Jako ze mod polecil mi zalozenie nowego watku, tutaj przedstawie zaistniala sytuacje. Mialem problem ze zmiana opcji "pokaz ukryte pliki i foldery" jednak uzycie combofixa zalatwilo tą sprawe. Wiem ze jest to sprawka czegos co mial kumpel na swoim pendraku. Obecnie moj Avast nie chce sie aktualizowac, nawet recznie nie reaguje i nie moge go usunac, AVG anti-rootkit wykrywa mi Hiden driver file w C:\WINDOWS\System32\Drivers\a6k26tg4.SYS jednak gdy go usowam, po restarcie znow jest na swoim miejscu.
Log z HJT
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:12, on 2009-03-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Odkurzacz\odk_scd.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=pol
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Odkurzacz-SCD] C:\Program Files\Odkurzacz\odk_scd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5016 bytes
Lg z combofix
- Kod: Zaznacz wszystko
ComboFix 09-03-10.03 - Tytus 2009-03-11 13:27:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1615 [GMT 1:00]
Uruchomiony z: e:\różne\instalki\avast\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 080329-0] *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\u.com
D:\u.com
E:\u.com
F:\u.com
G:\u.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-11 do 2009-03-11 )))))))))))))))))))))))))))))))
.
2009-03-11 12:47 . 2009-03-11 12:47 <DIR> d--h----- c:\windows\PIF
2009-03-10 22:41 . 2009-03-10 22:41 <DIR> d-------- c:\program files\Winamp Toolbar
2009-03-10 22:41 . 2009-03-10 22:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-03-10 22:40 . 2009-03-10 22:42 <DIR> d-------- c:\program files\Winamp
2009-03-10 22:40 . 2009-03-10 22:40 <DIR> d-------- c:\documents and settings\Tytus\Dane aplikacji\Winamp
2009-03-10 22:39 . 2007-09-24 23:31 69,632 --a------ c:\windows\system32\javacpl.cpl
2009-03-10 22:38 . 2009-03-10 22:39 <DIR> d-------- c:\program files\Java
2009-03-10 22:38 . 2009-03-10 22:38 <DIR> d-------- c:\program files\Common Files\Java
2009-03-10 22:19 . 2009-03-10 22:19 <DIR> d-------- c:\documents and settings\Tytus\.gstreamer-0.10
2009-03-10 22:06 . 2009-03-10 22:12 <DIR> d-------- c:\program files\Odkurzacz
2009-03-10 22:06 . 2009-03-10 22:06 <DIR> d-------- c:\program files\CCleaner
2009-03-10 22:02 . 2009-03-10 22:03 <DIR> d-------- c:\program files\Executive Software
2009-03-10 21:38 . 2009-03-10 21:39 <DIR> d-------- c:\documents and settings\Tytus\Dane aplikacji\dp3d
2009-03-10 21:36 . 2009-03-10 21:36 <DIR> d-------- c:\program files\Dream Pinball 3D
2009-03-10 19:08 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-03-10 19:08 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-03-10 19:08 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-03-10 19:08 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-03-10 19:08 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-03-10 19:08 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-03-10 19:04 . 2009-03-10 19:04 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-10 19:04 . 2009-03-10 19:04 682,280 --a------ c:\windows\system32\pbsvc.exe
2009-03-10 19:04 . 2009-03-11 01:01 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-10 19:04 . 2009-03-11 01:01 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-10 19:04 . 2009-03-10 19:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-10 19:04 . 2009-03-10 19:04 22,328 --a------ c:\documents and settings\Tytus\Dane aplikacji\PnkBstrK.sys
2009-03-10 18:48 . 2009-03-10 18:48 <DIR> d--hs---- c:\windows\ftpcache
2009-03-10 18:42 . 2009-03-10 18:42 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-10 18:41 . 2009-03-10 18:41 <DIR> d-------- c:\documents and settings\Tytus\Dane aplikacji\DAEMON Tools
2009-03-10 18:41 . 2009-03-10 18:41 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-10 18:33 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-03-10 17:52 . 2009-03-10 17:52 <DIR> d-------- c:\program files\Nowe Gadu-Gadu
2009-03-10 17:52 . 2009-03-10 17:53 <DIR> d-------- c:\documents and settings\Tytus\Dane aplikacji\Nowe Gadu-Gadu
2009-03-10 17:42 . 2009-03-10 17:42 <DIR> d-------- c:\program files\SubEdit-Player
2009-03-10 17:41 . 2009-03-10 17:41 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-10 17:15 . 2009-03-10 17:15 <DIR> d-------- c:\program files\Trend Micro
2009-03-10 16:36 . 2009-03-10 16:36 <DIR> d-------- c:\program files\Opera
2009-03-10 16:21 . 2009-03-10 16:21 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-10 16:21 . 2009-03-10 16:21 <DIR> d-------- c:\program files\ACD Systems
2009-03-10 16:21 . 2009-03-10 16:21 <DIR> d-------- c:\documents and settings\Tytus\Dane aplikacji\ACD Systems
2009-03-10 16:21 . 2009-03-10 16:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2009-03-10 16:15 . 2009-03-10 16:15 <DIR> d-------- c:\windows\JM
2009-03-10 16:15 . 2009-03-10 16:15 <DIR> d-------- C:\JM
