WINDOWS\system32\i
2007-12-22 17:12 . 2007-12-22 17:12 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-22 17:09 . 2007-12-22 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-22 17:09 . 2007-12-14 20:41 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-12-22 17:09 . 2007-12-14 20:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-12-22 17:09 . 2007-12-14 20:41 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-12-22 17:09 . 2007-12-14 20:41 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-22 17:09 . 2007-12-14 20:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-12-22 17:09 . 2007-12-14 20:41 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-22 15:55 . 2007-12-22 15:55 57,344 --a------ C:\WINDOWS\system32\xqqiyc.exe
2007-12-22 15:55 . 2007-12-22 15:55 57,344 --a------ C:\WINDOWS\system32\dmfnx.exe
2007-12-22 15:55 . 2007-12-22 15:55 20,480 --a------ C:\WINDOWS\system32\zbnir.exe
2007-12-22 15:39 . 2007-12-22 15:40 471,040 --a------ C:\WINDOWS\system32\load.exe
2007-12-22 15:36 . 2007-12-22 15:36 24,430 --a------ C:\WINDOWS\system32\hmjy.exe
2007-12-22 15:33 . 2007-12-22 17:17 335,360 --a------ C:\WINDOWS\system32\pmnnl.exe
2007-12-22 15:11 . 2007-12-22 15:11 24,430 --a------ C:\WINDOWS\system32\xrdf.exe
2007-12-22 15:10 . 2007-12-22 15:10 466,944 --a------ C:\WINDOWS\system32\iPod.exe
2007-12-22 12:15 . 2007-12-22 12:15 335,360 --a------ C:\WINDOWS\system32\RCX62.tmp
2007-12-22 12:03 . 2007-12-22 12:03 61,357 --a------ C:\WINDOWS\system32\rjrqggbq.exe
2007-12-22 12:03 . 2007-12-22 12:03 60,727 --a------ C:\WINDOWS\system32\vfdf.exe
2007-12-22 11:32 . 2007-12-22 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-22 11:17 . 2007-12-22 11:17 60,727 --a------ C:\WINDOWS\system32\hifb.exe
2007-12-22 11:05 . 2007-12-22 11:54 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-22 11:00 . 2007-12-22 15:53 71,854 --a------ C:\WINDOWS\system32\iexplore .exe
2007-12-22 10:59 . 2007-12-22 10:59 71,854 --a------ C:\WINDOWS\system32\ridate .exe
2007-12-21 12:17 . 2007-12-21 12:19 725,861 --a------ C:\WINDOWS\system32\fds.pif
2007-12-21 12:00 . 2007-12-21 12:00 992,082 --a------ C:\WINDOWS\system32\sdfsdfs.exe
2007-12-21 11:50 . 2007-12-21 11:52 94,208 --a------ C:\WINDOWS\system32\Srb0ty.exe
2007-12-20 18:47 . 2007-12-20 21:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-20 18:27 . 2007-12-20 18:27 <DIR> d-------- C:\Program Files\uTorrent
2007-12-20 18:26 . 2007-12-22 12:04 <DIR> d-------- C:\Documents and Settings\bedik\Dane aplikacji\uTorrent
2007-12-19 22:11 . 2007-12-19 22:11 502,784 --a------ C:\WINDOWS\system32\ndates.exe
2007-12-19 20:11 . 2007-12-19 20:11 991,310 --a------ C:\WINDOWS\system32\cgdsfs.pif
2007-12-19 19:59 . 2007-12-19 20:03 535,767 --a------ C:\WINDOWS\cx.exe
2007-12-19 19:59 . 2007-12-20 11:17 535,448 --a------ C:\WINDOWS\system32\cx.exe
2007-12-19 19:52 . 2007-12-19 19:54 991,310 --a------ C:\WINDOWS\system32\cg.pif
2007-12-19 19:19 . 2007-12-22 12:12 585,264 --a------ C:\WINDOWS\system32\hqghumea.dll
2007-12-19 19:19 . 2007-12-22 15:17 63 --a------ C:\WINDOWS\system32\x
2007-12-18 21:12 . 2007-12-18 21:12 992,082 --a------ C:\WINDOWS\system32\csdfsds.exe
2007-12-18 21:11 . 2007-12-18 21:11 992,082 --a------ C:\WINDOWS\system32\cxdsfsdfsds.exe
2007-12-18 19:03 . 2007-12-18 19:05 548,864 --a------ C:\WINDOWS\system32\Syst3m32.exe
2007-12-18 15:09 . 2007-12-18 15:09 81,920 ---hs---- C:\WINDOWS\system32\Wseclayer.exe
2007-12-16 23:11 . 2007-12-16 23:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-16 23:09 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 23:09 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 23:09 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 23:09 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-16 23:09 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 23:09 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 23:05 . 2007-12-16 23:05 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 23:05 . 2007-12-16 23:09 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 18:01 . 2007-12-16 18:01 221 --a------ C:\WINDOWS\NCLogConfig.ini
2007-12-16 17:58 . 2007-12-21 11:53 <DIR> d-------- C:\Documents and Settings\bedik\Dane aplikacji\Image Zone Express
2007-12-16 17:57 . 2007-12-16 17:57 <DIR> d---s---- C:\Documents and Settings\bedik\UserData
2007-12-16 17:48 . 2007-12-16 18:01 <DIR> d-------- C:\Documents and Settings\bedik\Dane aplikacji\HP
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-16 17:43 . 2006-01-03 18:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-12-16 17:43 . 2006-04-12 11:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-16 17:43 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-12-16 17:43 . 2006-04-12 11:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-16 17:43 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-16 17:43 . 2001-08-17 21:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-16 17:42 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-16 17:42 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-16 17:42 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-16 17:42 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-16 17:42 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-16 17:42 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-16 17:40 . 2007-12-22 18:08 <DIR> d-------- C:\Program Files\HP
2007-12-16 17:40 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-16 17:38 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-16 17:38 . 2001-08-17 22:00 24,832 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-16 17:36 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-16 17:36 . 2001-08-17 22:03 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-16 13:40 . 2007-12-22 18:28 <DIR> d-------- C:\Documents and Settings\bedik\Dane aplikacji\OpenOffice.org2
2007-12-16 13:38 . 2007-12-16 13:38 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-12-16 13:37 . 2007-12-16 13:37 <DIR> d-------- C:\Program Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 17:29 --------- d-----w C:\Program Files\DialNet
2007-12-22 16:48 16,768 ----a-w C:\WINDOWS\system32\tcpip_patcher.sys
2007-12-19 21:47 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
2007-12-19 21:47 77,824 ----a-w C:\WINDOWS\system32\wmpstub.exe
2007-12-19 21:47 61,440 ----a-w C:\WINDOWS\system32\wextract.exe
2007-12-19 21:47 5,632 ----a-w C:\WINDOWS\system32\write.exe
2007-12-19 21:47 4,096 ----a-w C:\WINDOWS\system32\winver.exe
2007-12-19 21:47 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2007-12-19 21:47 31,232 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-12-19 21:47 29,696 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2007-12-19 21:47 119,808 ----a-w C:\WINDOWS\system32\winmine.exe
