proszę o sprawdzenie...

[Fever]

mialem ostatnio kilka problemow z wirusami, nie wiem czy do konca udalo mi sie je usunac, niby wszystko jest ok, a np. Moje Dokumenty uruchamiaja mi sie przy starcie, a w msconfig chyba tego nie ma... mozliwe tez ze sam namieszalem, gdyz nie jestem specem w tych sprawach. zwracam sie wiec do fachowcow zalaczajac logi:

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18:00:08, on 2007-07-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programy\Java\jre1.5.0_11\bin\jusched.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programy\K-Meleon\k-meleon.exe
D:\Programy\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.56.231.117:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] "C:\Program Files\Odkurzacz\odk_mcd.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E7A927-DDD4-4904-8C61-7B2D0A7636C2}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Silent Runners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Odkurzacz-MCD" = ""C:\Program Files\Odkurzacz\odk_mcd.exe"" ["Franmo Software"]
"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""D:\Programy\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Programy\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "C:\WINDOWS\svchost32.exe,C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe" [file not found], [MS], [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Pulpit\Różne\Zdjęcia i Filmy\Zdjęcia i Obrazki\my.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Pulpit\Różne\Zdjęcia i Filmy\Zdjęcia i Obrazki\my.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

będę wdzięcznu ze udzieloną mi pomoc...

[wojtas]

F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe

skasuj wpis + pogruiobny potem daj 2 nowe logi (silenta dales ucietego)

Autor postu otrzymał pochwałę

[Fever]

wybacz, faktycznie, nie zauwazylem


Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 22:06:16, on 2007-07-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programy\Java\jre1.5.0_11\bin\jusched.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\explorer.exe
D:\Programy\K-Meleon\k-meleon.exe
D:\Programy\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.56.231.117:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] "C:\Program Files\Odkurzacz\odk_mcd.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E7A927-DDD4-4904-8C61-7B2D0A7636C2}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Silent:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Odkurzacz-MCD" = ""C:\Program Files\Odkurzacz\odk_mcd.exe"" ["Franmo Software"]
"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""D:\Programy\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Programy\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Pulpit\Różne\Zdjęcia i Filmy\Zdjęcia i Obrazki\my.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Pulpit\Różne\Zdjęcia i Filmy\Zdjęcia i Obrazki\my.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "D:\Programy\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "D:\Programy\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 27 seconds, including 1 second for message boxes)

i jeszcze do tego przed chwila ni z tego ni z owego wyskoczyl bluescreen... nie wiem z jakiej okazji, wlaczony byl tylko winamp i gg...

[Dzi@dek]

Logi czyste.

Autor postu otrzymał pochwałę

[Fever]

dzięki wielkie...

i jeszcze jedno pytanko: aplikacja catchme.exe ma cos wspolnego z ComboFixem tudziez Gmerem czy to jednak wir?

[Lukesh]

Gmer - http://www.gmer.net/catchme.exe

[Dzi@dek]

catchme.exe

Robal przenoszący sie poprzez pendriva.

[Lukesh]

Przegladam, czytam i widze tylko informacje o tym, ze jest to plik, ktory nalezy do narzedzia wykrywajacego rootkity

[wojtas]

catchme.exe ma cos wspolnego z ComboFixem

daj loga z:(dla pewnosci)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Fever]

na necie wyczytalem ze jest to jakis modul ComboFixa albo Gmera, z tym ze jak mowi Tom@szek, wcale niekoniecznie, dlatego tu napisalem

bo oba te programy mam juz troche na kompie...
siedzi w C\Windows

"user" - 2007-07-10 14:16:37 Dodatek Service Pack 2
ComboFix 07-05.17.6.V - Running from: "D:\Programy\"


((((((((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-10 ))))))))))))))))))))))))))))))))))


