proszę o sprawdzenie (mulenie, chwilowe utraty kontroli)

[STRINGER]

Witam!
ostatnio napotykają mnie dziwne rzeczy, poza całkowitym osłabieniem systemu, chwilami minimalizują mi się samoistnie okna albo niektóre literki przestają działać

combofix

Kod: Zaznacz wszystko

ComboFix 08-07-11.1 - Stringer 2008-07-11 20:59:15.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.696 [GMT 2:00]
Running from: D:\DOWNLOADS\bezpieczeństwo\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-11 to 2008-07-11  )))))))))))))))))))))))))))))))
.

2008-07-04 18:21 . 2008-07-04 18:21   <DIR>   dr-------   C:\DOC
2008-06-15 13:55 . 2008-06-15 13:55   <DIR>   d--------   C:\WINDOWS\Sun
2008-06-14 21:43 . 2008-06-14 21:42   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-14 21:43 . 2008-06-14 21:42   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 18:44   ---------   d-----w   C:\Program Files\Neostrada TP
2008-07-09 22:11   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\ContentGuard
2008-07-09 22:01   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\Any Video Converter
2008-07-09 21:49   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-06-14 19:42   ---------   d-----w   C:\Program Files\Java
2008-06-10 15:43   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\PowerChallenge
2008-05-31 14:13   25,888   ----a-w   C:\Documents and Settings\Stringer\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-05-16 18:25   ---------   d-----w   C:\Program Files\FlashGet
.