2007-12-19 21:47 118,784 ----a-w C:\WINDOWS\system32\wscript.exe
2007-12-19 21:47 113,664 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-12-19 21:47 11,776 ----a-w C:\WINDOWS\system32\winmsd.exe
2007-12-19 21:46 74,752 ----a-w C:\WINDOWS\system32\taskkill.exe
2007-12-19 21:46 73,728 ----a-w C:\WINDOWS\system32\tasklist.exe
2007-12-19 21:46 72,192 ----a-w C:\WINDOWS\system32\tlntsess.exe
2007-12-19 21:46 72,192 ----a-w C:\WINDOWS\system32\telnet.exe
2007-12-19 21:46 70,144 ----a-w C:\WINDOWS\system32\systeminfo.exe
2007-12-19 21:46 54,272 ----a-w C:\WINDOWS\system32\tlntadmn.exe
2007-12-19 21:46 51,200 ----a-w C:\WINDOWS\system32\w32tm.exe
2007-12-19 21:46 46,592 ----a-w C:\WINDOWS\system32\utilman.exe
2007-12-19 21:46 40,448 ----a-w C:\WINDOWS\system32\tscupgrd.exe
2007-12-19 21:46 4,096 ----a-w C:\WINDOWS\system32\unlodctr.exe
2007-12-19 21:46 36,864 ----a-w C:\WINDOWS\system32\typeperf.exe
2007-12-19 21:46 33,792 ----a-w C:\WINDOWS\system32\vssadmin.exe
2007-12-19 21:46 32,256 ----a-w C:\WINDOWS\system32\tracert6.exe
2007-12-19 21:46 3,072 ----a-w C:\WINDOWS\system32\systray.exe
2007-12-19 21:46 232,448 ----a-w C:\WINDOWS\system32\tracerpt.exe
2007-12-19 21:46 19,456 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
2007-12-19 21:46 17,920 ----a-w C:\WINDOWS\system32\tsshutdn.exe
2007-12-19 21:46 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2007-12-19 21:46 16,384 ----a-w C:\WINDOWS\system32\tskill.exe
2007-12-19 21:46 15,360 ----a-w C:\WINDOWS\system32\tsdiscon.exe
2007-12-19 21:46 15,360 ----a-w C:\WINDOWS\system32\tscon.exe
2007-12-19 21:46 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
2007-12-19 21:46 14,848 ----a-w C:\WINDOWS\system32\upnpcont.exe
2007-12-19 21:46 13,312 ----a-w C:\WINDOWS\system32\tcmsetup.exe
2007-12-19 21:46 102,400 ----a-w C:\WINDOWS\system32\verifier.exe
2007-12-19 21:46 10,240 ----a-w C:\WINDOWS\system32\tracert.exe
2007-12-19 21:45 9,728 ----a-w C:\WINDOWS\system32\sfc.exe
2007-12-19 21:45 9,728 ----a-w C:\WINDOWS\system32\reset.exe
2007-12-19 21:45 9,216 ----a-w C:\WINDOWS\system32\subst.exe
2007-12-19 21:45 8,192 ----a-w C:\WINDOWS\system32\scrnsave.scr
2007-12-19 21:45 74,752 ----a-w C:\WINDOWS\system32\rtcshare.exe
2007-12-19 21:45 70,144 ----a-w C:\WINDOWS\system32\shrpubw.exe
2007-12-19 21:45 7,168 ----a-w C:\WINDOWS\system32\recover.exe
2007-12-19 21:45 671,744 ----a-w C:\WINDOWS\system32\ss3dfo.scr
2007-12-19 21:45 66,560 ----a-w C:\WINDOWS\system32\sigverif.exe
2007-12-19 21:45 638,976 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-12-19 21:45 62,976 ----a-w C:\WINDOWS\system32\rsopprov.exe
2007-12-19 21:45 61,952 ----a-w C:\WINDOWS\system32\rdshost.exe
2007-12-19 21:45 569,344 ----a-w C:\WINDOWS\system32\sspipes.scr
2007-12-19 21:45 54,272 ----a-w C:\WINDOWS\system32\rsm.exe
2007-12-19 21:45 54,272 ----a-w C:\WINDOWS\system32\rasphone.exe
2007-12-19 21:45 51,200 ----a-w C:\WINDOWS\system32\syncapp.exe
2007-12-19 21:45 51,200 ----a-w C:\WINDOWS\system32\reg.exe
2007-12-19 21:45 49,152 ----a-w C:\WINDOWS\system32\rsmui.exe
2007-12-19 21:45 43,008 ----a-w C:\WINDOWS\system32\ssmypics.scr
2007-12-19 21:45 41,984 ----a-w C:\WINDOWS\system32\rdpclip.exe
2007-12-19 21:45 4,608 ----a-w C:\WINDOWS\system32\regwiz.exe
2007-12-19 21:45 38,400 ----a-w C:\WINDOWS\system32\sdbinst.exe
2007-12-19 21:45 37,376 ----a-w C:\WINDOWS\system32\syskey.exe
2007-12-19 21:45 364,544 ----a-w C:\WINDOWS\system32\ssflwbox.scr
2007-12-19 21:45 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
2007-12-19 21:45 33,792 ----a-w C:\WINDOWS\system32\relog.exe
2007-12-19 21:45 33,792 ----a-w C:\WINDOWS\system32\regini.exe
2007-12-19 21:45 31,232 ----a-w C:\WINDOWS\system32\sc.exe
2007-12-19 21:45 30,208 ----a-w C:\WINDOWS\system32\sethc.exe
2007-12-19 21:45 3,584 ----a-w C:\WINDOWS\system32\regedt32.exe
2007-12-19 21:45 25,600 ----a-w C:\WINDOWS\system32\routemon.exe
2007-12-19 21:45 24,576 ----a-w C:\WINDOWS\system32\rsmsink.exe
2007-12-19 21:45 24,064 ----a-w C:\WINDOWS\system32\skeys.exe
2007-12-19 21:45 23,552 ----a-w C:\WINDOWS\system32\sort.exe
2007-12-19 21:45 22,528 ----a-w C:\WINDOWS\system32\qwinsta.exe
2007-12-19 21:45 21,504 ----a-w C:\WINDOWS\system32\shmgrate.exe
2007-12-19 21:45 20,992 ----a-w C:\WINDOWS\system32\stimon.exe
2007-12-19 21:45 20,992 ----a-w C:\WINDOWS\system32\setup.exe
2007-12-19 21:45 20,480 ----a-w C:\WINDOWS\system32\route.exe
2007-12-19 21:45 20,480 ----a-w C:\WINDOWS\system32\rcp.exe
2007-12-19 21:45 19,968 ----a-w C:\WINDOWS\system32\savedump.exe
2007-12-19 21:45 19,456 ----a-w C:\WINDOWS\system32\ssmarque.scr
2007-12-19 21:45 19,456 ----a-w C:\WINDOWS\system32\qprocess.exe
2007-12-19 21:45 18,944 ----a-w C:\WINDOWS\system32\ssbezier.scr
2007-12-19 21:45 18,944 ----a-w C:\WINDOWS\system32\shutdown.exe
2007-12-19 21:45 17,408 ----a-w C:\WINDOWS\system32\ssmyst.scr
2007-12-19 21:45 17,408 ----a-w C:\WINDOWS\system32\secedit.exe
2007-12-19 21:45 17,408 ----a-w C:\WINDOWS\system32\qappsrv.exe
2007-12-19 21:45 16,896 ----a-w C:\WINDOWS\system32\runas.exe
2007-12-19 21:45 16,384 ----a-w C:\WINDOWS\system32\rwinsta.exe
2007-12-19 21:45 15,360 ----a-w C:\WINDOWS\system32\shadow.exe
2007-12-19 21:45 139,264 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-12-19 21:45 13,824 ----a-w C:\WINDOWS\system32\rsh.exe
2007-12-19 21:45 13,312 ----a-w C:\WINDOWS\system32\ssstars.scr
2007-12-19 21:45 125,440 ----a-w C:\WINDOWS\system32\sndrec32.exe
2007-12-19 21:45 12,800 ----a-w C:\WINDOWS\system32\replace.exe
2007-12-19 21:45 12,288 ----a-w C:\WINDOWS\system32\rexec.exe
2007-12-19 21:45 12,288 ----a-w C:\WINDOWS\system32\rdsaddin.exe
2007-12-19 21:45 119,808 ----a-w C:\WINDOWS\system32\schtasks.exe
2007-12-19 21:45 11,776 ----a-w C:\WINDOWS\system32\rasdial.exe
2001-10-26 17:29 502,784 --sh--r C:\WINDOWS\system32\furqqj.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_17.44.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-22 16:43:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-22 17:16:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-22 16:43:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-22 17:16:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2007-12-22 16:43:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-22 17:16:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg .exe" []
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2007-12-14 22:02 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-14 22:02 C:\WINDOWS\system32\nwiz.exe]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" []
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2007-12-14 22:21]

