Rundll32, antyvirus pro etc

**Posty:** 1164 · przez **Aros5** 26 Wrz 2009, 17:54

Wracam po tygodniu z internatu i zastaje w domu bajzel na komputerze. Nie wiem co kto na nim robił, dowiedzialem sie od brata, że grając w Combat Arms dostał bluescreen, zresetował komputer i zaczął skanować go avirą. W trakcie skanu były podobno ponowne bluescreeny. Co wyskanowało to usunął a w między czasie ściągnął jeszcze Antivirus Pro 2010 którego alter pojawił się przy zegarze systemowym (że to syf mi tłumaczyc nie musicie). Bluescreeny przeszły, ale gdzieś jeszcze po drodze zgubił raz dźwięk.
Dzisiaj uruchamia komputer rano i pojawiają się błedy rundll32 plików calc.dll i protec.dll.
Do tego jeszcze przez sieć ciągle przepływają jakieś pakiety.

Trochę się pospieszyłem teraz z reakcją, chciałem użyć SDfix ale nie mogę uruchomić trybu awaryjnego więc odpaliłem Combofix co widzę, że już polecane nie jest. No ale stało się a to log po skanie:

Kod: Zaznacz wszystko: ComboFix 09-09-25.01 - Windows XP 2009-09-27 17:11.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.324 [GMT 2:00] Uruchomiony z: c:\documents and settings\Windows XP\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\apagyh.reg c:\documents and settings\All Users\Dane aplikacji\kudywymyl.sys c:\documents and settings\All Users\Dane aplikacji\ybesel.bat c:\documents and settings\All Users\Dokumenty\bubovuk.exe c:\documents and settings\All Users\Dokumenty\oheryq.bat c:\documents and settings\All Users\Dokumenty\upupyte.pif c:\documents and settings\Windows XP\Dane aplikacji\BITS c:\documents and settings\Windows XP\Dane aplikacji\BITS\BITS.ini c:\documents and settings\Windows XP\Dane aplikacji\BITS\ProxyList.ini c:\documents and settings\Windows XP\Dane aplikacji\BITS\UPnP.ini c:\documents and settings\Windows XP\Dane aplikacji\wiaserva.log c:\documents and settings\Windows XP\Dane aplikacji\wiaservg.log c:\documents and settings\Windows XP\protect.dll c:\program files\Common Files\ynuhik.vbs c:\windows\adawor.dll c:\windows\system32\_scui.cpl c:\windows\system32\calc.dll c:\windows\system32\config\systemprofile\Cookies\adyrigiqe.sys c:\windows\system32\config\systemprofile\Cookies\apanigu.bat c:\windows\system32\config\systemprofile\Cookies\xykufog.dl c:\windows\system32\config\systemprofile\Menu Start\Programy\AntivirusPro_2010 c:\windows\system32\config\systemprofile\Menu Start\Programy\AntivirusPro_2010\AntivirusPro_2010.lnk c:\windows\system32\config\systemprofile\Menu Start\Programy\AntivirusPro_2010\Uninstall.lnk c:\windows\system32\config\systemprofile\protect.dll c:\windows\system32\config\systemprofile\Pulpit\AntivirusPro_2010.lnk c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\alefage.exe c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\gikybif._sy c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\sapabaq.sys c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ulanaxilak.reg c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\iziq.scr c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\ucibyhucu.scr c:\windows\system32\drivers\gasfkyquhltwbp.sys c:\windows\system32\drivers\str.sys c:\windows\system32\duwo.sys c:\windows\system32\gasfkyjdabiwww.dll c:\windows\system32\gasfkykcirqrdb.dll c:\windows\system32\gasfkykmovbrsn.dat c:\windows\system32\gasfkymmyxiqpg.dll c:\windows\system32\gasfkyqvrjoept.dat c:\windows\system32\ieuinit.inf c:\windows\system32\ogetubel.ban . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gasfkyubomqchr -------\Legacy_gasfkyubomqchr ((((((((((((((((((((((((( Pliki utworzone od 2009-08-27 do 2009-09-27 ))))))))))))))))))))))))))))))) . 2009-09-27 14:48 . 2008-11-06 00:03 -------- d-----w- C:\SDFix 2009-09-27 07:39 . 2009-09-27 15:16 87168 ----a-w- c:\windows\system32\drivers\fc6f69ae.sys 2009-09-27 07:35 . 2004-08-03 22:44 82944 ---h-tw- c:\windows\system32\ec57820.dll 2009-09-27 07:35 . 2004-08-03 22:44 82944 ---h-tw- c:\windows\system32\262b16c8.dll 2009-09-27 07:35 . 2009-09-27 07:35 155648 ----a-w- C:\qkwvgyk.exe 2009-09-27 07:35 . 2009-09-27 07:35 103936 ----a-w- C:\enxqglk.exe 2009-09-27 07:35 . 2009-09-27 07:35 10752 ----a-w- C:\lcks.exe 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 16:51 . 2009-09-26 16:51 0 ----a-w- c:\windows\nsreg.dat 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 06:51 . 2009-09-26 06:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\RoboForm 2009-09-25 10:10 . 2009-09-25 10:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Last.fm 2009-09-25 10:08 . 2009-09-25 10:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Last.fm 2009-09-24 15:34 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-09-20 13:14 . 2009-09-20 13:15 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\cache 2009-09-20 13:13 . 2009-09-21 07:12 -------- d-----w- c:\windows\SxsCaPendDel 2009-09-20 13:04 . 2009-09-20 13:04 -------- d-----w- c:\windows\system32\LogFiles 2009-09-20 09:53 . 2009-09-22 12:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NexonEU 2009-09-20 09:18 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2009-09-20 09:14 . 2009-09-20 09:16 -------- d-----w- c:\windows\nview 2009-09-20 09:14 . 2004-10-29 14:50 172032 ----a-w- c:\windows\system32\nvudisp.exe 2009-09-20 09:14 . 2009-09-20 09:14 -------- d-----w- C:\NVIDIA 2009-09-20 07:23 . 2009-09-20 07:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Opera 2009-09-19 19:00 . 2009-09-19 19:00 12328 ----a-w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-09-19 18:47 . 2009-09-20 07:38 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 18:46 . 2009-09-19 18:46 -------- d-----w- C:\profiles 2009-09-19 18:45 . 2009-09-19 18:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-19 18:45 . 2009-09-19 19:01 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 18:44 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-19 18:44 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-19 18:44 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-19 18:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-19 18:44 . 2009-09-19 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-09-19 18:36 . 2009-09-19 18:36 -------- d-----w- c:\program files\hp deskjet 3320 series 2009-09-19 18:36 . 2002-07-10 17:02 184386 ----a-w- c:\windows\system32\hpzsnt05.dll 2009-09-19 18:35 . 2009-09-19 18:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-09-19 18:34 . 2009-09-19 18:34 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Identities 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 18:33 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-19 18:33 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-09-19 18:32 . 2009-09-27 14:08 -------- d-----w- C:\Programy 2009-09-19 18:32 . 2009-09-19 18:32 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2009-09-19 18:29 . 2009-09-19 18:29 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-09-19 18:28 . 2005-10-20 11:05 282240 ----a-w- c:\windows\system32\drivers\rtl8185.sys 2009-09-19 18:28 . 2002-10-02 07:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys 2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\program files\Nonbrand 2009-09-19 18:18 . 2009-09-19 18:18 -------- d-----w- c:\windows\OPTIONS 2009-09-19 18:18 . 2002-06-13 03:37 45568 ----a-w- c:\windows\system32\drivers\R8139n51.sys 2009-09-19 18:12 . 2009-09-19 18:12 -------- d-----w- c:\program files\Intel 2009-09-19 18:11 . 2009-09-19 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 18:11 . 2009-09-19 18:14 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-19 18:11 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-09-19 18:11 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-09-19 18:10 . 2006-10-11 03:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-26 08:04 . 2009-09-26 08:04 18928 ----a-w- c:\program files\Common Files\bunafot.db 2009-09-26 08:04 . 2009-09-26 08:04 10580 ----a-w- c:\program files\Common Files\cimanuza._sy 2009-09-26 08:04 . 2009-09-26 08:04 10111 ----a-w- c:\program files\Common Files\arimyqov.lib 2009-09-24 07:15 . 2009-09-19 18:48 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Winamp 2009-09-20 09:18 . 2009-09-20 09:18 802 ----a-w- c:\windows\unins000.dat 2009-09-19 18:20 . 2001-10-26 14:15 49492 ----a-w- c:\windows\system32\perfc015.dat 2009-09-19 18:20 . 2001-10-26 14:15 355486 ----a-w- c:\windows\system32\perfh015.dat 2009-09-19 18:15 . 2009-09-19 18:15 -------- d-----w- c:\program files\C-Media 3D Audio 2009-09-19 17:50 . 2009-09-19 17:50 -------- d-----w- c:\program files\microsoft frontpage 2009-09-19 17:48 . 2009-09-19 17:48 -------- d-----w- c:\program files\Usługi online 2009-09-19 17:47 . 2009-09-19 17:47 21856 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "restorer32_a"="c:\documents and settings\Windows XP\restorer32_a.exe" [2009-09-27 43520] "mserv"="c:\documents and settings\Windows XP\Dane aplikacji\seres.exe" [2009-09-27 14848] "svchost"="c:\documents and settings\Windows XP\Dane aplikacji\svcst.exe" [2009-09-27 14848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="c:\programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416] "avgnt"="c:\programy\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016] "restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-09-27 43520] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Windows XP\Menu Start\Programy\Autostart\ scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280] uecupd32.exe [2004-8-4 29184] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ 802.11g Wireless LAN PCI Card Utility.lnk - c:\program files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2009-9-19 5856256] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe rundll32.exe tftp.nfo beforegllav" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programy\\FlashGet universal\\FlashGet.exe"= "c:\\Programy\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "d:\\Gry\\Anno 1701\\Anno1701.exe"= "d:\gry\Combat Arms EU\CombatArms.exe"= d:\gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "d:\gry\Combat Arms EU\Engine.exe"= d:\gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe "d:\\Gry\\Combat Arms EU\\NMService.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [2009-09-19 108289] S2 rhqopdelnhmrvr;rhqopdelnhmrvr;\??\c:\windows\system32\drivers\qbjyiitvnjoq.sys --> c:\windows\system32\drivers\qbjyiitvnjoq.sys [?] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-09-19 13532] . . ------- Skan uzupełniający ------- . IE: &Download All by FlashGet - c:\programy\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\programy\FlashGet universal\ComDlls\Bholink.htm TCP: {B5145816-52AD-463F-BC47-6346AFD352F7} = 192.168.0.2 . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-calc - c:\docume~1\WINDOW~1\protect.dll HKLM-Run-calc - c:\windows\system32\calc.dll HKLM-Run-Cmaudio - cmicnfg.cpl HKU-Default-Run-calc - c:\windows\system32\config\SYSTEM~1\protect.dll AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-27 17:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\system32\restorer32_a.exe 43520 bytes executable skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fc6f69ae] "ImagePath"="\SystemRoot\System32\drivers\fc6f69ae.sys" . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\programy\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-09-27 17:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-09-27 15:17 Przed: 7 892 934 656 bajtów wolnych Po: 8 420 491 264 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 223

