Trojan zlob.dnschanger

**Posty:** 5 · przez **bogdiw** 27 Sie 2008, 20:30

Prosze o pomoc w usunieciu trojana Zlob.DNSCHanger. Próbowałem go usunąć manualnie ale po każdym restarcie automatycznie zmienia DNS.
Dołączam logi :COMBOFIX

Kod: Zaznacz wszystko: ComboFix 08-08-21.02 - bogdan 2008-08-23 17:19:18.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.480 [GMT 1:00] Running from: C:\Users\bogdan\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\zip.exe ----- BITS: Possible infected sites ----- http://www.rssx.hp.com . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-23 17:09 . 2008-08-23 17:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-22 23:08 . 2008-08-22 23:08 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\QUAD Backups 2008-08-22 23:07 . 2008-08-22 23:11 <DIR> d-------- C:\Program Files\QUAD Utilities 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\WinPatrol 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Program Files\BillP Studios 2008-08-22 21:08 . 2008-08-22 21:08 <DIR> d-------- C:\Program Files\Filseclab 2008-08-22 21:08 . 2008-08-22 21:09 <DIR> d-------- C:\Program Files\Common Files\Filseclab 2008-08-22 21:06 . 2008-08-22 21:06 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\InstallShield 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 19:53 . 2008-08-22 19:53 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-22 19:53 . 2008-07-19 15:36 51,280 --a------ C:\WINDOWS\System32\drivers\aswMonFlt.sys 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Searches 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Contacts 2008-08-22 17:37 . 2008-08-22 17:37 0 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RW774EA#ABU)_Y5335KV_0U_QCNF6523L1M_E436463-033_4A_I30B8_SQuanta_V65.2B_F.3E_T071227_WV3-0_L409_M1023_J160_7AMD_8F82_91.80_#080822_N10DE0269_(RW774EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK 2008-08-22 17:36 . 2008-08-22 17:36 44 --a------ C:\WINDOWS\system\hpsysdrv.dat 2008-08-22 17:34 . 2008-08-22 17:34 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Hewlett-Packard 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Videos 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Saved Games 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Pictures 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Music 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Links 2008-08-22 17:32 . 2008-08-23 17:15 <DIR> dr------- C:\Users\bogdan\Downloads 2008-08-22 17:32 . 2008-08-23 17:11 <DIR> dr------- C:\Users\bogdan\Documents 2008-08-22 17:32 . 2006-11-02 13:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Media Center Programs 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> d--h----- C:\Users\bogdan\AppData 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> d-------- C:\Users\bogdan 2008-08-22 17:32 . 2008-08-22 17:32 81 --a------ C:\WINDOWS\System32\LOG 2008-08-22 17:25 . 2008-08-22 17:25 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 21:51 --------- d-----w C:\Program Files\Microsoft Works 2008-08-22 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-22 21:32 --------- d-----w C:\ProgramData\CyberLink 2008-08-22 21:32 --------- d-----w C:\Program Files\HP 2008-08-22 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-22 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-22 19:45 --------- d-----w C:\ProgramData\Symantec 2008-08-22 18:16 --------- d-----w C:\Program Files\Google 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Templates 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Start Menu 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Favorites 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Documents 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Desktop 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Application Data 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 05:25 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 05:25 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 05:25 81920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 21:12 323216] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-29 00:42 46704] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 23:44 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 17:58 333120] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872] Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-08-22 21:08:44 319488] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AD98A94B-BAA1-4492-9577-CB064B5864F5}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{95D3D0D5-FBD0-40C7-8AAC-D20288CD096B}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 15:35] R1 filar;Filseclab Dynamic Defense System Driver;C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys [2007-12-18 17:56] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 15:36] R3 filpp;filpp;C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys [2007-12-19 21:47] R3 IMMDRV;IMMDRV;C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys [2007-11-26 20:24] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-19 01:09] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-19 01:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 17:21:08 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-23 17:21:55 ComboFix-quarantined-files.txt 2008-08-23 16:21:48 Pre-Run: 140,581,728,256 bytes free Post-Run: 140,608,212,992 bytes free 133

HIJACKTHIS

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:09:55, on 23/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Filseclab\Twister\twister.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Napster\napster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Filseclab Messenger.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7404 bytes

**Posty:** 18165 · przez **wojtas** 28 Sie 2008, 09:57

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 5 · przez **bogdiw** 29 Sie 2008, 20:18

Problem w tym ,ze SDFIX ,SeconfigXP i WWDC nie chodza na Viscie.