2007-07-10 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Bluetooth
2007-07-10 01:57 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-10 01:14 <DIR> d-------- C:\Program Files\River Past
2007-07-10 01:14 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\River Past G5
2007-07-10 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\River Past G5
2007-07-02 11:09 298,496 --a------ C:\WINDOWS\uninst.exe
2007-07-02 11:09 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2007-06-28 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NFS Underground
2007-06-25 10:57 <DIR> d-------- C:\Program Files\k_meleon_1.1_pl
2007-06-25 10:52 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 10:52 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-25 10:52 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-25 10:52 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-25 10:52 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-06-25 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-25 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-25 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-24 21:19 <DIR> d-------- C:\Program Files\games
2007-06-24 16:17 924,432 --a------ C:\WINDOWS\system32\mfc40.dll
2007-06-24 16:17 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-06-24 16:17 90,112 --a------ C:\WINDOWS\system32\rsvpsp.dll
2007-06-24 16:17 9,728 --a------ C:\WINDOWS\system32\bdco1.dll
2007-06-24 16:17 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-06-24 16:17 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-06-24 16:17 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-24 16:17 880,128 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-06-24 16:17 86,528 --a------ C:\WINDOWS\system32\iassam.dll
2007-06-24 16:17 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-06-24 16:17 80,896 --a------ C:\WINDOWS\system32\faultrep.dll
2007-06-24 16:17 80,384 --a------ C:\WINDOWS\system32\iccvid.dll
2007-06-24 16:17 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-06-24 16:17 8,192 --a------ C:\WINDOWS\system32\psnppagn.dll
2007-06-24 16:17 8,192 --a------ C:\WINDOWS\system32\mqperf.dll
2007-06-24 16:17 8,192 --a------ C:\WINDOWS\system32\asferror.dll
2007-06-24 16:17 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-06-24 16:17 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-06-24 16:17 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-06-24 16:17 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-06-24 16:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-06-24 16:17 7,680 --a------ C:\WINDOWS\system32\mll_mtf.dll
2007-06-24 16:17 7,680 --a------ C:\WINDOWS\system32\kbdsmsno.dll
2007-06-24 16:17 7,680 --a------ C:\WINDOWS\system32\kbdsmsfi.dll
2007-06-24 16:17 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2007-06-24 16:17 7,311,360 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-24 16:17 7,168 --a------ C:\WINDOWS\system32\kbdno1.dll
2007-06-24 16:17 7,168 --a------ C:\WINDOWS\system32\kbdfi1.dll
2007-06-24 16:17 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-06-24 16:17 69,552 --a------ C:\WINDOWS\system32\mmsystem.dll
2007-06-24 16:17 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-06-24 16:17 68,608 --a------ C:\WINDOWS\system32\digest.dll
2007-06-24 16:17 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-06-24 16:17 660,992 --a------ C:\WINDOWS\system32\mqqm.dll
2007-06-24 16:17 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-06-24 16:17 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2007-06-24 16:17 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-06-24 16:17 62,976 --a------ C:\WINDOWS\system32\dsauth.dll
2007-06-24 16:17 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-06-24 16:17 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-06-24 16:17 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-06-24 16:17 606,720 --a------ C:\WINDOWS\system32\wsecedit.dll
2007-06-24 16:17 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdsg.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdpl.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdla.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-06-24 16:17 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdsw.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdsp.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdsf.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdpo.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdno.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdne.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdmlt48.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdmlt47.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdic.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdgr1.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdgr.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdfr.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdfo.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdfi.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdfc.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdes.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdda.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdca.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdbr.dll