Dorzucam jeszcze obecny log z RSIT:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Windows XP at 2009-09-27 17:37:13 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 8 GB (56%) free of 14 GB Total RAM: 511 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:16, on 2009-09-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programy\Avira\AntiVir Desktop\sched.exe C:\Programy\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Programy\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\restorer32_a.exe C:\Program Files\Messenger\msmsgs.exe C:\Programy\DAEMON Tools Lite\daemon.exe C:\Documents and Settings\Windows XP\restorer32_a.exe C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programy\Opera\opera.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Windows XP\Pulpit\RSIT.exe C:\Documents and Settings\Windows XP\Pulpit\Windows XP.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Windows XP\restorer32_a.exe O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: scandisk.lnk = ? O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ? O8 - Extra context menu item: &Download All by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bholink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B5145816-52AD-463F-BC47-6346AFD352F7}: NameServer = 192.168.0.2 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\avguard.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 4717 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-14 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"=C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 188416] "avgnt"=C:\Programy\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016] "restorer32_a"=C:\WINDOWS\system32\restorer32_a.exe [2009-09-27 43520] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "restorer32_a"=C:\Documents and Settings\Windows XP\restorer32_a.exe [2009-09-27 43520] "mserv"=C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe [2009-09-27 14848] "svchost"=C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe [2009-09-27 14848] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 802.11g Wireless LAN PCI Card Utility.lnk - C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe C:\Documents and Settings\Windows XP\Menu Start\Programy\Autostart scandisk.lnk - C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programy\FlashGet universal\FlashGet.exe"="C:\Programy\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Programy\Nowe Gadu-Gadu\gg.exe"="C:\Programy\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "D:\Gry\Anno 1701\Anno1701.exe"="D:\Gry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "D:\Gry\Combat Arms EU\NMService.exe"="D:\Gry\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" ======List of files/folders created in the last 3 months====== 2009-09-27 17:37:13 ----D---- C:\rsit 2009-09-27 17:30:12 ----SHD---- C:\RECYCLER 2009-09-27 17:18:01 ----D---- C:\WINDOWS\temp 2009-09-27 17:17:59 ----A---- C:\ComboFix.txt 2009-09-27 17:16:55 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\lizkavd.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe 2009-09-27 17:16:33 ----A---- C:\WINDOWS\system32\restorer32_a.exe 2009-09-27 17:05:00 ----A---- C:\Boot.bak 2009-09-27 17:04:56 ----RASHD---- C:\cmdcons 2009-09-27 17:02:27 ----A---- C:\WINDOWS\zip.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\SWSC.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\SWREG.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\sed.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\PEV.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-27 17:02:27 ----A---- C:\WINDOWS\grep.exe 2009-09-27 17:01:58 ----D---- C:\WINDOWS\ERDNT 2009-09-27 17:01:24 ----D---- C:\Qoobox 2009-09-27 16:48:19 ----D---- C:\SDFix 2009-09-27 09:35:40 ----HT---- C:\WINDOWS\system32\ec57820.dll 2009-09-27 09:35:40 ----HT---- C:\WINDOWS\system32\262b16c8.dll 2009-09-26 18:51:58 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Mozilla 2009-09-26 09:56:36 ----D---- C:\WINDOWS\Minidump 2009-09-26 08:51:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\RoboForm 2009-09-25 12:10:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm 2009-09-20 15:23:45 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\WinRAR 2009-09-20 15:23:14 ----D---- C:\Program Files\WinRAR 2009-09-20 15:13:50 ----D---- C:\WINDOWS\SxsCaPendDel 2009-09-20 15:04:40 ----D---- C:\WINDOWS\system32\LogFiles 2009-09-20 11:53:53 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2009-09-20 11:19:00 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2009-09-20 11:18:58 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2009-09-20 11:18:39 ----D---- C:\WINDOWS\Logs 2009-09-20 11:14:28 ----D---- C:\WINDOWS\nview 2009-09-20 11:14:28 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-09-20 11:14:08 ----D---- C:\NVIDIA 2009-09-20 09:25:07 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Macromedia 2009-09-20 09:25:06 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Adobe 2009-09-20 09:23:51 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Opera 2009-09-19 21:00:41 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 21:00:39 ----D---- C:\Program Files\DAEMON Tools Toolbar 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\px.dll 2009-09-19 20:48:32 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Winamp 2009-09-19 20:47:57 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 20:46:30 ----D---- C:\profiles 2009-09-19 20:45:24 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 20:44:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2009-09-19 20:36:10 ----D---- C:\Program Files\hp deskjet 3320 series 2009-09-19 20:36:01 ----A---- C:\WINDOWS\system32\hpzsnt05.dll 2009-09-19 20:35:21 ----D---- C:\Program Files\Hewlett-Packard 2009-09-19 20:33:18 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 20:33:03 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2009-09-19 20:32:24 ----D---- C:\Programy 2009-09-19 20:29:36 ----A---- C:\WINDOWS\RTacDbg.txt 2009-09-19 20:29:10 ----A---- C:\WINDOWS\system32\results.txt 2009-09-19 20:28:53 ----D---- C:\Program Files\Nonbrand 2009-09-19 20:18:51 ----D---- C:\WINDOWS\OPTIONS 2009-09-19 20:18:04 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmuda.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-09-19 20:15:17 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-09-19 20:15:10 ----A---- C:\WINDOWS\CMISETUP.INI 2009-09-19 20:15:09 ----A---- C:\WINDOWS\CMCDPLAY.INI 2009-09-19 20:15:08 ----A---- C:\WINDOWS\Wininit.ini 2009-09-19 20:15:01 ----D---- C:\Program Files\C-Media 3D Audio 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIUninstall.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CmiRmRedundDir.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIRmDriver.dll 2009-09-19 20:12:11 ----D---- C:\Program Files\Intel 2009-09-19 20:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-19 20:11:44 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 20:11:39 ----D---- C:\Program Files\Common Files\InstallShield 2009-09-19 20:01:35 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Identities 2009-09-19 20:01:33 ----HD---- C:\Program Files\Uninstall Information 2009-09-19 20:01:28 ----ASH---- C:\Documents and Settings\Windows XP\Dane aplikacji\desktop.ini 2009-09-19 20:01:27 ----SD---- C:\Documents and Settings\Windows XP\Dane aplikacji\Microsoft 2009-09-19 19:54:13 ----D---- C:\WINDOWS\SoftwareDistribution 2009-09-19 19:54:12 ----SD---- C:\WINDOWS\system32\Microsoft 2009-09-19 19:54:12 ----D---- C:\WINDOWS\Prefetch 2009-09-19 19:54:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-19 19:50:44 ----D---- C:\WINDOWS\system32\xircom 2009-09-19 19:50:44 ----D---- C:\Program Files\xerox 2009-09-19 19:50:44 ----D---- C:\Program Files\microsoft frontpage 2009-09-19 19:50:22 ----A---- C:\WINDOWS\control.ini 2009-09-19 19:50:22 ----A---- C:\AUTOEXEC.BAT 2009-09-19 19:50:07 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-19 19:50:03 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-09-19 19:49:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-19 19:49:11 ----RD---- C:\WINDOWS\Offline Web Pages 2009-09-19 19:49:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-09-19 19:49:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-09-19 19:49:00 ----HD---- C:\Program Files\WindowsUpdate 2009-09-19 19:48:57 ----D---- C:\Program Files\Usługi online 2009-09-19 19:48:42 ----D---- C:\WINDOWS\system32\DirectX 2009-09-19 19:48:22 ----A---- C:\WINDOWS\system32\atrace.dll 2009-09-19 19:48:19 ----A---- C:\WINDOWS\system32\desktop.ini 2009-09-19 19:48:19 ----A---- C:\WINDOWS\desktop.ini 2009-09-19 19:48:13 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-09-19 19:48:11 ----D---- C:\Program Files\Common Files\Services 2009-09-19 19:48:11 ----A---- C:\WINDOWS\system32\acctres.dll 2009-09-19 19:48:08 ----SD---- C:\WINDOWS\Tasks 2009-09-19 19:48:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-09-19 19:48:07 ----D---- C:\Program Files\Common Files\MSSoap 2009-09-19 19:48:03 ----D---- C:\WINDOWS\srchasst 2009-09-19 19:48:02 ----D---- C:\WINDOWS\system32\Macromed 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-09-19 19:47:58 ----N---- C:\WINDOWS\system32\wuauclt.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wups.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-09-19 19:47:57 ----N---- C:\WINDOWS\system32\qmgr.dll 2009-09-19 19:47:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-09-19 19:47:54 ----D---- C:\Program Files\Movie Maker 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-09-19 19:47:45 ----N---- C:\WINDOWS\system32\srsvc.dll 2009-09-19 19:47:45 ----D---- C:\WINDOWS\system32\Restore 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srclient.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\msconf.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\ils.dll 2009-09-19 19:47:41 ----D---- C:\Program Files\NetMeeting 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-09-19 19:47:40 ----A---- C:\WINDOWS\system32\inetres.dll 2009-09-19 19:47:39 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-09-19 19:47:38 ----N---- C:\WINDOWS\system32\schedsvc.dll 2009-09-19 19:47:38 ----D---- C:\Program Files\Outlook Express 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstask.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\isign32.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-09-19 19:47:31 ----D---- C:\Program Files\Common Files\System 2009-09-19 19:47:30 ----D---- C:\Program Files\Internet Explorer 2009-09-19 19:46:56 ----D---- C:\Program Files\ComPlus Applications 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vbaddin.ini 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vb.ini 2009-09-19 19:46:50 ----D---- C:\WINDOWS\Registration 2009-09-19 19:46:43 ----D---- C:\Program Files\Windows Media Player 2009-09-19 19:46:38 ----D---- C:\Program Files\Messenger 2009-09-19 19:46:34 ----D---- C:\Program Files\MSN Gaming Zone 2009-09-19 19:46:34 ----A---- C:\WINDOWS\system32\write.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\hticons.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avwav.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-09-19 19:46:24 ----A---- C:\WINDOWS\system32\winchat.exe 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\getuname.dll 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\charmap.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\winmine.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\sol.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\calc.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tskill.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\shadow.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\reset.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\regini.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\freecell.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msg.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\logoff.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\stclient.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-09-19 19:46:13 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-09-19 19:46:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-09-19 19:46:06 ----D---- C:\Program Files\Windows NT 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\spider.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-09-19 19:46:04 ----N---- C:\WINDOWS\system32\termsrv.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-09-19 19:46:03 ----D---- C:\WINDOWS\system32\MsDtc 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-09-19 19:46:01 ----D---- C:\WINDOWS\system32\Com 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\colbact.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\comuid.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-09-19 03:40:56 ----A---- C:\WINDOWS\system32\h323log.txt 2009-09-19 03:39:03 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irmon.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irftp.exe 2009-09-19 03:37:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-09-19 03:37:10 ----A---- C:\WINDOWS\system32\usbui.dll 2009-09-19 03:36:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-19 03:36:08 ----SHD---- C:\WINDOWS\Installer 2009-09-19 03:36:08 ----D---- C:\Program Files\Common Files\ODBC 2009-09-19 03:36:08 ----A---- C:\WINDOWS\ODBCINST.INI 2009-09-19 03:36:05 ----D---- C:\Program Files\Common Files\SpeechEngines 2009-09-19 03:36:04 ----RD---- C:\Program Files 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdro.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdycl.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz2.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz1.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcr.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\KBDAL.DLL 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\irclass.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-09-19 03:35:48 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-09-19 03:35:47 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-09-19 03:35:47 ----A---- C:\WINDOWS\system32\batt.dll 2009-09-19 03:35:47 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-09-19 03:35:46 ----A---- C:\WINDOWS\system32\storprop.dll 2009-09-19 03:35:38 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2009-09-19 03:35:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-09-19 03:35:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-09-19 03:35:30 ----RA---- C:\WINDOWS\SET3.tmp 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-19 03:35:19 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-09-19 03:34:58 ----A---- C:\WINDOWS\setuplog.txt 2009-09-19 03:34:55 ----D---- C:\Documents and Settings 2009-09-19 03:34:54 ----SHD---- C:\System Volume Information 2009-09-19 03:33:52 ----RASH---- C:\boot.ini 2009-09-19 03:28:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-19 03:28:46 ----RSD---- C:\WINDOWS\Fonts 2009-09-19 03:28:46 ----RD---- C:\WINDOWS\Web 2009-09-19 03:28:46 ----HD---- C:\WINDOWS\inf 2009-09-19 03:28:46 ----D---- C:\WINDOWS\WinSxS 2009-09-19 03:28:46 ----D---- C:\WINDOWS\twain_32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wins 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wbem 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\usmt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\spool 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ShellExt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\Setup 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ras 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\oobe 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\npp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\IME 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\icsxml 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ias 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\export 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\drivers 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\dhcp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3com_dmi 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3076 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\2052 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1054 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1045 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1042 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1041 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1037 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1033 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1031 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1028 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1025 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system 2009-09-19 03:28:46 ----D---- C:\WINDOWS\security 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Resources 2009-09-19 03:28:46 ----D---- C:\WINDOWS\repair 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Provisioning 2009-09-19 03:28:46 ----D---- C:\WINDOWS\PeerNet 2009-09-19 03:28:46 ----D---- C:\WINDOWS\pchealth 2009-09-19 03:28:46 ----D---- C:\WINDOWS\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msapps 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msagent 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Media 2009-09-19 03:28:46 ----D---- C:\WINDOWS\java 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ime 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Help 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ehome 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Driver Cache 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Debug 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Cursors 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Connection Wizard 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\AppPatch 2009-09-19 03:28:46 ----D---- C:\WINDOWS\addins 2009-09-19 03:28:46 ----D---- C:\WINDOWS ======List of files/folders modified in the last 3 months====== 2009-09-27 17:16:18 ----A---- C:\WINDOWS\system.ini 2009-09-19 20:33:07 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-09-19 82380] R1 avgio;avgio; \??\C:\Programy\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-19 21035] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568] R3 rtl8185;802.11g Wireless LAN PCI Card Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2005-10-20 282240] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 rhqopdelnhmrvr;rhqopdelnhmrvr; \??\C:\WINDOWS\system32\drivers\qbjyiitvnjoq.sys [] S3 ae4uj9z9;ae4uj9z9; C:\WINDOWS\system32\drivers\ae4uj9z9.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programy\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programy\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043] -----------------EOF-----------------