C:\Documents and Settings\bedik\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ X]
X

R1 easdrv;easdrv;C:\WINDOWS\System32\DRIVERS\easdrv.sys [2007-11-23 21:50]
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-11-23 21:52]
R2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" [2007-12-22 18:16]
R2 eamon;EAMON;C:\WINDOWS\System32\DRIVERS\eamon.sys [2007-11-23 21:50]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-23 21:51]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\System32\DRIVERS\WrKPoET2000.sys [2004-09-16 17:56]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2004-09-16 17:56]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\System32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42]
S3 EhttpSrv;Eset HTTP Server;C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-11-23 21:53]
S3 FPD;Fine Point Packet Service;C:\WINDOWS\System32\drivers\fpd.sys [2003-04-04 15:07]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 18:29:55
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 18:30:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-22 17:45

Kod: Zaznacz wszystko


[b]
2. hijack

[quote]Logfile of HijackThis v1.99.1
Scan saved at 18:31:16, on 2007-12-22
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllcache\mravsc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\notepad.exe
E:\simon\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg   .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify:  X -  X (file missing)
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

[/quote]

[wojtas]

Wykonaj to co jest podane w tym temacie

Start => Uruchom => cmd =>

sc stop Distributed Allocated Memory Unit

enter

sc delete Distributed Allocated Memory Unit

enter


Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej

C:\WINDOWS\system32\dllcache\mravsc32.exe
C:\WINDOWS\system32\dllcache\msfav32.exe
C:\WINDOWS\system32\wejz.exe
C:\WINDOWS\system32\vtstr.exe
C:\WINDOWS\system32\RCX14.tmp
C:\WINDOWS\system32\ntzblrf.exe
C:\WINDOWS\system32\ntyfbor.exe
C:\WINDOWS\system32\ntyfbor .exe
C:\WINDOWS\system32\lzzndnxm.exe
C:\WINDOWS\system32\dpvejdwx.exe
C:\WINDOWS\system32\igfxsrvc32.exe
C:\WINDOWS\system32\prfvjpb .exe
C:\WINDOWS\system32\firewall .exe
C:\WINDOWS\system32\cgdcenb.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\xqqiyc.exe
C:\WINDOWS\system32\dmfnx.exe
C:\WINDOWS\system32\zbnir.exe
C:\WINDOWS\system32\load.exe
C:\WINDOWS\system32\hmjy.exe
C:\WINDOWS\system32\pmnnl.exe
C:\WINDOWS\system32\xrdf.exe
C:\WINDOWS\system32\iPod.exe
C:\WINDOWS\system32\RCX62.tmp
C:\WINDOWS\system32\rjrqggbq.exe
C:\WINDOWS\system32\vfdf.exe
C:\WINDOWS\system32\hifb.exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\iexplore .exe
C:\WINDOWS\system32\ridate .exe
C:\WINDOWS\system32\fds.pif
C:\WINDOWS\system32\sdfsdfs.exe
C:\WINDOWS\system32\Srb0ty.exe
C:\WINDOWS\system32\ndates.exe
C:\WINDOWS\system32\cgdsfs.pif
C:\WINDOWS\cx.exe
C:\WINDOWS\system32\cx.exe
C:\WINDOWS\system32\cg.pif
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\x
C:\WINDOWS\system32\csdfsds.exe
C:\WINDOWS\system32\cxdsfsdfsds.exe
C:\WINDOWS\system32\Syst3m32.exe
C:\WINDOWS\system32\Wseclayer.exe
C:\WINDOWS\system32\winhlp32.exe
C:\WINDOWS\system32\wmpstub.exe
C:\WINDOWS\system32\wextract.ex
C:\WINDOWS\system32\write.exe
C:\WINDOWS\system32\winver.exe
C:\WINDOWS\system32\wupdmgr.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wpnpinst.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winmsd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\tasklist.exe
C:\WINDOWS\system32\tlntsess.exe
C:\WINDOWS\system32\telnet.exe
C:\WINDOWS\system32\systeminfo.exe
C:\WINDOWS\system32\tlntadmn.exe
C:\WINDOWS\system32\w32tm.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\tscupgrd.exe
C:\WINDOWS\system32\unlodctr.exe
C:\WINDOWS\system32\typeperf.exe
C:\WINDOWS\system32\vssadmin.exe
C:\WINDOWS\system32\tracert6.exe
C:\WINDOWS\system32\systray.exe
C:\WINDOWS\system32\tracerpt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\tsshutdn.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\tskill.exe
C:\WINDOWS\system32\tsdiscon.exe
C:\WINDOWS\system32\tscon.exe
C:\WINDOWS\system32\taskman.exe
C:\WINDOWS\system32\upnpcont.exe
C:\WINDOWS\system32\tcmsetup.exe
C:\WINDOWS\system32\verifier.exe
C:\WINDOWS\system32\tracert.exe
C:\WINDOWS\system32\sfc.exe
C:\WINDOWS\system32\reset.exe
C:\WINDOWS\system32\subst.exe
C:\WINDOWS\system32\scrnsave.scr
C:\WINDOWS\system32\rtcshare.exe
C:\WINDOWS\system32\shrpubw.exe
C:\WINDOWS\system32\recover.exe
C:\WINDOWS\system32\ss3dfo.scr
C:\WINDOWS\system32\sigverif.exe
C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\rsopprov.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sspipes.scr
C:\WINDOWS\system32\rsm.exe
C:\WINDOWS\system32\rasphone.exe
C:\WINDOWS\system32\syncapp.exe
C:\WINDOWS\system32\reg.exe
C:\WINDOWS\system32\rsmui.exe
C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\regwiz.exe
C:\WINDOWS\system32\sdbinst.exe
C:\WINDOWS\system32\syskey.exe
C:\WINDOWS\system32\ssflwbox.scr
C:\WINDOWS\system32\rcimlby.exe
C:\WINDOWS\system32\relog.exe
C:\WINDOWS\system32\regini.exe
C:\WINDOWS\system32\sc.exe
C:\WINDOWS\system32\sethc.exe
C:\WINDOWS\system32\regedt32.exe
C:\WINDOWS\system32\routemon.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\sort.exe
C:\WINDOWS\system32\qwinsta.exe
C:\WINDOWS\system32\shmgrate.exe
C:\WINDOWS\system32\stimon.exe
C:\WINDOWS\system32\setup.exe
C:\WINDOWS\system32\route.exe
C:\WINDOWS\system32\rcp.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\ssmarque.scr
C:\WINDOWS\system32\qprocess.exe
C:\WINDOWS\system32\ssbezier.scr
C:\WINDOWS\system32\shutdown.exe
C:\WINDOWS\system32\ssmyst.scr
C:\WINDOWS\system32\secedit.exe
C:\WINDOWS\system32\qappsrv.exe
C:\WINDOWS\system32\runas.exe
C:\WINDOWS\system32\rwinsta.exe
C:\WINDOWS\system32\shadow.exe
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\system32\rsh.exe
C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\sndrec32.exe
C:\WINDOWS\system32\replace.exe
C:\WINDOWS\system32\rexec.exe
C:\WINDOWS\system32\rdsaddin.exe
C:\WINDOWS\system32\schtasks.exe
C:\WINDOWS\system32\rasdial.exe
C:\WINDOWS\system32\furqqj.exe