2007-06-24 16:17 6,144 --a------ C:\WINDOWS\system32\kbdbe.dll
2007-06-24 16:17 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-06-24 16:17 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-06-24 16:17 55,808 --a------ C:\WINDOWS\system32\wmiscmgr.dll
2007-06-24 16:17 55,296 --a------ C:\WINDOWS\system32\sendmail.dll
2007-06-24 16:17 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-24 16:17 54,784 --a------ C:\WINDOWS\system32\ixsso.dll
2007-06-24 16:17 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-06-24 16:17 52,224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2007-06-24 16:17 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-06-24 16:17 50,176 --a------ C:\WINDOWS\system32\mdhcp.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\perfnw.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdus.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbduk.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdpl1.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdit.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdir.dll
2007-06-24 16:17 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-06-24 16:17 5,120 --a------ C:\WINDOWS\system32\shell.dll
2007-06-24 16:17 5,120 --a------ C:\WINDOWS\system32\kbddv.dll
2007-06-24 16:17 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-06-24 16:17 49,179 --a------ C:\WINDOWS\system32\sqlwoa.dll
2007-06-24 16:17 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-06-24 16:17 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-06-24 16:17 463,872 --a------ C:\WINDOWS\system32\wiadefui.dll
2007-06-24 16:17 46,592 --a------ C:\WINDOWS\system32\tcpmonui.dll
2007-06-24 16:17 42,496 --a------ C:\WINDOWS\system32\msports.dll
2007-06-24 16:17 41,472 --a------ C:\WINDOWS\system32\cmutil.dll
2007-06-24 16:17 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-06-24 16:17 4,656 --a------ C:\WINDOWS\system32\ds16gt.dLL
2007-06-24 16:17 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-06-24 16:17 4,096 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-06-24 16:17 399,872 --a------ C:\WINDOWS\system32\lmrt.dll
2007-06-24 16:17 39,936 --a------ C:\WINDOWS\system32\ntmsevt.dll
2007-06-24 16:17 39,424 --a------ C:\WINDOWS\system32\ddeml.dll
2007-06-24 16:17 36,864 --a------ C:\WINDOWS\system32\ntsdexts.dll
2007-06-24 16:17 36,352 --a------ C:\WINDOWS\system32\umandlg.dll
2007-06-24 16:17 354,816 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2007-06-24 16:17 35,840 --a------ C:\WINDOWS\system32\NVCOI.DLL
2007-06-24 16:17 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-24 16:17 35,328 --a------ C:\WINDOWS\system32\pifmgr.dll
2007-06-24 16:17 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-06-24 16:17 35,328 --a------ C:\WINDOWS\system32\corpol.dll
2007-06-24 16:17 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-06-24 16:17 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-06-24 16:17 33,040 --a------ C:\WINDOWS\system32\dplay.dll
2007-06-24 16:17 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2007-06-24 16:17 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-06-24 16:17 30,720 --a------ C:\WINDOWS\system32\plustab.dll
2007-06-24 16:17 3,584 --a------ C:\WINDOWS\system32\iprop.dll
2007-06-24 16:17 3,072 --a------ C:\WINDOWS\system32\rnr20.dll
2007-06-24 16:17 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-06-24 16:17 29,696 --a------ C:\WINDOWS\system32\sendcmsg.dll
2007-06-24 16:17 285,696 --a------ C:\WINDOWS\system32\atmfd.dll
2007-06-24 16:17 285,184 --a------ C:\WINDOWS\system32\glmf32.dll
2007-06-24 16:17 280,064 --a------ C:\WINDOWS\system32\neth.dll
2007-06-24 16:17 28,719 --a------ C:\WINDOWS\system32\jspl.dll
2007-06-24 16:17 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-06-24 16:17 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-24 16:17 263,680 --a------ C:\WINDOWS\system32\adsnt.dll
2007-06-24 16:17 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-06-24 16:17 26,624 --a------ C:\WINDOWS\system32\perfdisk.dll