Na chwile obecną dziwnie wygląda sieć przez którą nadal przepływają pakiety (przynajmniej patrząc na ikonkę systemową) i alert o zagrożeniu komputera i propozycji ściągnięcia Antyvirus Pro.

Wątpie żeby miało to jakieś znaczenie, ale tydzień wcześniej wymieniłem płytę głowną którą spaliła burza. Zrobiłem potem format partycji systemowej i zainstalowałem Windows. Druga partycja była bez zmian.

**Posty:** 8001 · przez **Okocza** 26 Wrz 2009, 20:00

otwórz notatnik i wklej:

Kod: Zaznacz wszystko: Files:: c:\windows\system32\drivers\fc6f69ae.sys c:\windows\system32\ec57820.dll c:\windows\system32\262b16c8.dll C:\qkwvgyk.exe C:\enxqglk.exe C:\lcks.exe c:\documents and settings\Windows XP\restorer32_a.exe c:\documents and settings\Windows XP\Dane aplikacji\seres.exe c:\documents and settings\Windows XP\Dane aplikacji\svcst.exe Drivers:: gasfkyubomqchr Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "svchost"=- "mserv"=- "restorer32_a"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "restorer32_a"=-

zapisz jako CFScript.txt i przeciągnij na ikonkę ComboFix - daj log po tej czynności.

przeskanuj na http://www.virustotal.com i daj raport ze skanowania:

c:\windows\system32\drivers\SjyPkt.sys

Autor postu otrzymał pochwałę

**Posty:** 1164 · przez **Aros5** 26 Wrz 2009, 21:37

[code0]https://www.virustotal.com/pl/analisis/24d602b7ddf7718a1f149d35b24c2345d0dde6e8b8a7fdf35062c24a6d13226d-1253868394[/code]

Zapisałem w notatniku, przeciągnąłem, uruchomił się Combofix, log z niego:

Kod: Zaznacz wszystko: ComboFix 09-09-25.01 - Windows XP 2009-09-27 21:26.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.356 [GMT 2:00] Uruchomiony z: c:\documents and settings\Windows XP\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Windows XP\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Windows XP\Dane aplikacji\wiaserva.log c:\documents and settings\Windows XP\oashdihasidhasuidhiasdhiashdiuasdhasd . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-27 do 2009-09-27 ))))))))))))))))))))))))))))))) . 2009-09-27 14:48 . 2008-11-06 00:03 -------- d-----w- C:\SDFix 2009-09-27 07:39 . 2009-09-27 19:29 87168 ----a-w- c:\windows\system32\drivers\fc6f69ae.sys 2009-09-27 07:35 . 2004-08-03 22:44 82944 ---h-tw- c:\windows\system32\ec57820.dll 2009-09-27 07:35 . 2004-08-03 22:44 82944 ---h-tw- c:\windows\system32\262b16c8.dll 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 16:51 . 2009-09-26 16:51 0 ----a-w- c:\windows\nsreg.dat 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 06:51 . 2009-09-26 06:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\RoboForm 2009-09-25 10:10 . 2009-09-25 10:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Last.fm 2009-09-25 10:08 . 2009-09-25 10:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Last.fm 2009-09-24 15:34 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-09-20 13:14 . 2009-09-20 13:15 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\cache 2009-09-20 13:13 . 2009-09-21 07:12 -------- d-----w- c:\windows\SxsCaPendDel 2009-09-20 13:04 . 2009-09-20 13:04 -------- d-----w- c:\windows\system32\LogFiles 2009-09-20 09:53 . 2009-09-22 12:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NexonEU 2009-09-20 09:18 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2009-09-20 09:14 . 2009-09-20 09:16 -------- d-----w- c:\windows\nview 2009-09-20 09:14 . 2004-10-29 14:50 172032 ----a-w- c:\windows\system32\nvudisp.exe 2009-09-20 09:14 . 2009-09-20 09:14 -------- d-----w- C:\NVIDIA 2009-09-20 07:23 . 2009-09-20 07:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Opera 2009-09-19 19:00 . 2009-09-19 19:00 12328 ----a-w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-09-19 18:47 . 2009-09-27 16:44 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 18:46 . 2009-09-19 18:46 -------- d-----w- C:\profiles 2009-09-19 18:45 . 2009-09-19 18:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-19 18:45 . 2009-09-19 19:01 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 18:44 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-19 18:44 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-19 18:44 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-19 18:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-19 18:44 . 2009-09-19 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-09-19 18:36 . 2009-09-19 18:36 -------- d-----w- c:\program files\hp deskjet 3320 series 2009-09-19 18:36 . 2002-07-10 17:02 184386 ----a-w- c:\windows\system32\hpzsnt05.dll 2009-09-19 18:35 . 2009-09-19 18:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-09-19 18:34 . 2009-09-19 18:34 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Identities 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 18:33 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-19 18:33 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-09-19 18:32 . 2009-09-27 14:08 -------- d-----w- C:\Programy 2009-09-19 18:32 . 2009-09-19 18:32 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2009-09-19 18:29 . 2009-09-19 18:29 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-09-19 18:28 . 2005-10-20 11:05 282240 ----a-w- c:\windows\system32\drivers\rtl8185.sys 2009-09-19 18:28 . 2002-10-02 07:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys 2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\program files\Nonbrand 2009-09-19 18:18 . 2009-09-19 18:18 -------- d-----w- c:\windows\OPTIONS 2009-09-19 18:18 . 2002-06-13 03:37 45568 ----a-w- c:\windows\system32\drivers\R8139n51.sys 2009-09-19 18:12 . 2009-09-19 18:12 -------- d-----w- c:\program files\Intel 2009-09-19 18:11 . 2009-09-19 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 18:11 . 2009-09-19 18:14 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-19 18:11 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-09-19 18:11 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-09-19 18:10 . 2006-10-11 03:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-27 15:16 . 2009-09-27 15:16 159344 ----a-w- c:\documents and settings\Windows XP\Dane aplikacji\lizkavd.exe 2009-09-27 15:16 . 2009-09-27 15:16 14848 ----a-w- c:\documents and settings\Windows XP\Dane aplikacji\svcst.exe 2009-09-27 15:16 . 2009-09-27 15:16 14848 ----a-w- c:\documents and settings\Windows XP\Dane aplikacji\seres.exe 2009-09-27 15:16 . 2009-09-27 15:16 43520 ----a-w- c:\windows\system32\restorer32_a.exe 2009-09-27 15:16 . 2009-09-27 15:16 43520 ----a-w- c:\documents and settings\Windows XP\restorer32_a.exe 2009-09-26 08:04 . 2009-09-26 08:04 18928 ----a-w- c:\program files\Common Files\bunafot.db 2009-09-26 08:04 . 2009-09-26 08:04 10580 ----a-w- c:\program files\Common Files\cimanuza._sy 2009-09-26 08:04 . 2009-09-26 08:04 10111 ----a-w- c:\program files\Common Files\arimyqov.lib 2009-09-24 07:15 . 2009-09-19 18:48 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Winamp 2009-09-20 09:18 . 2009-09-20 09:18 802 ----a-w- c:\windows\unins000.dat 2009-09-19 18:20 . 2001-10-26 14:15 49492 ----a-w- c:\windows\system32\perfc015.dat 2009-09-19 18:20 . 2001-10-26 14:15 355486 ----a-w- c:\windows\system32\perfh015.dat 2009-09-19 18:15 . 2009-09-19 18:15 -------- d-----w- c:\program files\C-Media 3D Audio 2009-09-19 17:50 . 2009-09-19 17:50 -------- d-----w- c:\program files\microsoft frontpage 2009-09-19 17:48 . 2009-09-19 17:48 -------- d-----w- c:\program files\Usługi online 2009-09-19 17:47 . 2009-09-19 17:47 21856 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="c:\programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416] "avgnt"="c:\programy\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Windows XP\Menu Start\Programy\Autostart\ scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ 802.11g Wireless LAN PCI Card Utility.lnk - c:\program files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2009-9-19 5856256] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programy\\FlashGet universal\\FlashGet.exe"= "c:\\Programy\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "d:\\Gry\\Anno 1701\\Anno1701.exe"= "d:\gry\Combat Arms EU\CombatArms.exe"= d:\gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "d:\gry\Combat Arms EU\Engine.exe"= d:\gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe "d:\\Gry\\Combat Arms EU\\NMService.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [2009-09-19 108289] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-09-19 13532] S2 rhqopdelnhmrvr;rhqopdelnhmrvr;\??\c:\windows\system32\drivers\qbjyiitvnjoq.sys --> c:\windows\system32\drivers\qbjyiitvnjoq.sys [?] . . ------- Skan uzupełniający ------- . IE: &Download All by FlashGet - c:\programy\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\programy\FlashGet universal\ComDlls\Bholink.htm TCP: {B5145816-52AD-463F-BC47-6346AFD352F7} = 192.168.0.2 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-27 21:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fc6f69ae] "ImagePath"="\SystemRoot\System32\drivers\fc6f69ae.sys" . Czas ukończenia: 2009-09-27 21:30 ComboFix-quarantined-files.txt 2009-09-27 19:30 ComboFix2.txt 2009-09-27 15:17 Przed: 8 405 983 232 bajtów wolnych Po: 8 377 020 416 bajtów wolnych Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 152