------- Sigcheck -------

2002-08-29 01:58  332928  244a2f9816bc9b593957281ef577d976   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 00:14  359040  6a603809f598332dbedd535bdbce313e   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2007-12-30_22.07.34,29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-20 16:19:46   1,740   -c----w   C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 00:32:34   2,816   -c----w   C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2002-09-20 16:06:02   184,320   -c----w   C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2002-09-20 16:18:00   286,720   -c----w   C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-10-26 18:03:24   22,016   -c----w   C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2002-09-20 16:06:02   132,096   -c----w   C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2008-02-25 21:04:26   7,680   ----a-w   C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-02-25 21:04:17   12,288   ----a-w   C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-02-25 21:04:27   33,792   ----a-w   C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-02-25 21:04:33   7,168   ----a-w   C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-02-25 21:04:28   32,768   ----a-w   C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-02-25 21:04:28   4,608   ----a-w   C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-02-25 21:04:28   26,112   ----a-w   C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-07-10 17:57:41   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-07-10 17:57:42   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-07-10 17:57:42   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-07-10 17:57:30   2,676,224   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:32   2,846,720   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:34   563,712   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:35   567,296   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:35   576,000   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:36   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:37   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:38   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:39   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:42   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-10 17:57:43   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-07-10 17:57:43   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-07-10 17:57:43   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-07-10 17:57:44   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-07-10 17:57:41   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-02-25 21:04:18   716,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-02-25 21:04:17   28,672   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-02-25 21:04:18   299,008   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-02-25 21:04:18   6,144   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-02-25 21:04:17   11,264   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-02-25 21:04:16   32,768   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-02-25 21:04:17   6,656   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-02-25 21:04:28   1,564,672   ----a-w   C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-02-25 21:04:33   32,768   ----a-w   C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-02-25 21:04:29   77,824   ----a-w   C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-02-25 21:04:34   299,008   ----a-w   C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-02-25 21:04:30   1,290,240   ----a-w   C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-02-25 21:04:30   1,699,840   ----a-w   C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-02-25 21:04:30   86,016   ----a-w   C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-02-25 21:04:30   65,536   ----a-w   C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-02-25 21:04:31   466,944   ----a-w   C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-02-25 21:04:30   241,664   ----a-w   C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-02-25 21:04:30   64,000   ----a-w   C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-02-25 21:04:31   368,640   ----a-w   C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-02-25 21:04:31   241,664   ----a-w   C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-02-25 21:04:31   323,584   ----a-w   C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-02-25 21:04:31   131,072   ----a-w   C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-02-25 21:04:31   77,824   ----a-w   C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-02-25 21:04:31   126,976   ----a-w   C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-02-25 21:04:33   819,200   ----a-w   C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-02-25 21:04:32   57,344   ----a-w   C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-02-25 21:04:32   569,344   ----a-w   C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-02-25 21:04:32   1,245,184   ----a-w   C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-02-25 21:04:32   2,039,808   ----a-w   C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-02-25 21:04:33   1,335,296   ----a-w   C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-02-25 21:04:31   1,216,512   ----a-w   C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-02-25 21:05:15   61,440   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_abc96671\CustomMarshalers.dll
+ 2008-02-25 21:05:19   3,289,088   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9879220b\mscorlib.dll
+ 2008-02-25 21:05:27   1,462,272   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_684a8c79\System.Design.dll
+ 2008-02-25 21:05:33   90,112   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_00c656b5\System.Drawing.Design.dll
+ 2008-02-25 21:05:36   835,584   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_040767cd\System.Drawing.dll
+ 2008-02-25 21:05:43   2,994,176   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2bbc6d70\System.Windows.Forms.dll
+ 2008-02-25 21:05:49   2,076,672   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_27cbe896\System.Xml.dll
+ 2008-02-25 21:05:32   1,929,216   ----a-w   C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3956f032\System.dll