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Log po pracy programu zobaczymy w lokalizacji - C:\_OTMoveIt\MovedFiles
Po całej operacji należy zresetować komputer.

potem wklej do notatnika:

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ X]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


potem log z hijacka i combofixa

[nomik]

wracam z logami

1. hijack:

Logfile of HijackThis v1.99.1
Scan saved at 19:43, on 2007-12-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
E:\simon\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {20353C69-F4D7-45DA-814A-C4DEEC37C158} - C:\WINDOWS\System32\khhgg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: X - X (file missing)
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

2. combofix

ComboFix 07-12-21.4 - bedik 2007-12-22 19:53:00.5 - NTFSx86

Running from: C:\Documents and Settings\bedik\Pulpit\ComboFix.exe
.
/wow section - STAGE 4
/wow section - STAGE 30

nie wiem czemu ale tylko taki raport zostaje po skanowaniu combo..[code][/code]

[wojtas]

skasuj te wpisy:

O2 - BHO: (no name) - {20353C69-F4D7-45DA-814A-C4DEEC37C158} - C:\WINDOWS\System32\khhgg.dll (file missing)
O20 - Winlogon Notify: X - X (file missing)
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

to zamiast combo daj loga z
dss'a

[nomik]

podaje loga:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: Polish

CPU 0: Intel(R) Pentium(R) 4 CPU 1.70GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 127.48 MiB / 55.32 MiB
Pagefile Memory (total/avail): 307.7 MiB / 162.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 7.96 GiB total, 3.87 GiB free.
D: is Fixed (FAT32) - 14.64 GiB total, 5.99 GiB free.
E: is Fixed (FAT32) - 14.64 GiB total, 7.14 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400JB-00ENA0 - 37.27 GiB - 3 partitions
\PARTITION0 (bootable) - Instalowalny system plików - 7.96 GiB - C:
\PARTITION1 - Unknown - 14.65 GiB - D:
\PARTITION2 - Unknown - 14.65 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\bedik\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEDNAREK-R64PLP
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bedik
LOGONSERVER=\\BEDNAREK-R64PLP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bedik\USTAWI~1\Temp
TMP=C:\DOCUME~1\bedik\USTAWI~1\Temp
USERDOMAIN=BEDNAREK-R64PLP
USERNAME=bedik
USERPROFILE=C:\Documents and Settings\bedik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

bedik (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type3318 / Error
Event Submitted/Written: 12/23/2007 05:52:53 PM
Event ID/Source: 8193 / VSS
Event Description:
Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x80040206.

Event Record #/Type3317 / Error
Event Submitted/Written: 12/23/2007 05:52:53 PM
Event ID/Source: 4609 / EventSystem
Event Description:
Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd.

Event Record #/Type3174 / Warning
Event Submitted/Written: 12/22/2007 05:28:54 PM
Event ID/Source: 100 / WrRT
Event Description:
Warning: WR thread 4 was neglected. last idle call = 17203 ms, wake up request = 15000 ms..

Event Record #/Type3172 / Warning
Event Submitted/Written: 12/22/2007 05:28:29 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Wykrywanie produktu „{4EA684E9-5C81-4033-A696-3019EC57AC3A}”, funkcja „RedboxMM” nie powiodło się podczas żądania składnika „{8F4D65F4-EE60-4594-AB60-8A45F6DDE85A}”

Event Record #/Type3171 / Warning
Event Submitted/Written: 12/22/2007 05:28:29 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Wykrycie produktu „{4EA684E9-5C81-4033-A696-3019EC57AC3A}”, funkcja „RedboxMM”, składnik „{DBB25C86-C1BE-455C-897C-CE683F300BD8}” nie powiodło się. Zasób „C:\Program Files\HP\HP Software Update\hpwuSchd2.exe” nie istnieje.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2778 / Error
Event Submitted/Written: 12/23/2007 06:34:28 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Nie można załadować następujących sterowników startu rozruchowego lub systemowego:
Kxr62

Event Record #/Type2777 / Error
Event Submitted/Written: 12/23/2007 06:34:28 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Usługa Harmonogram zadań zakończyła działanie; wystąpił następujący błąd:
%%87

Event Record #/Type2770 / Error
Event Submitted/Written: 12/23/2007 06:32:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „”
w celu uruchomienia serwera:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2769 / Error
Event Submitted/Written: 12/23/2007 06:30:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi StiSvc z argumentami „”
w celu uruchomienia serwera:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type2768 / Error
Event Submitted/Written: 12/23/2007 06:25:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi StiSvc z argumentami „”
w celu uruchomienia serwera:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2007-12-23 18:41:54 ------------

[code][/code]

[wojtas]

wejdz na dysk C Deckard System Scanner i wklej loga z main.txt

[nomik]

podaje loga:

Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by bedik on 2007-12-23 18:35:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-23 17:35:39 UTC - RP1 - Punkt kontrolny systemu


Backed up registry hives.
Performed disk cleanup.