2009-03-10 16:15 . 2006-10-30 13:44 1,953,792 -r------- c:\windows\system32\JMRaidSetup.exe
2009-03-10 16:15 . 2006-09-13 13:32 139,264 -r------- c:\windows\system32\JMRaidAPI.dll
2009-03-10 16:15 . 2006-10-30 04:31 43,648 -ra------ c:\windows\system32\drivers\jraid.sys
2009-03-10 16:15 . 2006-02-07 12:52 6,912 -ra------ c:\windows\system32\drivers\JGOGO.sys
2009-03-10 16:13 . 2009-03-10 16:13 <DIR> d-------- c:\windows\OPTIONS
2009-03-10 16:13 . 2009-03-10 16:13 <DIR> d-------- c:\program files\Realtek
2009-03-10 16:13 . 2006-07-27 02:49 83,712 -ra------ c:\windows\system32\drivers\Rtenicxp.sys
2009-03-10 16:09 . 2009-03-10 19:04 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-10 16:09 . 2009-03-10 16:10 <DIR> d-------- c:\program files\Analog Devices
2009-03-10 16:09 . 2001-09-11 14:20 1,285,632 --------- c:\windows\system32\SMMedia.dll
2009-03-10 16:09 . 2005-05-04 08:20 53,248 --------- c:\windows\system32\wdmioctl.dll
2009-03-10 16:09 . 2006-07-10 14:42 49,152 --------- c:\windows\system32\DSndUp.exe
2009-03-10 16:09 . 2002-04-17 14:05 45,056 --------- c:\windows\system32\CleanUp.exe
2009-03-10 16:09 . 2004-03-17 14:36 15,872 --a------ c:\windows\system32\spupdsvc.exe
2009-03-10 16:06 . 2009-03-10 16:06 <DIR> d-------- c:\windows\ASUSInstAll
2009-03-10 16:05 . 2009-03-10 16:05 <DIR> d-------- c:\windows\system32\drivers\system32
2009-03-10 16:05 . 2009-03-10 16:05 <DIR> d-------- c:\windows\system32\drivers\INF
2009-03-10 16:04 . 2009-03-10 16:04 <DIR> d-------- c:\program files\Intel
2009-03-10 16:03 . 2009-03-10 16:15 15,010 --a------ c:\windows\Ascd_log.ini
2009-03-10 15:42 . 2009-03-10 16:03 14,682 --a------ c:\windows\Ascd_tmp.ini
2009-03-10 15:42 . 2004-08-12 09:00 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys
2009-03-10 15:41 . 2006-10-11 04:33 10,288 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-03-10 15:29 . 2009-03-10 15:29 162,159 --a------ c:\windows\system32\nvapps.xml
2009-03-10 15:28 . 2009-03-10 15:28 <DIR> d-------- c:\windows\nview
2009-03-10 15:28 . 2009-03-10 22:03 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-10 15:28 . 2007-11-06 18:59 356,352 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-10 15:28 . 2007-11-06 10:30 356,352 --a------ c:\windows\system32\nvudisp.exe
2009-03-10 15:28 . 2007-11-06 10:30 17,737 --a------ c:\windows\system32\nvdisp.nvu
2009-03-10 15:19 . 2009-03-10 15:19 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-10 15:16 . 2009-03-10 15:16 <DIR> d-------- c:\program files\Alwil Software
2009-03-10 15:16 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-10 15:16 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-03-10 15:16 . 2003-02-21 04:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2009-03-10 15:16 . 2007-01-18 13:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 10:39 --------- d-----w c:\program files\microsoft frontpage
2009-03-10 10:38 --------- d-----w c:\program files\Usługi online
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-03-10_18.37.12,78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-10 21:03:15 45,056 ----a-r c:\windows\Installer\{28981848-F395-4466-967C-6BFD5FCB1899}\_69DED6806E2F_4C8C_9FF9_742D45EAA946.exe
+ 2009-03-10 21:03:15 28,672 ----a-r c:\windows\Installer\{28981848-F395-4466-967C-6BFD5FCB1899}\Icon.exe
+ 2009-03-10 18:04:25 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2004-08-04 00:43:54 159,232 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2004-08-04 00:44:06 52,736 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2004-08-04 00:44:06 201,728 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2004-08-04 00:44:34 356,352 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2004-08-04 00:44:06 246,272 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2004-08-04 00:44:16 27,136 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2004-08-04 00:44:16 23,552 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-08-04 00:44:16 408,064 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2004-08-04 00:44:16 759,296 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2004-08-04 00:44:16 484,864 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2004-08-04 00:44:16 809,984 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-04 00:44:02 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2004-08-04 00:44:22 103,936 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2004-08-04 00:44:10 237,568 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-08-04 00:44:16 670,720 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2004-08-04 00:44:16 230,400 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2004-08-04 00:44:16 151,552 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2004-08-04 00:44:16 1,050,624 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2004-08-04 00:44:16 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2004-08-04 00:44:16 896,512 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2004-08-04 00:44:36 2,105,344 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2004-08-04 00:44:16 1,001,472 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2004-08-04 00:43:54 286,208 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2004-08-04 00:44:36 299,520 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2004-08-04 00:43:56 87,040 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2004-08-04 00:44:34 695,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2004-08-04 00:44:32 259,072 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