2007-06-24 16:17 253,440 --a------ C:\WINDOWS\system32\compatUI.dll
2007-06-24 16:17 252,416 --a------ C:\WINDOWS\system32\iassdo.dll
2007-06-24 16:17 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-06-24 16:17 25,600 --a------ C:\WINDOWS\system32\mslbui.dll
2007-06-24 16:17 240,128 --a------ C:\WINDOWS\system32\dsquery.dll
2007-06-24 16:17 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-24 16:17 24,624 --a------ C:\WINDOWS\system32\vbspl.dll
2007-06-24 16:17 230,400 --a------ C:\WINDOWS\system32\compstui.dll
2007-06-24 16:17 23,552 --a------ C:\WINDOWS\system32\WMDMPS.dll
2007-06-24 16:17 23,552 --a------ C:\WINDOWS\system32\mciwave.dll
2007-06-24 16:17 225,280 --a------ C:\WINDOWS\system32\mqoa.dll
2007-06-24 16:17 223,232 --a------ C:\WINDOWS\system32\localsec.dll
2007-06-24 16:17 22,528 --a------ C:\WINDOWS\system32\rasmxs.dll
2007-06-24 16:17 22,016 --a------ C:\WINDOWS\system32\rpcns4.dll
2007-06-24 16:17 22,016 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-06-24 16:17 204,800 --a------ C:\WINDOWS\system32\INKED.DLL
2007-06-24 16:17 204,288 --a------ C:\WINDOWS\system32\fdco1.dll
2007-06-24 16:17 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-06-24 16:17 2,864 --a------ C:\WINDOWS\system32\winsock.dll
2007-06-24 16:17 2,560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-06-24 16:17 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-24 16:17 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-06-24 16:17 19,200 --a------ C:\WINDOWS\system32\tapi.dll
2007-06-24 16:17 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-06-24 16:17 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-06-24 16:17 187,392 --a------ C:\WINDOWS\system32\netmsg.dll
2007-06-24 16:17 186,880 --a------ C:\WINDOWS\system32\mqtrig.dll
2007-06-24 16:17 18,944 --a------ C:\WINDOWS\vmmreg32.dll
2007-06-24 16:17 18,432 --a------ C:\WINDOWS\system32\dmintf.dll
2007-06-24 16:17 177,152 --a------ C:\WINDOWS\system32\mqrt.dll
2007-06-24 16:17 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-06-24 16:17 17,408 --a------ C:\WINDOWS\system32\mcicda.dll
2007-06-24 16:17 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-06-24 16:17 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-06-24 16:17 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-06-24 16:17 16,896 --a------ C:\WINDOWS\system32\vss_ps.dll
2007-06-24 16:17 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2007-06-24 16:17 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-06-24 16:17 155,136 --a------ C:\WINDOWS\system32\modemui.dll
2007-06-24 16:17 152,064 --a------ C:\WINDOWS\system32\datime.dll
2007-06-24 16:17 15,872 --a------ C:\WINDOWS\system32\sysinv.dll
2007-06-24 16:17 14,336 --a------ C:\WINDOWS\system32\serialui.dll
2007-06-24 16:17 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-06-24 16:17 139,264 --a------ C:\WINDOWS\system32\ifmon.dll
2007-06-24 16:17 138,240 --a------ C:\WINDOWS\system32\mqad.dll
2007-06-24 16:17 13,824 --a------ C:\WINDOWS\system32\senscfg.dll
2007-06-24 16:17 13,312 --a------ C:\WINDOWS\system32\win87em.dll
2007-06-24 16:17 13,312 --a------ C:\WINDOWS\system32\verifier.dll
2007-06-24 16:17 13,312 --a------ C:\WINDOWS\system32\sigtab.dll
2007-06-24 16:17 126,464 --a------ C:\WINDOWS\system32\dmdskres.dll
2007-06-24 16:17 124,928 --a------ C:\WINDOWS\system32\wiadss.dll
2007-06-24 16:17 124,928 --a------ C:\WINDOWS\system32\input.dll
2007-06-24 16:17 123,904 --a------ C:\WINDOWS\system32\glu32.dll
2007-06-24 16:17 12,800 --a------ C:\WINDOWS\system32\rasser.dll
2007-06-24 16:17 12,288 --a------ C:\WINDOWS\system32\perfts.dll
2007-06-24 16:17 119,808 --a------ C:\WINDOWS\system32\iasrad.dll
2007-06-24 16:17 118,784 --a------ C:\WINDOWS\system32\mdminst.dll
2007-06-24 16:17 118,272 --a------ C:\WINDOWS\system32\t2embed.dll
2007-06-24 16:17 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-06-24 16:17 114,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-06-24 16:17 111,104 --a------ C:\WINDOWS\system32\wiavideo.dll
2007-06-24 16:17 11,776 --a------ C:\WINDOWS\system32\localui.dll
2007-06-24 16:17 109,568 --a------ C:\WINDOWS\system32\cic.dll
2007-06-24 16:17 109,568 --a------ C:\WINDOWS\system32\adsnw.dll
2007-06-24 16:17 108,480 --a------ C:\WINDOWS\system32\netapi.dll
2007-06-24 16:17 106,496 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-24 16:17 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-06-24 16:17 10,752 --a------ C:\WINDOWS\system32\mqcertui.dll
2007-06-24 16:17 10,496 --a------ C:\WINDOWS\system32\mcdsrv32.dll
2007-06-24 16:17 10,240 --a------ C:\WINDOWS\system32\panmap.dll