[color=red]Percentage of Memory in Use: 81% (more than 75%).[/color]
[color=red]Total Physical Memory: 128 MiB (512 MiB recommended).[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-23 18:38:17
Platform: Windows XP  (5.01.2600)
MSIE: Internet Explorer (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DialNet\WrOS.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Gadu-Gadu\gg  .exe
C:\Documents and Settings\bedik\Pulpit\dss.exe
C:\Program Files\uTorrent\uTorrent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {CA67AEC5-C1B8-493B-9648-FAADA5AED0D0} - C:\WINDOWS\system32\pmnnl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg  .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{629572AC-CC2B-4CA8-A00C-F8AD5120C074}: NameServer = 217.30.129.149 217.30.137.200
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.exe


--
End of file - 3561 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 TopWinPoETDriver (WinPoET PPPoE Optimized Driver) - c:\windows\system32\drivers\wrkpoet2000.sys
R3 WrKPoET2000 - c:\program files\dialnet\wrkpoet2000.sys

S3 catchme - c:\docume~1\bedik\ustawi~1\temp\catchme.sys (file missing)
S3 FPD (Fine Point Packet Service) - c:\windows\system32\drivers\fpd.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 WinPPPoverEthernet - c:\program files\dialnet\wros.exe <Not Verified; Fine Point Technologies, Inc.; Fine Point WROS>

S4 Distributed Allocated Memory Unit - "c:\windows\system32\dllcache\mravsc32.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler Uniwersalnej magistrali szeregowej (USB)
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_39811462&REV_01\3&13C0B0C5&0&EF
Manufacturer:
Name: Kontroler Uniwersalnej magistrali szeregowej (USB)
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_39811462&REV_01\3&13C0B0C5&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler magistrali zarządzania systemem
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_56611462&REV_01\3&13C0B0C5&0&FB
Manufacturer:
Name: Kontroler magistrali zarządzania systemem
PNP Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_56611462&REV_01\3&13C0B0C5&0&FB
Service:


-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 18:37:50         0 d-------- C:\hijack
2007-12-23 18:32:48    335360 --a------ C:\WINDOWS\System32\pmnnl.exe
2007-12-23 17:30:26         0 --ahs---- C:\WINDOWS\System32\.exe
2007-12-23 16:05:06     81920 ---hs---- C:\WINDOWS\System32\Wseclayer.exe
2007-12-23 16:04:32     81920 --a------ C:\WINDOWS\System32\hqghumea.dll
2007-12-22 21:39:44         0 d-------- C:\My Downloads
2007-12-22 21:39:41         0 d-------- C:\Program Files\BearShare
2007-12-22 19:58:26     12076 --ahs---- C:\WINDOWS\System32\lnnmp.ini2
2007-12-22 19:58:00    331776 -----n--- C:\WINDOWS\System32\pmnnl.dll
2007-12-22 18:58:25      9239 --ahs---- C:\WINDOWS\System32\gghhk.ini2
2007-12-22 18:58:22    337920 --a------ C:\WINDOWS\System32\khhgg.exe
2007-12-22 18:43:36     64902 --a------ C:\WINDOWS\System32\Isass .exe <Not Verified; ; csrss>
2007-12-22 18:42:13     24064 -ra------ C:\WINDOWS\System32\TFTP1972
2007-12-22 18:42:13         0 -ra------ C:\WINDOWS\System32\TFTP1524
2007-12-22 18:42:01     64902 --a------ C:\WINDOWS\System32\juwyzx .exe <Not Verified; ; csrss>
2007-12-22 17:41:48         0 d---s---- C:\WINDOWS\System32\Microsoft
2007-12-22 17:30:25      2294 --a------ C:\WINDOWS\System32\tmp.reg
2007-12-22 17:29:36     81920 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-22 17:29:35     25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2007-12-22 17:29:35    289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-22 17:29:31     51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-12-22 17:29:29    288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-22 17:29:22     53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-22 17:12:15         0 d-------- C:\WINDOWS\ERUNT
2007-12-20 18:27:12         0 d-------- C:\Program Files\uTorrent
2007-12-16 23:11:58         0 d-------- C:\Program Files\Common Files\Nero
2007-12-16 23:11:25    997888 --a------ C:\WINDOWS\System32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-12-16 23:11:25    892416 --a------ C:\WINDOWS\System32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-12-16 23:11:25   1111040 --a------ C:\WINDOWS\System32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-12-16 23:09:14    364544 -----n--- C:\WINDOWS\System32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-12-16 23:09:14    106496 --a------ C:\WINDOWS\System32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-12-16 23:09:06    471040 -----n--- C:\WINDOWS\System32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-12-16 23:09:06    262144 -----n--- C:\WINDOWS\System32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-12-16 23:09:06   1568768 -----n--- C:\WINDOWS\System32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-12-16 23:05:51         0 d-------- C:\Program Files\Common Files\Ahead
2007-12-16 23:05:49         0 d-------- C:\Program Files\Ahead
2007-12-16 17:44:41         0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-16 17:43:32     77824 -ra------ C:\WINDOWS\System32\HPZIDS01.dll
2007-12-16 17:43:30     48128 --a------ C:\WINDOWS\System32\hpzll054.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2007-12-16 17:42:31     57344 --a------ C:\WINDOWS\System32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-16 17:42:31     94208 --a------ C:\WINDOWS\System32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-16 17:42:31    204800 --a------ C:\WINDOWS\System32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2007-12-16 17:42:31     69632 --a------ C:\WINDOWS\System32\HPZipm12.exe <Not Verified; HP; HP PML>
2007-12-16 17:42:31     65536 --a------ C:\WINDOWS\System32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2007-12-16 17:42:31    282680 --a------ C:\WINDOWS\System32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2007-12-16 17:40:55         0 d-------- C:\Program Files\HP
2007-12-16 13:38:10         0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-12-16 13:37:29         0 d-------- C:\Program Files\Common Files\Java
2007-12-16 13:37:28         0 d-------- C:\Program Files\Java
2007-12-14 22:58:55         0 d-------- C:\Program Files\Gadu-Gadu
2007-12-14 22:32:40         0 d-------- C:\Program Files\IrfanView
2007-12-14 22:16:49         0 d-------- C:\WINDOWS\System32\appmgmt
2007-12-14 21:52:58         0 d-------- C:\!KillBox
2007-12-14 21:38:24         0 d-------- C:\VundoFix Backups
2007-12-14 21:36:19         0 d-------- C:\WINDOWS
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\WinSxS
2007-12-14 21:36:19         0 dr------- C:\WINDOWS\Web
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\twain_32
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\system32
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\wins
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\wbem
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\usmt
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\spool
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\ShellExt
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\Setup
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\ras
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\oobe
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\npp
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\mui
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\inetsrv
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\IME
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\icsxml
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\ias
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\export
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\drivers
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\drivers\etc
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-12-14 21:36:19         0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\dhcp
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\config
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\3com_dmi
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\3076
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\2052
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1054
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1045
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1042
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1041
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1037
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1033
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1031
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1028
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\System32\1025
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\system
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\security
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Resources
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\repair
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\mui
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\msapps
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\msagent
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Media
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\java
2007-12-14 21:36:19         0 d--h----- C:\WINDOWS\inf
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\ime
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Help
2007-12-14 21:36:19         0 dr--s---- C:\WINDOWS\Fonts
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Driver Cache
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Debug
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Cursors
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Connection Wizard
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\Config
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\AppPatch
2007-12-14 21:36:19         0 d-------- C:\WINDOWS\addins
2007-12-14 21:30:39      1158 --a------ C:\WINDOWS\mozver.dat
2007-12-14 21:25:46         0 --a------ C:\WINDOWS\nsreg.dat
2007-12-14 21:21:43     16768 --a------ C:\WINDOWS\System32\tcpip_patcher.sys <Not Verified; www.kceasy.com; KCeasy tcpip.sys patcher>
2007-12-14 21:20:59     71175 --ah----- C:\WINDOWS\System32\hdyhllu.exe <Not Verified; ; csrss>
2007-12-14 21:15:47     30336 --a------ C:\WINDOWS\System32\drivers\fpd.sys <Not Verified; Politecnico di Torino; NPF Driver>
2007-12-14 21:15:32   1056768 --a------ C:\WINDOWS\System32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2007-12-14 21:15:32     52214 --a------ C:\WINDOWS\System32\drivers\WrKPoET2000.sys
2007-12-14 21:15:30         0 d-------- C:\Program Files\DialNet
2007-12-14 21:15:28         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-14 21:10:09         0 d-------- C:\WINDOWS\ShellNew
2007-12-14 21:03:32     53248 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2007-12-14 21:03:31    654604 -ra------ C:\WINDOWS\System32\drivers\ALCXWDM.SYS <Not Verified; Avance Logic, Inc.; Windows (R) WDM driver for Avance AC'97 Audio>
2007-12-14 21:01:28         0 d-------- C:\WINDOWS\Profiles
2007-12-14 21:01:27         0 d-------- C:\Program Files\Common Files\Adobe
2007-12-14 21:01:23    306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-12-14 21:01:11         0 d-------- C:\Program Files\directx
2007-12-14 21:00:51         0 d-------- C:\WINDOWS\nview
2007-12-14 21:00:49         0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-12-14 21:00:42         0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-14 20:59:20         0 d--hs---- C:\WINDOWS\Installer
2007-12-14 20:58:17         0 d--hs---- C:\System Volume Information
2007-12-14 20:58:08         0 d-------- C:\WINDOWS\Prefetch
2007-12-14 20:54:01         0 d-------- C:\WINDOWS\System32\xircom
2007-12-14 20:54:01         0 d-------- C:\Program Files\microsoft frontpage
2007-12-14 20:53:19         0 -rahs---- C:\MSDOS.SYS
2007-12-14 20:53:19         0 -rahs---- C:\IO.SYS
2007-12-14 20:53:19         0 --a------ C:\CONFIG.SYS
2007-12-14 20:53:19         0 --a------ C:\AUTOEXEC.BAT
2007-12-14 20:51:43         0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-14 20:51:43         0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-14 20:51:13         0 d-------- C:\WINDOWS\srchasst
2007-12-14 20:51:02         0 d-------- C:\WINDOWS\System32\Macromed
2007-12-14 20:51:02         0 d-------- C:\WINDOWS\System32\DirectX
2007-12-14 20:50:46         0 d-------- C:\Program Files\Movie Maker
2007-12-14 20:50:09         0 d-------- C:\WINDOWS\System32\Restore
2007-12-14 20:50:06     32768 --a------ C:\WINDOWS\System32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-12-14 20:50:02         0 d-------- C:\WINDOWS\PCHEALTH
2007-12-14 20:49:53         0 d---s---- C:\WINDOWS\Tasks
2007-12-14 20:49:53      9728 --a------ C:\WINDOWS\System32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® - Harmonogram zadań>
2007-12-14 20:49:49         0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-14 20:48:56     21856 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-12-14 20:48:39         0 d-------- C:\WINDOWS\Registration
2007-12-14 20:48:31         0 d--h----- C:\Program Files\WindowsUpdate
2007-12-14 20:48:31         0 d-------- C:\Program Files\Usługi online
2007-12-14 20:48:23         0 d-------- C:\Program Files\Messenger
2007-12-14 20:48:11         0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-14 20:47:59    189952 --a------ C:\WINDOWS\System32\accwiz.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:58    118272 --a------ C:\WINDOWS\System32\mplay32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:56         0 d-------- C:\Program Files\Windows NT
2007-12-14 20:47:55    342016 --a------ C:\WINDOWS\System32\mspaint.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:48     99328 --a------ C:\WINDOWS\System32\clipbrd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:47     80896 --a------ C:\WINDOWS\System32\charmap.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:46    534016 --a------ C:\WINDOWS\System32\spider.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:46     57344 --a------ C:\WINDOWS\System32\sol.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:46    115200 --a------ C:\WINDOWS\System32\calc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:45    128000 --a------ C:\WINDOWS\System32\mshearts.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:45     55808 --a------ C:\WINDOWS\System32\freecell.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:43    131072 --a------ C:\WINDOWS\System32\sessmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:43    387072 --a------ C:\WINDOWS\System32\mstsc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:41     22528 --a------ C:\WINDOWS\System32\msg.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:40         0 d-------- C:\WINDOWS\System32\MsDtc
2007-12-14 20:47:40     15872 --a------ C:\WINDOWS\System32\logoff.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:47:38      6144 --a------ C:\WINDOWS\System32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-12-14 20:47:37      5120 --a------ C:\WINDOWS\System32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2007-12-14 20:47:37         0 d-------- C:\WINDOWS\System32\Com
2007-12-14 20:42:31         0 d-------- C:\Program Files\Common Files\ODBC
2007-12-14 20:42:27         0 dr------- C:\Program Files
2007-12-14 20:42:27         0 d-------- C:\Program Files\Common Files
2007-12-14 20:42:27         0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-14 20:42:05     15360 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:42:05     67072 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 20:41:43         0 d-------- C:\WINDOWS\System32\CatRoot2
2007-12-14 20:41:43         0 d-------- C:\WINDOWS\System32\CatRoot
2007-12-14 20:41:23         0 d-------- C:\Documents and Settings