- 2004-08-04 00:43:54 286,208 ----a-w c:\windows\system32\blackbox.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
- 2004-08-04 00:43:54 159,232 ----a-w c:\windows\system32\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
+ 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
+ 2005-05-26 14:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
- 2004-08-04 00:43:54 286,208 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2004-08-04 00:43:54 159,232 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2004-08-04 00:44:36 299,520 -c--a-w c:\windows\system32\dllcache\drmclien.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w c:\windows\system32\dllcache\drmclien.dll
- 2004-08-04 00:43:56 87,040 -c--a-w c:\windows\system32\dllcache\drmstor.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\drmstor.dll
- 2004-08-04 00:44:34 695,296 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2004-08-04 00:44:02 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
- 2004-08-04 00:44:22 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 00:44:06 2,804,224 -c--a-w c:\windows\system32\dllcache\msi.dll
+ 2005-05-03 11:58:36 2,890,240 -c--a-w c:\windows\system32\dllcache\msi.dll
- 2004-08-04 00:44:24 77,312 -c--a-w c:\windows\system32\dllcache\msiexec.exe
+ 2005-05-03 11:58:36 78,848 -c--a-w c:\windows\system32\dllcache\msiexec.exe
- 2004-08-04 00:44:06 331,264 -c--a-w c:\windows\system32\dllcache\msihnd.dll
+ 2005-05-03 11:58:36 271,360 -c--a-w c:\windows\system32\dllcache\msihnd.dll
- 2004-08-04 00:43:08 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll
+ 2005-05-03 11:58:36 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll
- 2004-08-04 00:44:06 44,032 -c--a-w c:\windows\system32\dllcache\msisip.dll
+ 2005-05-03 11:58:36 15,360 -c--a-w c:\windows\system32\dllcache\msisip.dll
- 2004-08-04 00:44:32 259,072 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2004-08-04 00:44:06 52,736 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2004-08-04 00:44:06 201,728 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2004-08-04 00:44:34 356,352 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2004-08-04 00:44:06 246,272 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2004-08-04 00:44:10 237,568 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2004-08-04 00:44:16 408,064 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
- 2004-08-04 00:44:16 670,720 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
- 2004-08-04 00:44:16 230,400 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2004-08-04 00:44:16 27,136 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2004-08-04 00:44:16 23,552 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-04 00:44:16 151,552 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2004-08-04 00:44:16 1,050,624 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
- 2004-08-04 00:44:16 759,296 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2004-08-04 00:44:16 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2004-08-04 00:44:16 484,864 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-04 00:44:16 896,512 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
- 2004-08-04 00:44:36 2,105,344 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
- 2004-08-04 00:44:16 809,984 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2004-08-04 00:44:16 1,001,472 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
- 2004-08-04 00:44:36 299,520 ----a-w c:\windows\system32\drmclien.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\system32\drmclien.dll
- 2004-08-04 00:43:56 87,040 ----a-w c:\windows\system32\drmstor.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\drmstor.dll
- 2004-08-04 00:44:34 695,296 ----a-w c:\windows\system32\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2007-09-24 21:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2007-09-24 21:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2007-09-24 22:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
- 2004-08-04 00:44:02 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
- 2004-08-04 00:44:22 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
- 2004-08-04 00:44:06 2,804,224 ----a-w c:\windows\system32\msi.dll