2007-06-24 16:17 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2007-06-24 16:17 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-06-24 16:17 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2007-06-24 16:17 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-06-24 16:17 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-06-24 16:17 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-06-24 16:17 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-06-24 16:16 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-24 16:16 92,160 --a------ C:\WINDOWS\system32\ntprint.dll
2007-06-24 16:16 90,112 --a------ C:\WINDOWS\system32\mycomput.dll
2007-06-24 16:16 9,728 --a------ C:\WINDOWS\system32\bdco1ins.dll
2007-06-24 16:16 9,216 --a------ C:\WINDOWS\system32\iissuba.dll
2007-06-24 16:16 89,088 --a------ C:\WINDOWS\system32\rasauto.dll
2007-06-24 16:16 89,088 --a------ C:\WINDOWS\system32\mqlogmgr.dll
2007-06-24 16:16 88,064 --a------ C:\WINDOWS\system32\ipxmontr.dll
2007-06-24 16:16 88,064 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-06-24 16:16 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2007-06-24 16:16 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-06-24 16:16 84,992 --a------ C:\WINDOWS\system32\mciavi32.dll
2007-06-24 16:16 84,992 --a------ C:\WINDOWS\system32\cabview.dll
2007-06-24 16:16 8,192 --a------ C:\WINDOWS\system32\qosname.dll
2007-06-24 16:16 8,192 --a------ C:\WINDOWS\system32\mciole16.dll
2007-06-24 16:16 8,192 --a------ C:\WINDOWS\system32\mag_hook.dll
2007-06-24 16:16 74,752 --a------ C:\WINDOWS\system32\dhcpsapi.dll
2007-06-24 16:16 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-06-24 16:16 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-06-24 16:16 7,680 --a------ C:\WINDOWS\system32\mciole32.dll
2007-06-24 16:16 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2007-06-24 16:16 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-06-24 16:16 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-06-24 16:16 67,584 --a------ C:\WINDOWS\system32\osuninst.dll
2007-06-24 16:16 66,560 --a------ C:\WINDOWS\system32\console.dll
2007-06-24 16:16 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-06-24 16:16 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-06-24 16:16 60,928 --a------ C:\WINDOWS\system32\iassvcs.dll
2007-06-24 16:16 60,416 --a------ C:\WINDOWS\system32\ipv6mon.dll
2007-06-24 16:16 6,656 --a------ C:\WINDOWS\system32\routetab.dll
2007-06-24 16:16 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-06-24 16:16 573,440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-06-24 16:16 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-06-24 16:16 57,344 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-06-24 16:16 55,296 --a------ C:\WINDOWS\system32\npptools.dll
2007-06-24 16:16 54,272 --a------ C:\WINDOWS\system32\dataclen.dll
2007-06-24 16:16 53,248 --a------ C:\WINDOWS\system32\MFC42PLK.DLL
2007-06-24 16:16 52,736 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2007-06-24 16:16 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-06-24 16:16 5,632 --a------ C:\WINDOWS\system32\kbdmaori.dll
2007-06-24 16:16 5,402,624 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-24 16:16 499,766 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-06-24 16:16 499,712 --a------ C:\WINDOWS\RtlExUpd.dll
2007-06-24 16:16 490,496 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2007-06-24 16:16 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-06-24 16:16 47,104 --a------ C:\WINDOWS\system32\mqdscli.dll
2007-06-24 16:16 450,560 --a------ C:\WINDOWS\system32\infosoft.dll
2007-06-24 16:16 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-24 16:16 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-06-24 16:16 40,960 --a------ C:\WINDOWS\system32\webhits.dll
2007-06-24 16:16 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2007-06-24 16:16 380,416 --a------ C:\WINDOWS\system32\dhcpmon.dll
2007-06-24 16:16 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-06-24 16:16 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dLL
2007-06-24 16:16 36,352 --a------ C:\WINDOWS\system32\narrhook.dll
2007-06-24 16:16 36,352 --a------ C:\WINDOWS\system32\iologmsg.dll
2007-06-24 16:16 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-24 16:16 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-06-24 16:16 35,328 --a------ C:\WINDOWS\system32\perfproc.dll
2007-06-24 16:16 347,648 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-06-24 16:16 342,016 --a------ C:\WINDOWS\system32\filemgmt.dll
2007-06-24 16:16 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-06-24 16:16 34,816 --a------ C:\WINDOWS\system32\atmpvcno.dll