Nie wiem czy potrzebny, ale nowy z RSIT:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Windows XP at 2009-09-27 21:36:37 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 8 GB (55%) free of 14 GB Total RAM: 511 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:36:39, on 2009-09-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programy\Avira\AntiVir Desktop\sched.exe C:\Programy\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Programy\Avira\AntiVir Desktop\avgnt.exe C:\Programy\DAEMON Tools Lite\daemon.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Programy\Opera\opera.exe C:\Programy\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\Windows XP\Pulpit\RSIT.exe C:\Documents and Settings\Windows XP\Pulpit\Windows XP.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: scandisk.lnk = ? O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ? O8 - Extra context menu item: &Download All by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bholink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B5145816-52AD-463F-BC47-6346AFD352F7}: NameServer = 192.168.0.2 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\avguard.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 3881 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-14 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"=C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 188416] "avgnt"=C:\Programy\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 802.11g Wireless LAN PCI Card Utility.lnk - C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe C:\Documents and Settings\Windows XP\Menu Start\Programy\Autostart scandisk.lnk - C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programy\FlashGet universal\FlashGet.exe"="C:\Programy\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Programy\Nowe Gadu-Gadu\gg.exe"="C:\Programy\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "D:\Gry\Anno 1701\Anno1701.exe"="D:\Gry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "D:\Gry\Combat Arms EU\NMService.exe"="D:\Gry\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" ======List of files/folders created in the last 3 months====== 2009-09-27 21:30:36 ----D---- C:\WINDOWS\temp 2009-09-27 21:30:34 ----A---- C:\ComboFix.txt 2009-09-27 21:26:07 ----A---- C:\WINDOWS\zip.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWSC.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWREG.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\sed.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\PEV.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\grep.exe 2009-09-27 21:25:42 ----D---- C:\ComboFix 2009-09-27 18:53:40 ----D---- C:\WINDOWS\pss 2009-09-27 17:37:13 ----D---- C:\rsit 2009-09-27 17:16:55 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\lizkavd.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe 2009-09-27 17:16:33 ----A---- C:\WINDOWS\system32\restorer32_a.exe 2009-09-27 17:05:00 ----A---- C:\Boot.bak 2009-09-27 17:04:56 ----RASHD---- C:\cmdcons 2009-09-27 17:01:58 ----D---- C:\WINDOWS\ERDNT 2009-09-27 17:01:24 ----D---- C:\Qoobox 2009-09-27 16:48:19 ----D---- C:\SDFix 2009-09-27 09:35:40 ----HT---- C:\WINDOWS\system32\ec57820.dll 2009-09-27 09:35:40 ----HT---- C:\WINDOWS\system32\262b16c8.dll 2009-09-26 18:51:58 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Mozilla 2009-09-26 09:56:36 ----D---- C:\WINDOWS\Minidump 2009-09-26 08:51:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\RoboForm 2009-09-25 12:10:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm 2009-09-20 15:23:45 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\WinRAR 2009-09-20 15:23:14 ----D---- C:\Program Files\WinRAR 2009-09-20 15:13:50 ----D---- C:\WINDOWS\SxsCaPendDel 2009-09-20 15:04:40 ----D---- C:\WINDOWS\system32\LogFiles 2009-09-20 11:53:53 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2009-09-20 11:19:00 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2009-09-20 11:18:58 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2009-09-20 11:18:39 ----D---- C:\WINDOWS\Logs 2009-09-20 11:14:28 ----D---- C:\WINDOWS\nview 2009-09-20 11:14:28 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-09-20 11:14:08 ----D---- C:\NVIDIA 2009-09-20 09:25:07 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Macromedia 2009-09-20 09:25:06 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Adobe 2009-09-20 09:23:51 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Opera 2009-09-19 21:00:41 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 21:00:39 ----D---- C:\Program Files\DAEMON Tools Toolbar 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\px.dll 2009-09-19 20:48:32 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Winamp 2009-09-19 20:47:57 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 20:46:30 ----D---- C:\profiles 2009-09-19 20:45:24 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 20:44:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2009-09-19 20:36:10 ----D---- C:\Program Files\hp deskjet 3320 series 2009-09-19 20:36:01 ----A---- C:\WINDOWS\system32\hpzsnt05.dll 2009-09-19 20:35:21 ----D---- C:\Program Files\Hewlett-Packard 2009-09-19 20:33:18 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 20:33:03 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2009-09-19 20:32:24 ----D---- C:\Programy 2009-09-19 20:29:36 ----A---- C:\WINDOWS\RTacDbg.txt 2009-09-19 20:29:10 ----A---- C:\WINDOWS\system32\results.txt 2009-09-19 20:28:53 ----D---- C:\Program Files\Nonbrand 2009-09-19 20:18:51 ----D---- C:\WINDOWS\OPTIONS 2009-09-19 20:18:04 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmuda.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-09-19 20:15:17 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-09-19 20:15:10 ----A---- C:\WINDOWS\CMISETUP.INI 2009-09-19 20:15:09 ----A---- C:\WINDOWS\CMCDPLAY.INI 2009-09-19 20:15:08 ----A---- C:\WINDOWS\Wininit.ini 2009-09-19 20:15:01 ----D---- C:\Program Files\C-Media 3D Audio 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIUninstall.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CmiRmRedundDir.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIRmDriver.dll 2009-09-19 20:12:11 ----D---- C:\Program Files\Intel 2009-09-19 20:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-19 20:11:44 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 20:11:39 ----D---- C:\Program Files\Common Files\InstallShield 2009-09-19 20:01:35 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Identities 2009-09-19 20:01:33 ----HD---- C:\Program Files\Uninstall Information 2009-09-19 20:01:28 ----ASH---- C:\Documents and Settings\Windows XP\Dane aplikacji\desktop.ini 2009-09-19 20:01:27 ----SD---- C:\Documents and Settings\Windows XP\Dane aplikacji\Microsoft 2009-09-19 19:54:13 ----D---- C:\WINDOWS\SoftwareDistribution 2009-09-19 19:54:12 ----SD---- C:\WINDOWS\system32\Microsoft 2009-09-19 19:54:12 ----D---- C:\WINDOWS\Prefetch 2009-09-19 19:54:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-19 19:50:44 ----D---- C:\WINDOWS\system32\xircom 2009-09-19 19:50:44 ----D---- C:\Program Files\xerox 2009-09-19 19:50:44 ----D---- C:\Program Files\microsoft frontpage 2009-09-19 19:50:22 ----A---- C:\WINDOWS\control.ini 2009-09-19 19:50:22 ----A---- C:\AUTOEXEC.BAT 2009-09-19 19:50:07 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-19 19:50:03 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-09-19 19:49:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-19 19:49:11 ----RD---- C:\WINDOWS\Offline Web Pages 2009-09-19 19:49:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-09-19 19:49:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-09-19 19:49:00 ----HD---- C:\Program Files\WindowsUpdate 2009-09-19 19:48:57 ----D---- C:\Program Files\Usługi online 2009-09-19 19:48:42 ----D---- C:\WINDOWS\system32\DirectX 2009-09-19 19:48:22 ----A---- C:\WINDOWS\system32\atrace.dll 2009-09-19 19:48:19 ----A---- C:\WINDOWS\system32\desktop.ini 2009-09-19 19:48:19 ----A---- C:\WINDOWS\desktop.ini 2009-09-19 19:48:13 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-09-19 19:48:11 ----D---- C:\Program Files\Common Files\Services 2009-09-19 19:48:11 ----A---- C:\WINDOWS\system32\acctres.dll 2009-09-19 19:48:08 ----SD---- C:\WINDOWS\Tasks 2009-09-19 19:48:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-09-19 19:48:07 ----D---- C:\Program Files\Common Files\MSSoap 2009-09-19 19:48:03 ----D---- C:\WINDOWS\srchasst 2009-09-19 19:48:02 ----D---- C:\WINDOWS\system32\Macromed 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-09-19 19:47:58 ----N---- C:\WINDOWS\system32\wuauclt.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wups.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-09-19 19:47:57 ----N---- C:\WINDOWS\system32\qmgr.dll 2009-09-19 19:47:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-09-19 19:47:54 ----D---- C:\Program Files\Movie Maker 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-09-19 19:47:45 ----N---- C:\WINDOWS\system32\srsvc.dll 2009-09-19 19:47:45 ----D---- C:\WINDOWS\system32\Restore 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srclient.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\msconf.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\ils.dll 2009-09-19 19:47:41 ----D---- C:\Program Files\NetMeeting 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-09-19 19:47:40 ----A---- C:\WINDOWS\system32\inetres.dll 2009-09-19 19:47:39 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-09-19 19:47:38 ----N---- C:\WINDOWS\system32\schedsvc.dll 2009-09-19 19:47:38 ----D---- C:\Program Files\Outlook Express 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstask.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\isign32.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-09-19 19:47:31 ----D---- C:\Program Files\Common Files\System 2009-09-19 19:47:30 ----D---- C:\Program Files\Internet Explorer 2009-09-19 19:46:56 ----D---- C:\Program Files\ComPlus Applications 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vbaddin.ini 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vb.ini 2009-09-19 19:46:50 ----D---- C:\WINDOWS\Registration 2009-09-19 19:46:43 ----D---- C:\Program Files\Windows Media Player 2009-09-19 19:46:38 ----D---- C:\Program Files\Messenger 2009-09-19 19:46:34 ----D---- C:\Program Files\MSN Gaming Zone 2009-09-19 19:46:34 ----A---- C:\WINDOWS\system32\write.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\hticons.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avwav.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-09-19 19:46:24 ----A---- C:\WINDOWS\system32\winchat.exe 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\getuname.dll 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\charmap.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\winmine.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\sol.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\calc.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tskill.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\shadow.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\reset.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\regini.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\freecell.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msg.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\logoff.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\stclient.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-09-19 19:46:13 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-09-19 19:46:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-09-19 19:46:06 ----D---- C:\Program Files\Windows NT 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\spider.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-09-19 19:46:04 ----N---- C:\WINDOWS\system32\termsrv.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-09-19 19:46:03 ----D---- C:\WINDOWS\system32\MsDtc 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-09-19 19:46:01 ----D---- C:\WINDOWS\system32\Com 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\colbact.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\comuid.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-09-19 03:40:56 ----A---- C:\WINDOWS\system32\h323log.txt 2009-09-19 03:39:03 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irmon.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irftp.exe 2009-09-19 03:37:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-09-19 03:37:10 ----A---- C:\WINDOWS\system32\usbui.dll 2009-09-19 03:36:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-19 03:36:08 ----SHD---- C:\WINDOWS\Installer 2009-09-19 03:36:08 ----D---- C:\Program Files\Common Files\ODBC 2009-09-19 03:36:08 ----A---- C:\WINDOWS\ODBCINST.INI 2009-09-19 03:36:05 ----D---- C:\Program Files\Common Files\SpeechEngines 2009-09-19 03:36:04 ----RD---- C:\Program Files 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdro.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdycl.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz2.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz1.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcr.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\KBDAL.DLL 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\irclass.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-09-19 03:35:48 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-09-19 03:35:47 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-09-19 03:35:47 ----A---- C:\WINDOWS\system32\batt.dll 2009-09-19 03:35:47 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-09-19 03:35:46 ----A---- C:\WINDOWS\system32\storprop.dll 2009-09-19 03:35:38 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2009-09-19 03:35:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-09-19 03:35:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-09-19 03:35:30 ----RA---- C:\WINDOWS\SET3.tmp 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-19 03:35:19 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-09-19 03:34:58 ----A---- C:\WINDOWS\setuplog.txt 2009-09-19 03:34:55 ----D---- C:\Documents and Settings 2009-09-19 03:34:54 ----SHD---- C:\System Volume Information 2009-09-19 03:33:52 ----RASH---- C:\boot.ini 2009-09-19 03:28:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-19 03:28:46 ----RSD---- C:\WINDOWS\Fonts 2009-09-19 03:28:46 ----RD---- C:\WINDOWS\Web 2009-09-19 03:28:46 ----HD---- C:\WINDOWS\inf 2009-09-19 03:28:46 ----D---- C:\WINDOWS\WinSxS 2009-09-19 03:28:46 ----D---- C:\WINDOWS\twain_32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wins 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wbem 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\usmt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\spool 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ShellExt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\Setup 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ras 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\oobe 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\npp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\IME 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\icsxml 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ias 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\export 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\drivers 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\dhcp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3com_dmi 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3076 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\2052 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1054 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1045 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1042 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1041 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1037 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1033 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1031 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1028 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1025 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system 2009-09-19 03:28:46 ----D---- C:\WINDOWS\security 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Resources 2009-09-19 03:28:46 ----D---- C:\WINDOWS\repair 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Provisioning 2009-09-19 03:28:46 ----D---- C:\WINDOWS\PeerNet 2009-09-19 03:28:46 ----D---- C:\WINDOWS\pchealth 2009-09-19 03:28:46 ----D---- C:\WINDOWS\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msapps 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msagent 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Media 2009-09-19 03:28:46 ----D---- C:\WINDOWS\java 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ime 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Help 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ehome 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Driver Cache 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Debug 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Cursors 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Connection Wizard 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\AppPatch 2009-09-19 03:28:46 ----D---- C:\WINDOWS\addins 2009-09-19 03:28:46 ----D---- C:\WINDOWS ======List of files/folders modified in the last 3 months====== 2009-09-27 21:29:37 ----A---- C:\WINDOWS\system.ini 2009-09-19 20:33:07 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-09-19 82380] R1 avgio;avgio; \??\C:\Programy\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-19 21035] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R3 catchme;catchme; \??\C:\DOCUME~1\WINDOW~1\USTAWI~1\Temp\catchme.sys [] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568] R3 rtl8185;802.11g Wireless LAN PCI Card Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2005-10-20 282240] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 rhqopdelnhmrvr;rhqopdelnhmrvr; \??\C:\WINDOWS\system32\drivers\qbjyiitvnjoq.sys [] S3 ae4uj9z9;ae4uj9z9; C:\WINDOWS\system32\drivers\ae4uj9z9.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programy\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programy\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043] -----------------EOF-----------------

Sieć niestety dalej przesyła non stop pakiety, ale już nie ma komunikatów Antivirus Pro

**Posty:** 8001 · przez **Okocza** 26 Wrz 2009, 21:55

pobierz narzędzie The Avenger i wklej w głównym oknie programu - białym polu.