-- Find3M Report ---------------------------------------------------------------

2007-12-23 18:40:54         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\uTorrent
2007-12-23 18:33:23         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\OpenOffice.org2
2007-12-23 17:49:39     13348 --a------ C:\Program Files\TMPPrison.Break.S03E09.HDTV.XviD-XOR.dat
2007-12-23 17:49:39     15947 --a------ C:\Program Files\TMPFilm o pszczołach. dubbing pl. avi..dat
2007-12-23 17:49:34     15947 --a------ C:\Program Files\TMPFilm o pszczołach. dubbing pl. avi..dat.bak
2007-12-23 17:49:32 734185472 --a------ C:\Program Files\TMPFilm o pszczołach. dubbing pl. avi..avi
2007-12-23 16:00:44     13348 --a------ C:\Program Files\TMPPrison.Break.S03E09.HDTV.XviD-XOR.dat.bak
2007-12-23 16:00:42 366776420 --a------ C:\Program Files\TMPPrison.Break.S03E09.HDTV.XviD-XOR.avi
2007-12-23 16:00:09     17356 --a------ C:\Program Files\TMPPrison.Break.S03E09.HDTV.XviD-XOR.tiger
2007-12-23 15:48:38      8992 --a------ C:\Program Files\TMPFilm o pszczołach. dubbing pl. avi..tiger
2007-12-22 17:17:36    355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-12-22 17:17:35     49712 --a------ C:\WINDOWS\System32\perfc015.dat
2007-12-21 11:53:26         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Image Zone Express
2007-12-19 22:47:05     61440 --a------ C:\WINDOWS\System32\wextract.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:45:50    104448 --a------ C:\WINDOWS\System32\sysocmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:45:19    103424 --a------ C:\WINDOWS\System32\rsnotify.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:45:10     11776 --a------ C:\WINDOWS\System32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:44:57     33792 --a------ C:\WINDOWS\System32\ping6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:56     14336 --a------ C:\WINDOWS\System32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:44:56     15360 --a------ C:\WINDOWS\System32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:44:56     22528 --a------ C:\WINDOWS\System32\pathping.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:55     53248 --a------ C:\WINDOWS\System32\packager.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:55     41472 --a------ C:\WINDOWS\System32\osuninst.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:55    212992 --a------ C:\WINDOWS\System32\osk.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:47     64000 --a------ C:\WINDOWS\System32\openfiles.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:45     32768 --a------ C:\WINDOWS\System32\odbcad32.exe <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2007-12-19 22:44:45    128512 --a------ C:\WINDOWS\System32\nwscript.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:43     31744 --a------ C:\WINDOWS\System32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:44:42     74752 --a------ C:\WINDOWS\System32\nslookup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:41     32256 --a------ C:\WINDOWS\System32\netstat.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:40    327680 --a------ C:\WINDOWS\System32\netsetup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:44:39    115200 --a------ C:\WINDOWS\System32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:44:38      4096 --a------ C:\WINDOWS\System32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:54     21504 --a------ C:\WINDOWS\System32\nbtstat.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:54     52736 --a------ C:\WINDOWS\System32\narrator.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:50      6656 --a------ C:\WINDOWS\System32\msswchx.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:49     24064 --a------ C:\WINDOWS\System32\mshta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:47     13824 --a------ C:\WINDOWS\System32\mrinfo.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:47     97792 --a------ C:\WINDOWS\System32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-12-19 22:43:47      4608 --a------ C:\WINDOWS\System32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-12-19 22:43:46     17408 --a------ C:\WINDOWS\System32\mqbkup.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-12-19 22:43:46     22016 --a------ C:\WINDOWS\System32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:45      8192 --a------ C:\WINDOWS\System32\mountvol.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:45    136192 --a------ C:\WINDOWS\System32\mobsync.exe <Not Verified; Microsoft Corporation; Menedżer synchronizacji firmy Microsoft>
2007-12-19 22:43:44     52224 --a------ C:\WINDOWS\System32\migpwd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:26     40960 --a------ C:\WINDOWS\System32\MAPISRVR.EXE <Not Verified; Microsoft Corporation; Microsoft Exchange>
2007-12-19 22:43:25     79360 --a------ C:\WINDOWS\System32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:25     68096 --a------ C:\WINDOWS\System32\magnify.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:25      8192 --a------ C:\WINDOWS\System32\lpr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:24      6144 --a------ C:\WINDOWS\System32\lpq.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:23     56832 --a------ C:\WINDOWS\System32\logman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:22      5120 --a------ C:\WINDOWS\System32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:21      9728 --a------ C:\WINDOWS\System32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:43:19     22528 --a------ C:\WINDOWS\System32\ipxroute.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:18     59904 --a------ C:\WINDOWS\System32\ipv6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:18     45056 --a------ C:\WINDOWS\System32\ipsec6.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:17     50688 --a------ C:\WINDOWS\System32\ipconfig.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:12      8192 --a------ C:\WINDOWS\System32\hostname.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:43:01     14848 --a------ C:\WINDOWS\System32\help.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:59     58368 --a------ C:\WINDOWS\System32\gpupdate.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:59    114688 --a------ C:\WINDOWS\System32\gpresult.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:58     56832 --a------ C:\WINDOWS\System32\getmac.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:14     62976 --a------ C:\WINDOWS\System32\fsutil.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:13      7168 --a------ C:\WINDOWS\System32\forcedos.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:13     19456 --a------ C:\WINDOWS\System32\fontview.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:12      3072 --a------ C:\WINDOWS\System32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:42:12      9728 --a------ C:\WINDOWS\System32\finger.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:11     26112 --a------ C:\WINDOWS\System32\findstr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:10      9216 --a------ C:\WINDOWS\System32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:42:09     14848 --a------ C:\WINDOWS\System32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:42:08     40960 --a------ C:\WINDOWS\System32\extrac32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:07     16384 --a------ C:\WINDOWS\System32\expand.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:06      9216 --a------ C:\WINDOWS\System32\eventvwr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:06     80896 --a------ C:\WINDOWS\System32\eventtriggers.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:05     49664 --a------ C:\WINDOWS\System32\eventcreate.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:05    179712 --a------ C:\WINDOWS\System32\eudcedit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:04     39424 --a------ C:\WINDOWS\System32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:42:01    786432 --a------ C:\WINDOWS\System32\dxdiag.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:42:00     15872 --a------ C:\WINDOWS\System32\dvdupgrd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:41:58     47104 --a------ C:\WINDOWS\System32\drwtsn32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:41:57     59392 --a------ C:\WINDOWS\System32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:41:57     18944 --a------ C:\WINDOWS\System32\dpnsvr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:41:56     26112 --a------ C:\WINDOWS\System32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:41:56     10752 --a------ C:\WINDOWS\System32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:41:56     14336 --a------ C:\WINDOWS\System32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2007-12-19 22:41:55      4608 --a------ C:\WINDOWS\System32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:41:55     18432 --a------ C:\WINDOWS\System32\diskperf.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:41:55    146944 --a------ C:\WINDOWS\System32\diskpart.exe <Not Verified; Microsoft Corporation; Aplikacja Diskpart firmy Microsoft Corporation>
2007-12-19 22:41:54     79360 --a------ C:\WINDOWS\System32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:41:53     73216 --a------ C:\WINDOWS\System32\dfrgfat.exe <Not Verified; Microsoft Corp. i Executive Software International, Inc.; Defragmentator dysków systemu Windows>