2007-06-24 16:16 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-06-24 16:16 333,824 --a------ C:\WINDOWS\system32\hnetwiz.dll
2007-06-24 16:16 330,752 --a------ C:\WINDOWS\system32\dmconfig.dll
2007-06-24 16:16 33,376 --a------ C:\WINDOWS\system32\commdlg.dll
2007-06-24 16:16 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-06-24 16:16 33,280 --a------ C:\WINDOWS\system32\inetmib1.dll
2007-06-24 16:16 33,280 --a------ C:\WINDOWS\system32\eventcls.dll
2007-06-24 16:16 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-06-24 16:16 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-24 16:16 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-06-24 16:16 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-06-24 16:16 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2007-06-24 16:16 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-06-24 16:16 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-06-24 16:16 319,488 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-06-24 16:16 319,488 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-06-24 16:16 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-06-24 16:16 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-06-24 16:16 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-06-24 16:16 299,008 --a------ C:\WINDOWS\system32\appmgr.dll
2007-06-24 16:16 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-06-24 16:16 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2007-06-24 16:16 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-06-24 16:16 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-06-24 16:16 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-06-24 16:16 28,672 --a------ C:\WINDOWS\system32\rsfsaps.dll
2007-06-24 16:16 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-06-24 16:16 278,528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-06-24 16:16 274,432 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-06-24 16:16 274,432 --a------ C:\WINDOWS\system32\nvrses.dll
2007-06-24 16:16 274,432 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-06-24 16:16 270,336 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-06-24 16:16 266,240 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-06-24 16:16 266,240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-06-24 16:16 262,144 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-06-24 16:16 26,624 --a------ C:\WINDOWS\system32\rsvpmsg.dll
2007-06-24 16:16 26,624 --a------ C:\WINDOWS\system32\cnvfat.dll
2007-06-24 16:16 258,048 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-06-24 16:16 253,952 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-06-24 16:16 253,952 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-06-24 16:16 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-06-24 16:16 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2007-06-24 16:16 25,088 --a------ C:\WINDOWS\system32\HdAProp.dll
2007-06-24 16:16 249,856 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-06-24 16:16 249,856 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-06-24 16:16 249,856 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-06-24 16:16 249,856 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-06-24 16:16 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-06-24 16:16 245,760 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-06-24 16:16 245,760 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-06-24 16:16 241,664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-06-24 16:16 241,664 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-06-24 16:16 208,384 --a------ C:\WINDOWS\system32\mobsync.dll
2007-06-24 16:16 200,704 --a------ C:\WINDOWS\system32\dmdskmgr.dll
2007-06-24 16:16 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2007-06-24 16:16 20,480 --a------ C:\WINDOWS\system32\winstrm.dll
2007-06-24 16:16 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-06-24 16:16 17,920 --a------ C:\WINDOWS\system32\iaspolcy.dll
2007-06-24 16:16 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2007-06-24 16:16 16,896 --a------ C:\WINDOWS\system32\rassapi.dll
2007-06-24 16:16 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-06-24 16:16 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-06-24 16:16 157,696 --a------ C:\WINDOWS\system32\ipmontr.dll
2007-06-24 16:16 155,136 --a------ C:\WINDOWS\system32\itircl.dll
2007-06-24 16:16 155,136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2007-06-24 16:16 15,360 --a------ C:\WINDOWS\system32\hnetmon.dll
2007-06-24 16:16 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-06-24 16:16 147,456 --a------ C:\WINDOWS\system32\dskquoui.dll