+ 2008-07-11 18:42:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2007-10-11 07:43:52   259,784   ----a-w   C:\WINDOWS\Downloaded Program Files\PowerLoader.dll
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00   89,504   ----a-w   C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00   80,412   ----a-w   C:\WINDOWS\grep.exe
+ 2007-11-16 17:52:34   2,560   ----a-r   C:\WINDOWS\Installer\{90280415-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-12-07 17:57:24   2,862   ----a-r   C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\UninstallStartMenuSh_C1D76D7AF3BB47EAA7465B1E2FFC1DF2.exe
+ 2005-03-18 15:23:10   53,248   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10   12,800   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14   473,600   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 10:38:58   2,676,224   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:10   145,920   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 15:23:10   159,232   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 15:23:14   364,544   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 15:23:12   178,176   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 15:23:14   223,232   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 13:53:06   2,846,720   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54   563,712   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:14   567,296   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56   576,000   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34   577,024   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52   577,536   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50   577,536   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48   578,560   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50   578,560   ----a-w   C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2003-02-21 01:59:44   16,896   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 02:55:06   94,208   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 02:02:16   131,072   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 04:04:20   155,648   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 06:24:08   7,680   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 04:00:36   98,304   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 18:19:42   24,576   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 18:19:32   253,952   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 18:19:22   40,960   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 18:19:34   20,480   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 18:19:38   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 18:19:36   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 10:11:50   219,136   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 06:24:10   94,208   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 06:24:32   49,152   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-20 18:09:08   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 09:20:44   49,152   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 09:21:00   626,688   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 06:24:34   12,288   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 06:24:36   33,792   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 03:12:24   28,672   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 09:21:40   524,288   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 18:16:32   798,720   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-20 18:06:20   282,624   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 06:24:38   7,680   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 06:24:38   7,168   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 06:24:40   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 06:24:40   4,608   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-20 18:09:40   196,608   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 06:24:42   15,872   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 18:22:24   40,960   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 06:24:44   26,112   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 06:24:52   40,960   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 06:26:36   716,800   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 06:26:38   299,008   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 06:24:54   28,672   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 06:25:02   6,144   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 06:24:58   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 06:25:06   11,264   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 06:25:02   6,656   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 06:25:04   49,152   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 06:25:04   49,152   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 06:25:06   1,564,672   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-20 18:09:12   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-20 18:09:12   233,472   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-20 18:09:14   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 18:06:32   311,296   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 18:09:16   98,304   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 06:26:34   2,088,960   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 17:43:52   131,072   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 18:06:34   65,536   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 18:09:18   143,360   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 18:09:18   81,920   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 18:09:18   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 18:07:34   2,494,464   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 18:09:24   9,216   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-20 18:08:32   2,482,176   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 03:42:22   348,160   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 18:18:34   20,480   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 17:43:36   22,528   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\[u]0[/u]409\mscorsecr.dll