+ 2005-05-03 11:58:36 2,890,240 ----a-w c:\windows\system32\msi.dll
- 2004-08-04 00:44:24 77,312 ----a-w c:\windows\system32\msiexec.exe
+ 2005-05-03 11:58:36 78,848 ----a-w c:\windows\system32\msiexec.exe
- 2004-08-04 00:44:06 331,264 ----a-w c:\windows\system32\msihnd.dll
+ 2005-05-03 11:58:36 271,360 ----a-w c:\windows\system32\msihnd.dll
- 2004-08-04 00:43:08 884,736 ----a-w c:\windows\system32\msimsg.dll
+ 2005-05-03 11:58:36 884,736 ----a-w c:\windows\system32\msimsg.dll
- 2004-08-04 00:44:06 44,032 ----a-w c:\windows\system32\msisip.dll
+ 2005-05-03 11:58:36 15,360 ----a-w c:\windows\system32\msisip.dll
- 2004-08-04 00:44:32 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
- 2004-08-04 00:44:06 52,736 ----a-w c:\windows\system32\mspmsnsv.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
- 2004-08-04 00:44:06 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
- 2004-08-04 00:44:34 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
- 2004-08-04 00:44:06 246,272 ----a-w c:\windows\system32\mswmdm.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2007-03-07 23:51:00 547,576 ------w c:\windows\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w c:\windows\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ------w c:\windows\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ------w c:\windows\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ------w c:\windows\system32\pxwave.dll
- 2004-08-04 00:44:10 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2005-05-03 11:58:30 15,584 ------w c:\windows\system32\spmsg.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2007-03-07 23:51:00 39,672 ------w c:\windows\system32\vxblock.dll
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-04 00:44:16 408,064 ----a-w c:\windows\system32\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
- 2004-08-04 00:44:16 670,720 ----a-w c:\windows\system32\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
- 2004-08-04 00:44:16 230,400 ----a-w c:\windows\system32\wmasf.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
- 2004-08-04 00:44:16 27,136 ----a-w c:\windows\system32\wmdmlog.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
- 2004-08-04 00:44:16 23,552 ----a-w c:\windows\system32\wmdmps.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
- 2004-08-04 00:44:16 151,552 ----a-w c:\windows\system32\wmidx.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
- 2004-08-04 00:44:16 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
- 2004-08-04 00:44:16 759,296 ----a-w c:\windows\system32\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
- 2004-08-04 00:44:16 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2004-08-04 00:44:16 484,864 ----a-w c:\windows\system32\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
- 2004-08-04 00:44:16 896,512 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2003-06-23 01:44:36 1,415,680 ----a-w c:\windows\system32\wmv9vcm.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
- 2004-08-04 00:44:36 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll
- 2004-08-04 00:44:16 809,984 ----a-w c:\windows\system32\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
- 2004-08-04 00:44:16 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\system32\wpdtrace.dll
+ 2006-02-03 07:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2006-02-03 07:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
+ 2007-10-22 02:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll
+ 2006-05-31 06:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll
+ 2005-12-05 17:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2009-03-11 11:58:43 16,384 ------w c:\windows\Temp\Perflib_Perfdata_528.dat
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"Odkurzacz-SCD"="c:\program files\Odkurzacz\odk_scd.exe" [2008-08-17 535552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Gry\\COD - warld at war\\CoDWaWmp.exe"=
"f:\\Gry\\COD - warld at war\\CoDWaW.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-10 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-10 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e43049-0d92-11de-bf46-001d60764bf9}]
\Shell\AutoRun\command - I:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2452302-0d9a-11de-bf47-001d60764bf9}]
\Shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - i:\directx\dxsetup.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=pol
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 13:28:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-03-11 13:28:30
ComboFix-quarantined-files.txt 2009-03-11 12:28:29
ComboFix2.txt 2009-03-10 17:37:27
ComboFix3.txt 2009-03-10 17:29:32
ComboFix4.txt 2009-03-10 16:32:09
Przed: 13 489 631 232 bajtów wolnych
Po: 13,484,830,720 bajtów wolnych
455
oraz skasuj folder C:\
musisz go wkleić na jakąs strone np. http://wklej.org/ , albo poprostu wrzuc go tutaj w tag [code]