2007-06-24 16:16 145,920 --a------ C:\WINDOWS\system32\hotplug.dll
2007-06-24 16:16 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2007-06-24 16:16 141,312 --a------ C:\WINDOWS\system32\iasrecst.dll
2007-06-24 16:16 14,848 --a------ C:\WINDOWS\system32\mcastmib.dll
2007-06-24 16:16 135,168 --a------ C:\WINDOWS\system32\odbcconf.dll
2007-06-24 16:16 13,824 --a------ C:\WINDOWS\system32\cmsetACL.dll
2007-06-24 16:16 127,008 --a------ C:\WINDOWS\system32\msvideo.dll
2007-06-24 16:16 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-06-24 16:16 120,832 --a------ C:\WINDOWS\system32\offfilt.dll
2007-06-24 16:16 12,288 --a------ C:\WINDOWS\system32\rasctrs.dll
2007-06-24 16:16 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-06-24 16:16 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-06-24 16:16 119,808 --a------ C:\WINDOWS\system32\mmutilse.dll
2007-06-24 16:16 118,784 --a------ C:\WINDOWS\system32\scardssp.dll
2007-06-24 16:16 118,784 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-06-24 16:16 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-06-24 16:16 118,784 --a------ C:\WINDOWS\system32\msdadiag.dll
2007-06-24 16:16 106,496 --a------ C:\WINDOWS\system32\mprmsg.dll
2007-06-24 16:16 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-06-24 16:16 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-06-24 16:16 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-06-24 16:16 10,240 --a------ C:\WINDOWS\system32\lprhelp.dll
2007-06-24 16:16 1,355,776 --a------ C:\WINDOWS\system32\msvbvm50.dll
2007-06-24 16:16 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-06-24 16:16 1,196,032 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2007-06-24 16:16 1,114,896 --a------ C:\WINDOWS\system32\esent97.dll
2007-06-24 16:16 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-24 16:14 <DIR> d-------- C:\WINDOWS\DLLArchive
2007-06-17 14:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-06-10 01:34 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\K-Meleon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-07-10 11:17:22 -------- d-----w C:\Program Files\eMule
2007-07-10 10:34:16 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-10 10:34:16 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-09 22:25:47 -------- d-----w C:\Program Files\Torrent Master
2007-07-09 21:55:32 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Skype
2007-07-09 21:39:00 -------- d-----w C:\DOCUME~1\user\DANEAP~1\LimeWire
2007-06-24 06:06:58 -------- d-----w C:\Program Files\Odkurzacz
2007-06-22 13:30:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 12:33:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-06 12:00:18 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-22 05:33:36 -------- d-----w C:\Program Files\Webroot
2007-05-21 22:07:39 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Lavasoft
2007-05-21 22:05:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-17 22:33:40 -------- d-----w C:\Program Files\Winamp
2007-05-17 22:33:40 -------- d-----w C:\Program Files\Mortal Kombat 4
2007-05-17 22:33:40 -------- d-----w C:\Program Files\BitComet
2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-30 14:11:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 12:52:54 57,426 ----a-w C:\WINDOWS\system32\btfunc.dll
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-09 11:15:41 1 ----a-w C:\WINDOWS\system32\SI.bin


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-27 17:00]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Programy\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-01-24 19:15 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="D:\Programy\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2007-05-03 10:02]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://images.google.pl/images?q=tbn:Y8D3x7cO7QTNDM:http://stronki00.republika.pl/images/drzewo.jpg


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Programy\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
"RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 14:18:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

? [1628]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-07-10 14:19:51
C:\ComboFix-quarantined-files.txt ... 2007-07-10 14:19
C:\ComboFix2.txt ... 2007-07-09 18:04


--- E O F ---

[ Dodano: Dzisiaj o 15:04 ]
i jeszcze do tego przed chwila ni z tego ni z owego wyskoczyl bluescreen... nie wiem z jakiej okazji, wlaczony byl tylko winamp i gg...

[wojtas]

wyskoczyl bluescreen

jaki kod bledu

[Fever]

wlasnie sam sie zdziwilem, mialem cos takiego jak kolega nade mna...

a jak log?

[wojtas]

nic w logu nie ma