+ 2003-02-20 18:09:46   73,728   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 18:09:30   90,112   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 06:25:24   28,672   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 06:26:46   32,768   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 06:25:30   12,288   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-20 18:09:34   253,952   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 18:09:34   122,880   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 18:09:34   319,488   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 06:26:38   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 06:26:38   1,290,240   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 06:25:42   299,008   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 06:26:42   1,699,840   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 06:26:44   86,016   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 06:26:46   1,216,512   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 06:26:48   65,536   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 06:26:50   466,944   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 06:26:50   241,664   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-20 18:09:36   64,000   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 06:26:52   368,640   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 06:26:54   241,664   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 06:26:56   323,584   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 06:26:56   131,072   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 06:26:58   77,824   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 06:27:00   126,976   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 06:27:02   1,245,184   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 06:27:06   819,200   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 06:24:18   57,344   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 06:27:06   569,344   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 06:27:08   2,039,808   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 06:27:10   1,335,296   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 09:20:38   737,280   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 04:04:18   1,032,192   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-20 19:10:40   31,744   ----a-w   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-03-08 14:32:48   2,215   ----a-w   C:\WINDOWS\mozver.dat
+ 2000-08-31 06:00:00   28,672   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2007-11-16 17:14:57   2,724   ----a-w   C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2005-01-25 07:33:00   1,049,088   ----a-w   C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3.dll
+ 2005-02-10 20:04:00   44,032   ----a-w   C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3r.dll
+ 2000-08-31 06:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
+ 2004-08-03 23:56:48   1,788   ------w   C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-03 22:07:58   2,944   ------w   C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-03 23:44:32   188,416   ------w   C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2004-08-03 23:44:32   294,912   ------w   C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2004-08-03 23:44:32   23,552   ------w   C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
+ 2004-08-03 23:44:32   146,432   ------w   C:\WINDOWS\ServicePackFiles\i386\winspool.drv
+ 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00   136,704   ----a-w   C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00   212,480   ----a-w   C:\WINDOWS\swxcacls.exe
+ 1995-04-02 21:00:00   12,800   ----a-w   C:\WINDOWS\system\ACMCMPRS.DLL
+ 1995-04-02 21:00:00   14,208   ----a-w   C:\WINDOWS\system\CTL3D.DLL
+ 1995-04-02 21:00:00   18,384   ----a-w   C:\WINDOWS\system\DCISVGA.DRV
+ 1995-04-02 21:00:00   7,168   ----a-w   C:\WINDOWS\system\DISPDIB.DLL
+ 1995-04-02 21:00:00   65,408   ----a-w   C:\WINDOWS\system\ICCVID.DRV
+ 1995-04-02 21:00:00   77,664   ----a-w   C:\WINDOWS\system\IR21.DLL
+ 1995-04-02 21:00:00   151,056   ----a-w   C:\WINDOWS\system\IR32.DLL
+ 1995-04-02 21:00:00   50,016   ----a-w   C:\WINDOWS\system\IYVU9.DLL
+ 2001-08-17 21:36:34   2,000   ----a-w   C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-10-26 15:45:18   73,616   ----a-w   C:\WINDOWS\system\MCIAVI.DRV
+ 2001-10-26 15:45:18   25,296   ----a-w   C:\WINDOWS\system\MCISEQ.DRV
+ 2001-10-26 15:45:18   28,160   ----a-w   C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-17 21:36:40   2,032   ----a-w   C:\WINDOWS\system\MOUSE.DRV
+ 1995-04-02 21:00:00   49,616   ----a-w   C:\WINDOWS\system\MSACM.DLL
+ 1995-04-02 21:00:00   22,816   ----a-w   C:\WINDOWS\system\MSACM.DRV
+ 1995-04-02 21:00:00   11,776   ----a-w   C:\WINDOWS\system\MSRLE.DRV
+ 1995-04-02 21:00:00   43,520   ----a-w   C:\WINDOWS\system\MSVIDC.DRV
+ 2001-08-17 21:36:36   1,744   ----a-w   C:\WINDOWS\system\SOUND.DRV
+ 2001-08-17 21:36:30   3,360   ----a-w   C:\WINDOWS\system\SYSTEM.DRV
+ 2001-10-26 16:51:12   4,096   ----a-w   C:\WINDOWS\system\TIMER.DRV
+ 2001-08-17 21:36:40   2,176   ----a-w   C:\WINDOWS\system\VGA.DRV
+ 2001-08-17 21:36:54   13,600   ----a-w   C:\WINDOWS\system\WFWNET.DRV
+ 1994-12-05 21:00:00   92,208   ----a-w   C:\WINDOWS\system\WING.DLL
+ 1994-12-05 21:00:00   12,800   ----a-w   C:\WINDOWS\system\WING32.DLL
+ 1994-12-05 21:00:00   188,960   ----a-w   C:\WINDOWS\system\WINGDE.DLL
+ 1994-12-05 21:00:00   6,736   ----a-w   C:\WINDOWS\system\WINGDIB.DRV
+ 2004-08-03 23:44:32   146,432   ----a-w   C:\WINDOWS\system\winspool.drv
+ 1995-04-02 21:00:00   12,800   ----a-w   C:\WINDOWS\system32\ACMCMPRS.DLL
- 2007-12-04 13:04:28   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43   1,152,888   ----a-w   C:\WINDOWS\system32\aswBoot.exe
- 2007-12-04 12:54:04   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
+ 2001-08-17 21:36:36   10,544   ----a-w   C:\WINDOWS\system32\comm.drv
+ 1995-04-02 21:00:00   14,208   ----a-w   C:\WINDOWS\system32\CTL3D.DLL
+ 2004-08-03 23:56:48   1,788   ----a-w   C:\WINDOWS\system32\dcache.bin
+ 1995-04-02 21:00:00   18,384   ----a-w   C:\WINDOWS\system32\DCISVGA.DRV
+ 1995-04-02 21:00:00   7,168   ----a-w   C:\WINDOWS\system32\DISPDIB.DLL
- 2007-11-23 18:11:37   740,442   ----a-w   C:\WINDOWS\system32\DivX.dll
+ 2007-12-04 01:33:16   682,496   ----a-w   C:\WINDOWS\system32\divx.dll