Kod: Zaznacz wszystko: Files To Delete: c:\windows\system32\drivers\fc6f69ae.sys c:\windows\system32\ec57820.dll c:\windows\system32\262b16c8.dll c:\program files\Common Files\bunafot.db c:\program files\Common Files\cimanuza._sy c:\program files\Common Files\arimyqov.lib

kliknij execute - daj log z RSIT po tym skanie

**Posty:** 1164 · przez **Aros5** 26 Wrz 2009, 22:44

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Windows XP at 2009-09-27 22:42:32 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 8 GB (55%) free of 14 GB Total RAM: 511 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:36, on 2009-09-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programy\Avira\AntiVir Desktop\sched.exe C:\Programy\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Programy\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Programy\DAEMON Tools Lite\daemon.exe C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Windows XP\Pulpit\RSIT.exe C:\Documents and Settings\Windows XP\Pulpit\Windows XP.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: scandisk.lnk = ? O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ? O8 - Extra context menu item: &Download All by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programy\FlashGet universal\ComDlls\Bholink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B5145816-52AD-463F-BC47-6346AFD352F7}: NameServer = 192.168.0.2 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programy\Avira\AntiVir Desktop\avguard.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 3990 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-14 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"=C:\Programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 188416] "avgnt"=C:\Programy\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 802.11g Wireless LAN PCI Card Utility.lnk - C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe C:\Documents and Settings\Windows XP\Menu Start\Programy\Autostart scandisk.lnk - C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programy\FlashGet universal\FlashGet.exe"="C:\Programy\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Programy\Nowe Gadu-Gadu\gg.exe"="C:\Programy\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "D:\Gry\Anno 1701\Anno1701.exe"="D:\Gry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "D:\Gry\Combat Arms EU\NMService.exe"="D:\Gry\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Gry\Combat Arms EU\CombatArms.exe"="D:\Gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Gry\Combat Arms EU\Engine.exe"="D:\Gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" ======List of files/folders created in the last 3 months====== 2009-09-27 22:41:25 ----D---- C:\Avenger 2009-09-27 22:41:25 ----A---- C:\avenger.txt 2009-09-27 21:30:36 ----D---- C:\WINDOWS\temp 2009-09-27 21:30:34 ----A---- C:\ComboFix.txt 2009-09-27 21:26:07 ----A---- C:\WINDOWS\zip.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWSC.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\SWREG.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\sed.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\PEV.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-27 21:26:07 ----A---- C:\WINDOWS\grep.exe 2009-09-27 21:25:42 ----D---- C:\ComboFix 2009-09-27 18:53:40 ----D---- C:\WINDOWS\pss 2009-09-27 17:37:13 ----D---- C:\rsit 2009-09-27 17:16:55 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\lizkavd.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe 2009-09-27 17:16:41 ----A---- C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe 2009-09-27 17:16:33 ----A---- C:\WINDOWS\system32\restorer32_a.exe 2009-09-27 17:05:00 ----A---- C:\Boot.bak 2009-09-27 17:04:56 ----RASHD---- C:\cmdcons 2009-09-27 17:01:58 ----D---- C:\WINDOWS\ERDNT 2009-09-27 17:01:24 ----D---- C:\Qoobox 2009-09-27 16:48:19 ----D---- C:\SDFix 2009-09-26 18:51:58 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 18:51:46 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Mozilla 2009-09-26 09:56:36 ----D---- C:\WINDOWS\Minidump 2009-09-26 08:51:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\RoboForm 2009-09-25 12:10:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm 2009-09-20 15:23:45 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\WinRAR 2009-09-20 15:23:14 ----D---- C:\Program Files\WinRAR 2009-09-20 15:13:50 ----D---- C:\WINDOWS\SxsCaPendDel 2009-09-20 15:04:40 ----D---- C:\WINDOWS\system32\LogFiles 2009-09-20 11:53:53 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-09-20 11:19:12 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-09-20 11:19:11 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-09-20 11:19:10 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2009-09-20 11:19:09 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2009-09-20 11:19:08 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2009-09-20 11:19:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2009-09-20 11:19:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-09-20 11:19:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-09-20 11:19:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2009-09-20 11:19:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2009-09-20 11:19:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2009-09-20 11:19:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2009-09-20 11:19:00 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2009-09-20 11:18:59 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2009-09-20 11:18:58 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2009-09-20 11:18:57 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-09-20 11:18:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2009-09-20 11:18:55 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2009-09-20 11:18:54 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2009-09-20 11:18:53 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2009-09-20 11:18:52 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-09-20 11:18:51 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2009-09-20 11:18:39 ----D---- C:\WINDOWS\Logs 2009-09-20 11:14:28 ----D---- C:\WINDOWS\nview 2009-09-20 11:14:28 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-09-20 11:14:08 ----D---- C:\NVIDIA 2009-09-20 09:25:07 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Macromedia 2009-09-20 09:25:06 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Adobe 2009-09-20 09:23:51 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Opera 2009-09-19 21:00:41 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 21:00:39 ----D---- C:\Program Files\DAEMON Tools Toolbar 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-09-19 20:48:36 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-09-19 20:48:35 ----N---- C:\WINDOWS\system32\px.dll 2009-09-19 20:48:32 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Winamp 2009-09-19 20:47:57 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 20:46:30 ----D---- C:\profiles 2009-09-19 20:45:24 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 20:44:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2009-09-19 20:36:10 ----D---- C:\Program Files\hp deskjet 3320 series 2009-09-19 20:36:01 ----A---- C:\WINDOWS\system32\hpzsnt05.dll 2009-09-19 20:35:21 ----D---- C:\Program Files\Hewlett-Packard 2009-09-19 20:33:18 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 20:33:03 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2009-09-19 20:32:24 ----D---- C:\Programy 2009-09-19 20:29:36 ----A---- C:\WINDOWS\RTacDbg.txt 2009-09-19 20:29:10 ----A---- C:\WINDOWS\system32\results.txt 2009-09-19 20:28:53 ----D---- C:\Program Files\Nonbrand 2009-09-19 20:18:51 ----D---- C:\WINDOWS\OPTIONS 2009-09-19 20:18:04 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmuda.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-09-19 20:15:18 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-09-19 20:15:17 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-09-19 20:15:10 ----A---- C:\WINDOWS\CMISETUP.INI 2009-09-19 20:15:09 ----A---- C:\WINDOWS\CMCDPLAY.INI 2009-09-19 20:15:08 ----A---- C:\WINDOWS\Wininit.ini 2009-09-19 20:15:01 ----D---- C:\Program Files\C-Media 3D Audio 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIUninstall.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CmiRmRedundDir.exe 2009-09-19 20:15:01 ----A---- C:\WINDOWS\CMIRmDriver.dll 2009-09-19 20:12:11 ----D---- C:\Program Files\Intel 2009-09-19 20:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-19 20:11:44 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 20:11:39 ----D---- C:\Program Files\Common Files\InstallShield 2009-09-19 20:01:35 ----D---- C:\Documents and Settings\Windows XP\Dane aplikacji\Identities 2009-09-19 20:01:33 ----HD---- C:\Program Files\Uninstall Information 2009-09-19 20:01:28 ----ASH---- C:\Documents and Settings\Windows XP\Dane aplikacji\desktop.ini 2009-09-19 20:01:27 ----SD---- C:\Documents and Settings\Windows XP\Dane aplikacji\Microsoft 2009-09-19 19:54:13 ----D---- C:\WINDOWS\SoftwareDistribution 2009-09-19 19:54:12 ----SD---- C:\WINDOWS\system32\Microsoft 2009-09-19 19:54:12 ----D---- C:\WINDOWS\Prefetch 2009-09-19 19:54:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-19 19:50:44 ----D---- C:\WINDOWS\system32\xircom 2009-09-19 19:50:44 ----D---- C:\Program Files\xerox 2009-09-19 19:50:44 ----D---- C:\Program Files\microsoft frontpage 2009-09-19 19:50:22 ----A---- C:\WINDOWS\control.ini 2009-09-19 19:50:22 ----A---- C:\AUTOEXEC.BAT 2009-09-19 19:50:07 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-19 19:50:03 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-09-19 19:49:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-19 19:49:11 ----RD---- C:\WINDOWS\Offline Web Pages 2009-09-19 19:49:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-09-19 19:49:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-09-19 19:49:00 ----HD---- C:\Program Files\WindowsUpdate 2009-09-19 19:48:57 ----D---- C:\Program Files\Usługi online 2009-09-19 19:48:42 ----D---- C:\WINDOWS\system32\DirectX 2009-09-19 19:48:22 ----A---- C:\WINDOWS\system32\atrace.dll 2009-09-19 19:48:19 ----A---- C:\WINDOWS\system32\desktop.ini 2009-09-19 19:48:19 ----A---- C:\WINDOWS\desktop.ini 2009-09-19 19:48:13 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-09-19 19:48:11 ----D---- C:\Program Files\Common Files\Services 2009-09-19 19:48:11 ----A---- C:\WINDOWS\system32\acctres.dll 2009-09-19 19:48:08 ----SD---- C:\WINDOWS\Tasks 2009-09-19 19:48:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-09-19 19:48:07 ----D---- C:\Program Files\Common Files\MSSoap 2009-09-19 19:48:03 ----D---- C:\WINDOWS\srchasst 2009-09-19 19:48:02 ----D---- C:\WINDOWS\system32\Macromed 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-09-19 19:47:59 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-09-19 19:47:58 ----N---- C:\WINDOWS\system32\wuauclt.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wups.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-09-19 19:47:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-09-19 19:47:57 ----N---- C:\WINDOWS\system32\qmgr.dll 2009-09-19 19:47:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-09-19 19:47:54 ----D---- C:\Program Files\Movie Maker 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-09-19 19:47:50 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-09-19 19:47:46 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-09-19 19:47:45 ----N---- C:\WINDOWS\system32\srsvc.dll 2009-09-19 19:47:45 ----D---- C:\WINDOWS\system32\Restore 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-09-19 19:47:45 ----A---- C:\WINDOWS\system32\srclient.