2007-12-19 22:41:53     27648 --a------ C:\WINDOWS\System32\ddeshare.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:40:01     17920 --a------ C:\WINDOWS\System32\compact.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:40:00     15872 --a------ C:\WINDOWS\System32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:59     55808 --a------ C:\WINDOWS\System32\cmstp.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2007-12-19 22:39:57     35840 --a------ C:\WINDOWS\System32\cmmon32.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2007-12-19 22:39:56     41472 --a------ C:\WINDOWS\System32\cmdl32.exe <Not Verified; Microsoft Corporation; Menedżer połączeń firmy Microsoft(R)>
2007-12-19 22:39:53     62464 --a------ C:\WINDOWS\System32\cleanmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:52      7680 --a------ C:\WINDOWS\System32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:51     45056 --a------ C:\WINDOWS\System32\cipher.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:51      8192 --a------ C:\WINDOWS\System32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:51     11264 --a------ C:\WINDOWS\System32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:50     11776 --a------ C:\WINDOWS\System32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:28     19456 --a------ C:\WINDOWS\System32\cacls.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:26      5120 --a------ C:\WINDOWS\System32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:26      4608 --a------ C:\WINDOWS\System32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 22:39:25    148480 --a------ C:\WINDOWS\System32\bootcfg.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:23     10240 --a------ C:\WINDOWS\System32\atmadm.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:23     23040 --a------ C:\WINDOWS\System32\at.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:22     33792 --a------ C:\WINDOWS\System32\asr_ldm.exe <Not Verified; Microsoft Corp.; Menedżer dysków logicznych dla systemu Windows NT>
2007-12-19 22:39:21     27136 --a------ C:\WINDOWS\System32\asr_fmt.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:21     19968 --a------ C:\WINDOWS\System32\arp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:19     84992 --a------ C:\WINDOWS\System32\ahui.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 22:39:18      4096 --a------ C:\WINDOWS\System32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2007-12-19 22:33:22     25600 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2007-12-19 21:01:20     29696 --a------ C:\WINDOWS\System32\lights.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 21:01:19      8192 --a------ C:\WINDOWS\System32\control.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 19:55:05     15872 --a------ C:\WINDOWS\System32\ping.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 19:35:50     60416 --a------ C:\WINDOWS\System32\driverquery.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-19 19:25:39      9216 --a------ C:\WINDOWS\System32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-18 21:35:41    109568 --a------ C:\WINDOWS\System32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2007-12-17 19:43:20     99840 --a------ C:\WINDOWS\System32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-17 19:43:20     13824 --a------ C:\WINDOWS\System32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-16 23:12:52     26624 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2007-12-16 23:05:04    268800 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 19:18:23     26624 --a------ C:\WINDOWS\System32\lnkstub.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 18:30:03     37888 --a------ C:\WINDOWS\System32\grpconv.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 18:01:41         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\HP
2007-12-16 17:43:08    416768 --a------ C:\WINDOWS\System32\wiaacmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 17:40:26     12288 --a------ C:\WINDOWS\System32\runonce.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 17:40:11     11264 --a------ C:\WINDOWS\System32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-16 15:44:22   1157120 --a------ C:\WINDOWS\System32\ntbackup.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 15:32:53    102400 --a------ C:\WINDOWS\System32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft (r) Windows Script Host>
2007-12-16 15:32:17    396288 --a------ C:\WINDOWS\System32\ntvdm.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 14:20:50    346624 --a------ C:\WINDOWS\System32\tourstart.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-16 13:37:18         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Sun
2007-12-14 23:29:47         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Gadu-Gadu
2007-12-14 22:33:45     67072 --a------ C:\WINDOWS\System32\notepad.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:30     10240 --a------ C:\WINDOWS\System32\regsvr32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:29    774656 --a------ C:\WINDOWS\System32\mmc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:27     13312 --a------ C:\WINDOWS\System32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:24    277504 --a------ C:\WINDOWS\System32\vssvc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:23     16384 --a------ C:\WINDOWS\System32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:23     62976 --a------ C:\WINDOWS\System32\tlntsvr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:22     87552 --a------ C:\WINDOWS\System32\smlogsvc.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:21     95744 --a------ C:\WINDOWS\System32\scardsvr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:21    132608 --a------ C:\WINDOWS\System32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:21     68096 --a------ C:\WINDOWS\System32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:18    109568 --a------ C:\WINDOWS\System32\netdde.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:12     42496 --a------ C:\WINDOWS\System32\ftp.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:21:12    205312 --a------ C:\WINDOWS\System32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Menedżer dysków logicznych dla systemu Windows NT>
2007-12-14 22:21:12     30720 --a------ C:\WINDOWS\System32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:11      5120 --a------ C:\WINDOWS\System32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:21:10     40960 --a------ C:\WINDOWS\System32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:20:21     77824 --a------ C:\WINDOWS\System32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2007-12-14 22:20:20    207360 --a------ C:\WINDOWS\System32\progman.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:09:41     63488 --a------ C:\WINDOWS\System32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2007-12-14 22:08:21    132608 --a------ C:\WINDOWS\System32\taskmgr.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:05:46    382976 --a------ C:\WINDOWS\System32\cmd.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:03:48     61440 --a------ C:\WINDOWS\System32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem>
2007-12-14 22:03:47     23040 --a------ C:\WINDOWS\System32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:03:47     45568 --a------ C:\WINDOWS\System32\proquota.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:02:55    219648 --a------ C:\WINDOWS\System32\logon.scr <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:02:54    504832 --a------ C:\WINDOWS\System32\logonui.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:02:53    118784 --a------ C:\WINDOWS\System32\imapi.exe <Not Verified; Microsoft Corporation; Moduł IMAPI>
2007-12-14 22:02:51     30208 --a------ C:\WINDOWS\System32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 22:02:48     31744 --a------ C:\WINDOWS\System32\rundll32.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:02:32     22016 --a------ C:\WINDOWS\System32\userinit.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 22:02:31     83968 --a------ C:\WINDOWS\System32\netsh.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>
2007-12-14 21:30:59         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Macromedia
2007-12-14 21:30:58         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Adobe
2007-12-14 21:25:41         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Mozilla
2007-12-14 21:15:20         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\InstallShield
2007-12-14 21:08:19         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Microsoft Web Folders
2007-12-14 20:59:17         0 d-------- C:\Documents and Settings\bedik\Dane aplikacji\Identities
2007-12-14 20:41:57        62 --ahs---- C:\Documents and Settings\bedik\Dane aplikacji\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA67AEC5-C1B8-493B-9648-FAADA5AED0D0}]
2007-12-22 19:58   331776   ---------   C:\WINDOWS\System32\pmnnl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2007-12-14 22:02 C:\WINDOWS\system32\nwiz.exe]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" []
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg  .exe" [2007-12-23 18:32]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" []