+ 2004-08-03 23:44:00   21,504   -c--a-w   C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 21:02:20   9,600   -c--a-w   C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-17 21:36:34   2,000   -c--a-w   C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-10-26 17:27:00   2,560   -c--a-w   C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-10-26 15:45:18   73,616   -c--a-w   C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-10-26 15:45:18   25,296   -c--a-w   C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-10-26 15:45:18   28,160   -c--a-w   C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-10-26 15:57:56   12,160   -c--a-w   C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2001-08-17 21:36:40   2,032   -c--a-w   C:\WINDOWS\system32\dllcache\mouse.drv
+ 2005-01-25 07:33:00   1,049,088   -c--a-w   C:\WINDOWS\system32\dllcache\msxml3.dll
- 2001-10-26 17:28:36   48,128   -c--a-w   C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2005-02-10 20:04:00   44,032   -c--a-w   C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2001-08-17 21:47:40   2,944   -c--a-w   C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-17 21:36:36   1,744   -c--a-w   C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-17 21:36:30   3,360   -c--a-w   C:\WINDOWS\system32\dllcache\system.drv
+ 2001-10-26 16:51:12   4,096   -c--a-w   C:\WINDOWS\system32\dllcache\timer.drv
+ 2004-08-03 22:07:56   59,264   -c--a-w   C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-03 22:08:48   31,616   -c--a-w   C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2001-08-17 21:36:40   2,176   -c--a-w   C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-17 21:36:54   13,600   -c--a-w   C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-17 21:36:46   2,864   -c--a-w   C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-17 21:36:40   2,112   -c--a-w   C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-17 21:36:52   2,736   -c--a-w   C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2007-11-29 22:28:24   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
- 2007-12-04 14:49:02   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26   26,944   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06   20,560   ----a-w   C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2007-12-04 14:56:02   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
- 2007-12-04 14:55:46   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-12-04 14:53:39   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32   78,416   ----a-w   C:\WINDOWS\system32\drivers\aswSP.sys
- 2007-12-04 14:51:52   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-03 17:05:20   271,360   ----a-w   C:\WINDOWS\system32\drivers\atksgt.sys
+ 2004-08-03 22:07:58   2,944   ----a-w   C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-17 21:02:20   9,600   ----a-w   C:\WINDOWS\system32\drivers\hidusb.sys
+ 2008-05-03 17:05:19   18,048   ----a-w   C:\WINDOWS\system32\drivers\lirsgt.sys
+ 2001-10-26 15:57:56   12,160   ----a-w   C:\WINDOWS\system32\drivers\mouhid.sys
+ 2001-08-17 21:00:04   2,944   ----a-w   C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2001-08-17 21:47:40   2,944   ----a-w   C:\WINDOWS\system32\drivers\null.sys
+ 2008-03-21 18:13:54   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
- 2007-12-06 17:52:38   685,816   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
+ 2008-04-25 19:47:39   717,296   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
+ 2004-08-03 22:07:56   59,264   ----a-w   C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2004-08-03 22:08:48   31,616   ----a-w   C:\WINDOWS\system32\drivers\usbccgp.sys
- 2007-07-29 15:51:44   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
+ 2007-12-24 12:49:52   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
- 2007-12-21 12:13:12   120,544   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-29 11:31:41   134,872   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-03 23:44:00   21,504   ----a-w   C:\WINDOWS\system32\hidserv.dll
+ 2007-11-23 18:11:50   391,168   ----a-w   C:\WINDOWS\system32\i263_32.drv
+ 1995-04-02 21:00:00   65,408   ----a-w   C:\WINDOWS\system32\ICCVID.DRV
+ 1995-04-02 21:00:00   77,664   ----a-w   C:\WINDOWS\system32\IR21.DLL
+ 1995-04-02 21:00:00   151,056   ----a-w   C:\WINDOWS\system32\IR32.DLL
+ 1995-04-02 21:00:00   50,016   ----a-w   C:\WINDOWS\system32\IYVU9.DLL
- 2002-11-01 19:15:54   24,670   ------w   C:\WINDOWS\system32\java.exe
+ 2008-06-14 19:42:58   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2002-11-01 19:15:54   24,672   ------w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-14 19:42:58   139,264   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-14 19:42:58   143,360   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2001-08-17 21:36:34   2,000   ----a-w   C:\WINDOWS\system32\keyboard.drv
+ 2001-10-26 15:45:18   223,680   ----a-w   C:\WINDOWS\system32\lanman.drv
+ 2001-10-26 17:27:00   2,560   ----a-w   C:\WINDOWS\system32\lz32.dll
+ 2007-04-30 14:32:58   53,248   ----a-w   C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-05-02 10:32:04   182,512   ----a-w   C:\WINDOWS\system32\Macromed\Director\SwDir.dll
- 2007-06-11 12:34:00   2,115,816   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18   2,889,088   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 12:34:00   190,696   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20   218,496   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-15 07:01:14   70,264   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-04-30 15:11:28   585,728   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-04-30 14:08:40   1,490,944   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-04-30 14:30:38   24,576   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-04-30 14:05:32   606,208   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-04-30 15:11:22   339,968   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-04-30 15:11:24   483,328   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-04-30 15:11:30   180,224   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-05-02 10:31:46   383,216   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020022.exe
+ 2007-04-30 14:33:00   77,824   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-04-30 14:29:00   86,016   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-04-30 14:33:00   98,304   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 1999-06-25 08:55:30   149,504   ----a-w   C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 2001-10-26 15:45:18   73,616   ----a-w   C:\WINDOWS\system32\mciavi.drv