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\msconf.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-09-19 19:47:44 ----A---- C:\WINDOWS\system32\ils.dll 2009-09-19 19:47:41 ----D---- C:\Program Files\NetMeeting 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-09-19 19:47:41 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-09-19 19:47:40 ----A---- C:\WINDOWS\system32\inetres.dll 2009-09-19 19:47:39 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-09-19 19:47:38 ----N---- C:\WINDOWS\system32\schedsvc.dll 2009-09-19 19:47:38 ----D---- C:\Program Files\Outlook Express 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\mstask.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\isign32.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-09-19 19:47:37 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-09-19 19:47:31 ----D---- C:\Program Files\Common Files\System 2009-09-19 19:47:30 ----D---- C:\Program Files\Internet Explorer 2009-09-19 19:46:56 ----D---- C:\Program Files\ComPlus Applications 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vbaddin.ini 2009-09-19 19:46:54 ----A---- C:\WINDOWS\vb.ini 2009-09-19 19:46:50 ----D---- C:\WINDOWS\Registration 2009-09-19 19:46:43 ----D---- C:\Program Files\Windows Media Player 2009-09-19 19:46:38 ----D---- C:\Program Files\Messenger 2009-09-19 19:46:34 ----D---- C:\Program Files\MSN Gaming Zone 2009-09-19 19:46:34 ----A---- C:\WINDOWS\system32\write.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\hticons.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avwav.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-09-19 19:46:25 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-09-19 19:46:24 ----A---- C:\WINDOWS\system32\winchat.exe 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\getuname.dll 2009-09-19 19:46:18 ----A---- C:\WINDOWS\system32\charmap.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\winmine.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\sol.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-09-19 19:46:17 ----A---- C:\WINDOWS\system32\calc.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tskill.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\tscon.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\shadow.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\reset.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\regini.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-09-19 19:46:16 ----A---- C:\WINDOWS\system32\freecell.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msg.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\logoff.exe 2009-09-19 19:46:15 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\stclient.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-09-19 19:46:14 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-09-19 19:46:13 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-09-19 19:46:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-09-19 19:46:07 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-09-19 19:46:06 ----D---- C:\Program Files\Windows NT 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-09-19 19:46:06 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\spider.exe 2009-09-19 19:46:05 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-09-19 19:46:04 ----N---- C:\WINDOWS\system32\termsrv.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-09-19 19:46:04 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-09-19 19:46:03 ----D---- C:\WINDOWS\system32\MsDtc 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-09-19 19:46:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-09-19 19:46:02 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-09-19 19:46:01 ----D---- C:\WINDOWS\system32\Com 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\colbact.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-09-19 19:46:01 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-09-19 19:46:00 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\comuid.dll 2009-09-19 19:45:59 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-09-19 19:45:53 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-09-19 03:40:56 ----A---- C:\WINDOWS\system32\h323log.txt 2009-09-19 03:39:03 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irmon.dll 2009-09-19 03:38:00 ----A---- C:\WINDOWS\system32\irftp.exe 2009-09-19 03:37:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-09-19 03:37:10 ----A---- C:\WINDOWS\system32\usbui.dll 2009-09-19 03:36:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-19 03:36:08 ----SHD---- C:\WINDOWS\Installer 2009-09-19 03:36:08 ----D---- C:\Program Files\Common Files\ODBC 2009-09-19 03:36:08 ----A---- C:\WINDOWS\ODBCINST.INI 2009-09-19 03:36:05 ----D---- C:\Program Files\Common Files\SpeechEngines 2009-09-19 03:36:04 ----RD---- C:\Program Files 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-09-19 03:36:04 ----D---- C:\Program Files\Common Files 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-09-19 03:36:01 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-09-19 03:35:59 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-09-19 03:35:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-09-19 03:35:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-09-19 03:35:55 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdsl.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdro.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu1.dll 2009-09-19 03:35:52 ----A---- C:\WINDOWS\system32\kbdhu.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdycl.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz2.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz1.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcz.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\kbdcr.dll 2009-09-19 03:35:51 ----A---- C:\WINDOWS\system32\KBDAL.DLL 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\irclass.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-09-19 03:35:50 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-09-19 03:35:48 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-09-19 03:35:47 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-09-19 03:35:47 ----A---- C:\WINDOWS\system32\batt.dll 2009-09-19 03:35:47 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-09-19 03:35:46 ----A---- C:\WINDOWS\system32\storprop.dll 2009-09-19 03:35:38 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2009-09-19 03:35:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-09-19 03:35:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-09-19 03:35:30 ----RA---- C:\WINDOWS\SET3.tmp 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-19 03:35:24 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-19 03:35:19 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-09-19 03:34:58 ----A---- C:\WINDOWS\setuplog.txt 2009-09-19 03:34:55 ----D---- C:\Documents and Settings 2009-09-19 03:34:54 ----SHD---- C:\System Volume Information 2009-09-19 03:33:52 ----RASH---- C:\boot.ini 2009-09-19 03:28:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-19 03:28:46 ----RSD---- C:\WINDOWS\Fonts 2009-09-19 03:28:46 ----RD---- C:\WINDOWS\Web 2009-09-19 03:28:46 ----HD---- C:\WINDOWS\inf 2009-09-19 03:28:46 ----D---- C:\WINDOWS\WinSxS 2009-09-19 03:28:46 ----D---- C:\WINDOWS\twain_32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wins 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\wbem 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\usmt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\spool 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ShellExt 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\Setup 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ras 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\oobe 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\npp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\IME 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\icsxml 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\ias 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\export 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\drivers 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\dhcp 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3com_dmi 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\3076 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\2052 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1054 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1045 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1042 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1041 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1037 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1033 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1031 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1028 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32\1025 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system32 2009-09-19 03:28:46 ----D---- C:\WINDOWS\system 2009-09-19 03:28:46 ----D---- C:\WINDOWS\security 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Resources 2009-09-19 03:28:46 ----D---- C:\WINDOWS\repair 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Provisioning 2009-09-19 03:28:46 ----D---- C:\WINDOWS\PeerNet 2009-09-19 03:28:46 ----D---- C:\WINDOWS\pchealth 2009-09-19 03:28:46 ----D---- C:\WINDOWS\mui 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msapps 2009-09-19 03:28:46 ----D---- C:\WINDOWS\msagent 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Media 2009-09-19 03:28:46 ----D---- C:\WINDOWS\java 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ime 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Help 2009-09-19 03:28:46 ----D---- C:\WINDOWS\ehome 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Driver Cache 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Debug 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Cursors 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Connection Wizard 2009-09-19 03:28:46 ----D---- C:\WINDOWS\Config 2009-09-19 03:28:46 ----D---- C:\WINDOWS\AppPatch 2009-09-19 03:28:46 ----D---- C:\WINDOWS\addins 2009-09-19 03:28:46 ----D---- C:\WINDOWS ======List of files/folders modified in the last 3 months====== 2009-09-27 21:29:37 ----A---- C:\WINDOWS\system.ini 2009-09-19 20:33:07 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-09-19 82380] R1 avgio;avgio; \??\C:\Programy\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-19 21035] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568] R3 rtl8185;802.11g Wireless LAN PCI Card Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2005-10-20 282240] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 fc6f69ae;fc6f69ae; C:\WINDOWS\System32\drivers\fc6f69ae.sys [] S2 rhqopdelnhmrvr;rhqopdelnhmrvr; \??\C:\WINDOWS\system32\drivers\qbjyiitvnjoq.sys [] S3 ay3xm6kw;ay3xm6kw; C:\WINDOWS\system32\drivers\ay3xm6kw.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\WINDOW~1\USTAWI~1\Temp\catchme.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programy\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programy\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043] -----------------EOF-----------------