C:\Documents and Settings\bedik\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\pmnnl




-- End of Deckard's System Scanner: finished at 2007-12-23 18:41:54 ------------


[quote][/quote]

[wojtas]

zainstaluj;

http://www.programosy.pl/program,kerio-personal-firewall.html

Wykonales to co jest podane w tym temacie >???

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\System32\pmnnl.exe
C:\WINDOWS\System32\.exe
C:\WINDOWS\System32\Wseclayer.exe
C:\WINDOWS\System32\hqghumea.dll
C:\WINDOWS\System32\lnnmp.ini2
C:\WINDOWS\System32\pmnnl.dll
C:\WINDOWS\System32\gghhk.ini2
C:\WINDOWS\System32\khhgg.exe
C:\WINDOWS\System32\Isass .exe
C:\WINDOWS\System32\TFTP1972
C:\WINDOWS\System32\TFTP1524
C:\WINDOWS\System32\juwyzx .exe

Folder::
C:\WINDOWS\System32\TFTP1972
C:\WINDOWS\System32\TFTP1524

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania

zastosuj:

smitfraudfix z opcji 2

oraz te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

Potem nowy log z hijacka oraz combofixa

[nomik]

wykonałem wszystkie poleceni, a oto logi:

ComboFix

Kod: Zaznacz wszystko

ComboFix 07-12-21.4 - bedik 2007-12-24 16:31:24.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1250.1.1045.18.22 [GMT 1:00]
Running from: C:\Documents and Settings\bedik\Pulpit\ComboFix.exe
.
   /wow section - STAGE 4
   /wow section - STAGE 30


Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:48, on 2007-12-24
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {C9BFF8A4-0305-4972-B31E-3BA6C38913FC} - C:\WINDOWS\System32\pmnnl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg         .exe" /tray
O4 - HKCU\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{629572AC-CC2B-4CA8-A00C-F8AD5120C074}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

Kod: Zaznacz wszystko

[wojtas]

O2 - BHO: (no name) - {C9BFF8A4-0305-4972-B31E-3BA6C38913FC} - C:\WINDOWS\System32\pmnnl.dll

skasuj wpis w hijacku + pogrubiony wywal do kosza

daj loga z dss'a