+ 2001-10-26 15:45:18   25,296   ----a-w   C:\WINDOWS\system32\mciseq.drv
+ 2001-10-26 15:45:18   28,160   ----a-w   C:\WINDOWS\system32\mciwave.drv
+ 2001-08-17 21:36:40   2,032   ----a-w   C:\WINDOWS\system32\mouse.drv
+ 1995-04-02 21:00:00   22,816   ----a-w   C:\WINDOWS\system32\MSACM.DRV
+ 2001-10-26 17:30:08   20,992   ----a-w   C:\WINDOWS\system32\msacm32.drv
+ 2004-08-03 23:44:32   188,416   ----a-w   C:\WINDOWS\system32\msh261.drv
+ 2004-08-03 23:44:32   294,912   ----a-w   C:\WINDOWS\system32\msh263.drv
+ 1995-04-02 21:00:00   11,776   ----a-w   C:\WINDOWS\system32\MSRLE.DRV
- 2004-08-03 23:44:06   1,392,671   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
+ 2004-04-12 16:27:08   1,386,496   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
+ 1995-04-02 21:00:00   43,520   ----a-w   C:\WINDOWS\system32\MSVIDC.DRV
- 2004-08-03 23:44:06   1,236,480   ----a-w   C:\WINDOWS\system32\msxml3.dll
+ 2005-01-25 07:33:00   1,049,088   ----a-w   C:\WINDOWS\system32\msxml3.dll
+ 2001-07-30 15:40:12   24,576   ----a-w   C:\WINDOWS\system32\msxml3a.dll
- 2001-10-26 17:28:36   48,128   ----a-w   C:\WINDOWS\system32\msxml3r.dll
+ 2005-02-10 20:04:00   44,032   ----a-w   C:\WINDOWS\system32\msxml3r.dll
+ 2003-02-20 17:43:36   4,096   ----a-w   C:\WINDOWS\system32\mui\[u]0[/u]409\mscoreer.dll
+ 2001-08-17 21:13:24   2,656   ----a-w   C:\WINDOWS\system32\netware.drv
- 2007-12-30 18:44:44   58,596   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-07-11 18:46:45   62,286   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2007-12-30 18:44:44   74,230   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-07-11 18:46:45   79,386   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2007-12-30 18:44:44   392,296   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-07-11 18:46:45   400,624   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2007-12-30 18:44:44   448,004   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-07-11 18:46:45   457,230   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-01-23 02:00:00   278,528   ----a-w   C:\WINDOWS\system32\pncrt.dll
+ 2008-01-23 02:00:00   6,656   ----a-w   C:\WINDOWS\system32\pndx5016.dll
+ 2008-01-23 02:00:00   5,632   ----a-w   C:\WINDOWS\system32\pndx5032.dll
+ 2008-02-07 19:42:09   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
+ 2008-03-21 18:13:47   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
- 2007-09-28 16:07:52   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
+ 2007-11-29 22:30:28   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
+ 2001-10-26 18:03:24   22,016   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]007\DriverFiles\i386\wdmaud.drv
+ 2008-01-23 02:00:00   185,688   ----a-w   C:\WINDOWS\system32\rmoc3260.dll
+ 2001-08-17 21:36:36   1,744   ----a-w   C:\WINDOWS\system32\sound.drv
- 2007-12-02 20:22:37   4,215,160   ----a-w   C:\WINDOWS\system32\SpoonUninstall.exe
+ 2008-04-08 20:08:07   4,230,520   ----a-w   C:\WINDOWS\system32\SpoonUninstall.exe
+ 2001-08-17 21:36:30   3,360   ----a-w   C:\WINDOWS\system32\system.drv
+ 2001-10-26 16:51:12   4,096   ----a-w   C:\WINDOWS\system32\timer.drv
+ 2003-02-21 04:16:08   49,152   ----a-w   C:\WINDOWS\system32\URTTEMP\regtlib.exe
+ 2001-08-17 21:36:40   2,176   ----a-w   C:\WINDOWS\system32\vga.drv
+ 2004-08-03 23:44:32   23,552   ----a-w   C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-17 21:36:54   13,600   ----a-w   C:\WINDOWS\system32\wfwnet.drv
+ 1994-12-05 21:00:00   92,208   ----a-w   C:\WINDOWS\system32\WING.DLL
+ 1994-12-05 21:00:00   12,800   ----a-w   C:\WINDOWS\system32\WING32.DLL
+ 1994-12-05 21:00:00   188,960   ----a-w   C:\WINDOWS\system32\WINGDE.DLL
+ 1994-12-05 21:00:00   6,736   ----a-w   C:\WINDOWS\system32\WINGDIB.DRV
+ 2001-08-17 21:36:46   2,864   ----a-w   C:\WINDOWS\system32\winsock.dll
+ 2004-08-03 23:44:32   146,432   ----a-w   C:\WINDOWS\system32\winspool.drv
+ 2001-08-17 21:36:40   2,112   ----a-w   C:\WINDOWS\system32\winspool.exe
+ 2001-08-17 21:36:52   2,736   ----a-w   C:\WINDOWS\system32\wowdeb.exe
- 2007-11-23 18:11:29   1,559,040   ----a-w   C:\WINDOWS\system32\xvidcore.dll
+ 2007-07-25 13:24:30   1,559,040   ----a-w   C:\WINDOWS\system32\xvidcore.dll
+ 2007-03-10 11:51:50   282,624   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
+ 2004-01-25 16:18:44   217,088   ----a-w   C:\WINDOWS\system32\yv12vfw.dll
+ 2008-07-11 18:42:46   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat
+ 2008-07-11 18:42:40   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat
+ 1997-01-18 09:40:30   299,520   ----a-w   C:\WINDOWS\uninst.exe
+ 2000-08-31 06:00:00   49,152   ----a-w   C:\WINDOWS\VFind.exe
+ 2005-09-22 21:49:12   95,744   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-22 23:16:02   1,093,632   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-22 23:16:06   1,079,808   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 23:16:08   69,632   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-22 23:16:10   57,344   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 22:58:06   40,960   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 22:58:06   45,056   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 22:58:06   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 22:58:06   57,344   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 22:58:06   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 22:58:06   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 22:58:06   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 22:58:06   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 22:58:06   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-22 23:35:10   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2000-08-31 06:00:00   68,096   ----a-w   C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 04:10 409600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22 7618560]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-14 21:43 148888]
"nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-06-14 21:42]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 21:03:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-11 21:05:47
ComboFix-quarantined-files.txt  2008-07-11 19:04:40
ComboFix2.txt  2007-12-30 21:08:33