Sieć wygląda dobrze.

Coś jeszcze do odsyfienia ?

**Posty:** 18165 · przez **wojtas** 27 Wrz 2009, 00:49

uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:

C:\WINDOWS\System32\drivers\fc6f69ae.sys
c:\windows\system32\drivers\qbjyiitvnjoq.sys
C:\Documents and Settings\Windows XP\Dane aplikacji\lizkavd.exe
C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe
C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\system32\drivers\ay3xm6kw.sys

Drivers to unload:

rhqopdelnhmrvr
fc6f69ae;fc6f69ae
ay3xm6kw

Registry keys to delete:

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fc6f69ae

Klikasz Execute,

wklejasz na forum raport: C:\avenger.txt + combofix

**Posty:** 1164 · przez **Aros5** 27 Wrz 2009, 10:01

Kod: Zaznacz wszystko: ComboFix 09-09-25.01 - Windows XP 2009-09-28 9:55.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.218 [GMT 2:00] Uruchomiony z: c:\documents and settings\Windows XP\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-28 do 2009-09-28 ))))))))))))))))))))))))))))))) . 2009-09-27 15:37 . 2009-09-27 15:37 -------- d-----w- C:\rsit 2009-09-27 15:16 . 2009-09-27 15:16 43520 ----a-w- c:\documents and settings\Windows XP\restorer32_a.exe 2009-09-27 14:48 . 2008-11-06 00:03 -------- d-----w- C:\SDFix 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Talkback 2009-09-26 16:51 . 2009-09-26 16:51 0 ----a-w- c:\windows\nsreg.dat 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-09-26 16:51 . 2009-09-26 16:51 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Thunderbird 2009-09-26 06:51 . 2009-09-26 06:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\RoboForm 2009-09-25 10:10 . 2009-09-25 10:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Last.fm 2009-09-25 10:08 . 2009-09-25 10:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Last.fm 2009-09-24 15:34 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-09-20 13:14 . 2009-09-20 13:15 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\cache 2009-09-20 13:13 . 2009-09-21 07:12 -------- d-----w- c:\windows\SxsCaPendDel 2009-09-20 13:04 . 2009-09-20 13:04 -------- d-----w- c:\windows\system32\LogFiles 2009-09-20 09:53 . 2009-09-22 12:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NexonEU 2009-09-20 09:18 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2009-09-20 09:14 . 2009-09-20 09:16 -------- d-----w- c:\windows\nview 2009-09-20 09:14 . 2004-10-29 14:50 172032 ----a-w- c:\windows\system32\nvudisp.exe 2009-09-20 09:14 . 2009-09-20 09:14 -------- d-----w- C:\NVIDIA 2009-09-20 07:23 . 2009-09-20 07:23 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Opera 2009-09-19 19:00 . 2009-09-19 19:00 12328 ----a-w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-09-19 19:00 . 2009-09-19 19:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-09-19 18:47 . 2009-09-27 16:44 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Nowe Gadu-Gadu 2009-09-19 18:46 . 2009-09-19 18:46 -------- d-----w- C:\profiles 2009-09-19 18:45 . 2009-09-19 18:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-19 18:45 . 2009-09-19 19:01 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\DAEMON Tools Lite 2009-09-19 18:44 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-19 18:44 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-19 18:44 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-19 18:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-19 18:44 . 2009-09-19 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-09-19 18:36 . 2009-09-19 18:36 -------- d-----w- c:\program files\hp deskjet 3320 series 2009-09-19 18:36 . 2002-07-10 17:02 184386 ----a-w- c:\windows\system32\hpzsnt05.dll 2009-09-19 18:35 . 2009-09-19 18:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-09-19 18:34 . 2009-09-19 18:34 -------- d-----w- c:\documents and settings\Windows XP\Ustawienia lokalne\Dane aplikacji\Identities 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Folder przesyłania Share-to-Web 2009-09-19 18:33 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-19 18:33 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-19 18:33 . 2009-09-19 18:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-09-19 18:32 . 2009-09-27 14:08 -------- d-----w- C:\Programy 2009-09-19 18:32 . 2009-09-19 18:32 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2009-09-19 18:29 . 2009-09-19 18:29 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-09-19 18:28 . 2005-10-20 11:05 282240 ----a-w- c:\windows\system32\drivers\rtl8185.sys 2009-09-19 18:28 . 2002-10-02 07:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys 2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\program files\Nonbrand 2009-09-19 18:18 . 2009-09-19 18:18 -------- d-----w- c:\windows\OPTIONS 2009-09-19 18:18 . 2002-06-13 03:37 45568 ----a-w- c:\windows\system32\drivers\R8139n51.sys 2009-09-19 18:12 . 2009-09-19 18:12 -------- d-----w- c:\program files\Intel 2009-09-19 18:11 . 2009-09-19 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 18:11 . 2009-09-19 18:14 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-19 18:11 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-09-19 18:11 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-09-19 18:10 . 2006-10-11 03:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-24 07:15 . 2009-09-19 18:48 -------- d-----w- c:\documents and settings\Windows XP\Dane aplikacji\Winamp 2009-09-20 09:18 . 2009-09-20 09:18 802 ----a-w- c:\windows\unins000.dat 2009-09-19 18:20 . 2001-10-26 14:15 49492 ----a-w- c:\windows\system32\perfc015.dat 2009-09-19 18:20 . 2001-10-26 14:15 355486 ----a-w- c:\windows\system32\perfh015.dat 2009-09-19 18:15 . 2009-09-19 18:15 -------- d-----w- c:\program files\C-Media 3D Audio 2009-09-19 17:50 . 2009-09-19 17:50 -------- d-----w- c:\program files\microsoft frontpage 2009-09-19 17:48 . 2009-09-19 17:48 -------- d-----w- c:\program files\Usługi online 2009-09-19 17:47 . 2009-09-19 17:47 21856 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="c:\programy\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416] "avgnt"="c:\programy\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Windows XP\Menu Start\Programy\Autostart\ scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ 802.11g Wireless LAN PCI Card Utility.lnk - c:\program files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2009-9-19 5856256] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programy\\FlashGet universal\\FlashGet.exe"= "c:\\Programy\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "d:\\Gry\\Anno 1701\\Anno1701.exe"= "d:\gry\Combat Arms EU\CombatArms.exe"= d:\gry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "d:\gry\Combat Arms EU\Engine.exe"= d:\gry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe "d:\\Gry\\Combat Arms EU\\NMService.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [2009-09-19 108289] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-09-19 13532] . . ------- Skan uzupełniający ------- . IE: &Download All by FlashGet - c:\programy\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\programy\FlashGet universal\ComDlls\Bholink.htm TCP: {B5145816-52AD-463F-BC47-6346AFD352F7} = 192.168.0.2 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-28 09:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-09-28 9:59 ComboFix-quarantined-files.txt 2009-09-28 07:59 ComboFix2.txt 2009-09-27 19:30 ComboFix3.txt 2009-09-27 15:17 Przed: 8 369 836 032 bajtów wolnych Po: 8 341 635 072 bajtów wolnych Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 135

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\System32\drivers\fc6f69ae.sys" not found! Deletion of file "C:\WINDOWS\System32\drivers\fc6f69ae.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\qbjyiitvnjoq.sys" not found! Deletion of file "c:\windows\system32\drivers\qbjyiitvnjoq.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Documents and Settings\Windows XP\Dane aplikacji\lizkavd.exe" deleted successfully. File "C:\Documents and Settings\Windows XP\Dane aplikacji\svcst.exe" deleted successfully. File "C:\Documents and Settings\Windows XP\Dane aplikacji\seres.exe" deleted successfully. File "C:\WINDOWS\system32\restorer32_a.exe" deleted successfully. Error: file "C:\WINDOWS\system32\drivers\ay3xm6kw.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\ay3xm6kw.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "rhqopdelnhmrvr" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\fc6f69ae;fc6f69ae" not found! Deletion of driver "fc6f69ae;fc6f69ae" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ay3xm6kw" not found! Deletion of driver "ay3xm6kw" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fc6f69ae" deleted successfully. Completed script processing. ******************* Finished! Terminate.

**Posty:** 18165 · przez **wojtas** 27 Wrz 2009, 10:14

wklej do avengera:

Files to delete:

c:\documents and settings\Windows XP\restorer32_a.exe
c:\documents and settings\Windows XP\Menu Start\Programy\Autostart\
scandisk.lnk

Klikasz Execute,

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

**Posty:** 1164 · przez **Aros5** 27 Wrz 2009, 14:08

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2864 Windows 5.1.2600 Dodatek Service Pack 2 2009-09-28 10:30:58 mbam-log-2009-09-28 (10-30-58).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 83118 Upłynęło: 2 minute(s), 28 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 2 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\Windows XP\Menu Start\Programy\Autostart\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Kod: Zaznacz wszystko: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: raport skanowania poniedziałek, 28 wrzesień 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.13 Data ostatniej aktualizacji baz danych: Sunday, September 27, 2009 11:11:16 Liczba wpisów: 2927598 -------------------------------------------------------------------------------- Ustawienia skanowania: typ baz danych użytych do skanowania: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: A:\ C:\ D:\ E:\ F:\ G:\ Statystyki skanowania: Przeskanowanych obiektów: 72518 Wykrytych zagrożeń: 2 Wyykrytych zainfekowanych obiektów: 3 Wykrytych podejrzanych obiektów: 0 Czas skanowania: 01:17:53 Nazwa pliku / Zagrożenie / Liczba zagrożeń C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\lizkavd.exe Zainfekowanych: Trojan-Dropper.Win32.Agent.beak 1 D:\PHP\WebServ-2.0.exe Zainfekowanych: not-a-virus:Server-FTP.Win32.Agent.e 1 D:\Programy\WebServ\ftp\WebServ(ftp).exe Zainfekowanych: not-a-virus:Server-FTP.Win32.Agent.e 1 Wybrany obszar został przeskanowany.

Dodano 27.09.2009 14:08:47:

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2864 Windows 5.1.2600 Dodatek Service Pack 2 2009-09-28 10:30:58 mbam-log-2009-09-28 (10-30-58).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 83118 Upłynęło: 2 minute(s), 28 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 2 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\Windows XP\Menu Start\Programy\Autostart\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Kod: Zaznacz wszystko: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: raport skanowania poniedziałek, 28 wrzesień 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.13 Data ostatniej aktualizacji baz danych: Sunday, September 27, 2009 11:11:16 Liczba wpisów: 2927598 -------------------------------------------------------------------------------- Ustawienia skanowania: typ baz danych użytych do skanowania: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: A:\ C:\ D:\ E:\ F:\ G:\ Statystyki skanowania: Przeskanowanych obiektów: 72518 Wykrytych zagrożeń: 2 Wyykrytych zainfekowanych obiektów: 3 Wykrytych podejrzanych obiektów: 0 Czas skanowania: 01:17:53 Nazwa pliku / Zagrożenie / Liczba zagrożeń C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\lizkavd.exe Zainfekowanych: Trojan-Dropper.Win32.Agent.beak 1 D:\PHP\WebServ-2.0.exe Zainfekowanych: not-a-virus:Server-FTP.Win32.Agent.e 1 D:\Programy\WebServ\ftp\WebServ(ftp).exe Zainfekowanych: not-a-virus:Server-FTP.Win32.Agent.e 1 Wybrany obszar został przeskanowany.

**Posty:** 18165 · przez **wojtas** 27 Wrz 2009, 15:37

skasuj:

C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\lizkavd.exe

i bedzie ok

Autor postu otrzymał pochwałę

**Posty:** 1164 · przez **Aros5** 27 Wrz 2009, 16:29

Dzięki wielkie, pomogło już wczoraj, ale teraz przynajmniej żadne syf nie został.

Kto jest na forum