Pre-Run: 1,860,497,408 bajtów wolnych
Post-Run: 1,934,073,856 bajtów wolnych

490


hijack

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:51:57, on 2008-07-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DOWNLOADS\bezpieczeństwo\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD9F595-D4A9-4B8D-B431-688F5D5AB797}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe



[Okocza]

logi są czyste.

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[STRINGER]

oki

Kod: Zaznacz wszystko


[b]SDFix: Version 1.204 [/b]
Run by Stringer on 2008-07-12 at 18:27

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:34:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f8,77,0f,3a,79,6b,6f,87,ea,7d,92,ea,70,de,c4,65,ca,9a,7e,91,a1,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,14,d5,20,f0,14,59,21,d9,3c,0e,1c,4d,e8,96,7c,02,fa,..
"khjeh"=hex:80,78,bf,a2,e8,74,61,f5,1f,e5,5e,f2,63,1a,13,79,05,f8,48,06,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:12,4c,eb,05,43,cb,dc,fd,08,9d,bb,e6,38,e1,84,77,0d,28,2f,d0,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:12,4c,eb,05,43,cb,dc,fd,08,9d,bb,e6,38,e1,84,77,0d,28,2f,d0,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f8,77,0f,3a,79,6b,6f,87,ea,7d,92,ea,70,de,c4,65,ca,9a,7e,91,a1,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,14,d5,20,f0,14,59,21,d9,3c,0e,1c,4d,e8,96,7c,02,fa,..
"khjeh"=hex:80,78,bf,a2,e8,74,61,f5,1f,e5,5e,f2,63,1a,13,79,05,f8,48,06,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:12,4c,eb,05,43,cb,dc,fd,08,9d,bb,e6,38,e1,84,77,0d,28,2f,d0,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:12,4c,eb,05,43,cb,dc,fd,08,9d,bb,e6,38,e1,84,77,0d,28,2f,d0,e9,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 20 Jan 2008        60,928 ...H. --- "C:\Documents and Settings\Stringer\Moje dokumenty\~WRL0005.tmp"
Sun 20 Jan 2008       115,712 ...H. --- "C:\Documents and Settings\Stringer\Moje dokumenty\~WRL0636.tmp"
Sun 20 Jan 2008       113,664 ...H. --- "C:\Documents and Settings\Stringer\Moje dokumenty\~WRL0933.tmp"
Sun 20 Jan 2008        64,512 ...H. --- "C:\Documents and Settings\Stringer\Moje dokumenty\~WRL1099.tmp"
Sun 20 Jan 2008       116,224 ...H. --- "C:\Documents and Settings\Stringer\Moje dokumenty\~WRL2787.tmp"

[b]Finished![/b]



combofix

Kod: Zaznacz wszystko

ComboFix 08-07-11.1 - Stringer 2008-07-12 18:43:43.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.637 [GMT 2:00]
Running from: D:\DOWNLOADS\bezpieczeństwo\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.

2008-07-12 18:25 . 2008-07-12 18:25   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-12 18:22 . 2008-07-12 18:36   <DIR>   d--------   C:\SDFix
2008-07-12 18:07 . 2008-07-12 18:06   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-04 18:21 . 2008-07-04 18:21   <DIR>   dr-------   C:\DOC
2008-06-15 13:55 . 2008-06-15 13:55   <DIR>   d--------   C:\WINDOWS\Sun
2008-06-14 21:43 . 2008-07-12 18:06   410,976   --a------   C:\WINDOWS\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 16:38   ---------   d-----w   C:\Program Files\Neostrada TP
2008-07-12 16:24   228   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-12 16:06   ---------   d-----w   C:\Program Files\Java
2008-07-09 22:11   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\ContentGuard
2008-07-09 22:01   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\Any Video Converter
2008-07-09 21:49   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-06-10 15:43   ---------   d-----w   C:\Documents and Settings\Stringer\Dane aplikacji\PowerChallenge
2008-05-31 14:13   25,888   ----a-w   C:\Documents and Settings\Stringer\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-05-16 18:25   ---------   d-----w   C:\Program Files\FlashGet
.

------- Sigcheck -------

2002-08-29 01:58  332928  244a2f9816bc9b593957281ef577d976   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 00:14  359040  6a603809f598332dbedd535bdbce313e   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2008-07-11_21.03.52.50   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 18:42:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-07-12 16:32:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-07-09 09:52:07   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-12 16:25:43   5,971,968   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-12 16:25:44   167,936   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-09 09:52:07   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-12 16:25:30   5,971,968   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-12 16:25:30   167,936   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-06-14 19:42:58   135,168   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-07-12 16:06:59   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2008-06-14 19:42:58   139,264   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-07-12 16:06:59   139,264   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2008-06-14 19:42:58   143,360   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2008-07-12 16:06:59   143,360   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2008-07-11 18:46:45   62,286   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-07-12 16:36:54   62,286   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-07-11 18:46:45   79,386   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-07-12 16:36:54   79,386   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-07-11 18:46:45   400,624   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-07-12 16:36:54   400,624   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-07-11 18:46:45   457,230   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-07-12 16:36:54   457,230   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-07-12 16:33:00   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
+ 2008-07-12 16:32:54   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 04:10 409600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22 7618560]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-07-12 18:06 148888]
"nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-07-12 18:06]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:47:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 18:50:23
ComboFix-quarantined-files.txt  2008-07-12 16:50:09
ComboFix2.txt  2008-07-11 19:05:50
ComboFix3.txt  2007-12-30 21:08:33

Pre-Run: 1,842,970,624 bajtów wolnych
Post-Run: 1,834,516,480 bajtów wolnych

111



hijack

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 18:42:16, on 2008-07-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DOWNLOADS\bezpieczeństwo\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD9F595-D4A9-4B8D-B431-688F5D5AB797}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




a i dziwna sprawa bo w ogóle nie działają mi literki: (tylko chwilami się uruchamiają)
g h

[Okocza]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem


czysto jest.

Autor postu otrzymał pochwałę

[Magik]

HJT na fix

Kod: Zaznacz wszystko

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab

poza tym nic ciekawego nie widac

Autor postu otrzymał pochwałę

[STRINGER]

oki, to już mi sie bardziej opłaca sformatować

z co z tymi literkami? dlaczeo tak się dzieje?

[Okocza]

ustawienia jakies moze klawiatura pada

[STRINGER]

zauważyłem, że jak jest ok to po uruchomieniu jakiegoś apletu javy, przestają działać
a i jeszcze kursor do góry

[Okocza]

próbowałes przeinstalowac jave bo mozliwe ze sie gryzie - poza tym klawiatura jaka

[STRINGER]

klawiatura dość stara ale nie było z nią nigdy problemów

próbowałem przeinstalować i wyczyściłem rejestr ale nic to nie dało
teraz w ogóle nie moge napisać literek musze kopiować z notatnika

moge jakoś zrestartować klawe i skróty na domyślne ??

[Okocza]

klawiatura dość stara

USB - PS2 jakis program do niej był najprędzej jest to umierająca klawiatura. Nie widac w logach nic co by przeszkadzało jej działaniu..
pozycz od kogos jakas i sprawdz.

[STRINGER]

ta jest na ps2, bez softu
kupie jakąs za 10 zł do sprawdzenia a potem zrobię sobie z niej półkę xD