**Posty:** 8001 · przez **Okocza** 29 Sie 2008, 21:19

Przeskanuj komputer pod względem Trojanów tym programem

potem wstaw log z Combofixa

**Posty:** 5 · przez **bogdiw** 29 Sie 2008, 21:53

Kod: Zaznacz wszystko: Przeskanowalem kompa programikiem,log z comboffixaComboFix 08-08-21.02 - bogdan 2008-08-29 20:45:20.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.446 [GMT 1:00] Running from: C:\Users\bogdan\Downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2008-08-28 23:14 . 2008-08-29 18:41 <DIR> d-------- C:\Users\Administrator 2008-08-28 22:29 . 2008-08-28 22:29 <DIR> d-------- C:\SAV32CLI 2008-08-28 20:17 . 2008-08-29 19:13 <DIR> d-------- C:\SDFix 2008-08-28 19:43 . 2008-08-28 19:44 <DIR> d-------- C:\Users\All Users\WinZip 2008-08-28 19:43 . 2008-08-28 19:44 <DIR> d-------- C:\ProgramData\WinZip 2008-08-28 19:28 . 2008-08-28 19:28 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-08-28 19:28 . 2008-08-28 19:28 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-08-28 19:26 . 2006-03-17 06:00 161,792 --a------ C:\WINDOWS\System32\CNMLM7W.DLL 2008-08-27 18:27 . 2008-08-29 20:42 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\Users\All Users\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\ProgramData\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\Program Files\Skype 2008-08-24 12:13 . 2008-08-29 20:39 13,072 --a------ C:\Users\bogdan\AppData\Roaming\nvModes.dat 2008-08-23 17:09 . 2008-08-23 17:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-22 23:08 . 2008-08-22 23:08 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\QUAD Backups 2008-08-22 23:07 . 2008-08-28 20:11 <DIR> d-------- C:\Program Files\QUAD Utilities 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\WinPatrol 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Program Files\BillP Studios 2008-08-22 21:08 . 2008-08-22 21:08 <DIR> d-------- C:\Program Files\Filseclab 2008-08-22 21:08 . 2008-08-24 23:46 <DIR> d-------- C:\Program Files\Common Files\Filseclab 2008-08-22 21:06 . 2008-08-22 21:06 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\InstallShield 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 19:53 . 2008-08-22 19:53 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-22 19:53 . 2008-07-19 15:36 51,280 --a------ C:\WINDOWS\System32\drivers\aswMonFlt.sys 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Searches 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Contacts 2008-08-22 17:37 . 2008-08-22 17:37 0 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RW774EA#ABU)_Y5335KV_0U_QCNF6523L1M_E436463-033_4A_I30B8_SQuanta_V65.2B_F.3E_T071227_WV3-0_L409_M1023_J160_7AMD_8F82_91.80_#080822_N10DE0269_(RW774EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK 2008-08-22 17:36 . 2008-08-22 17:36 44 --a------ C:\WINDOWS\system\hpsysdrv.dat 2008-08-22 17:34 . 2008-08-22 17:34 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Hewlett-Packard 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Videos 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Saved Games 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Pictures 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Music 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Links 2008-08-22 17:32 . 2008-08-29 20:43 <DIR> dr------- C:\Users\bogdan\Downloads 2008-08-22 17:32 . 2008-08-27 18:27 <DIR> dr------- C:\Users\bogdan\Documents 2008-08-22 17:32 . 2006-11-02 13:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Media Center Programs 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> d--h----- C:\Users\bogdan\AppData 2008-08-22 17:32 . 2008-08-28 19:44 <DIR> d-------- C:\Users\bogdan 2008-08-22 17:32 . 2008-08-22 17:32 81 --a------ C:\WINDOWS\System32\LOG 2008-08-22 17:25 . 2008-08-22 17:25 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 21:51 --------- d-----w C:\Program Files\Microsoft Works 2008-08-22 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-22 21:32 --------- d-----w C:\ProgramData\CyberLink 2008-08-22 21:32 --------- d-----w C:\Program Files\HP 2008-08-22 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-22 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-22 19:45 --------- d-----w C:\ProgramData\Symantec 2008-08-22 18:16 --------- d-----w C:\Program Files\Google 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Templates 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Start Menu 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Favorites 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Documents 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Desktop 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Application Data 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.21.37.63 ))))))))))))))))))))))))))))))))))))))))) . - 2006-12-18 22:33:32 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-08-28 18:27:35 51,200 ----a-w C:\Windows\inf\infpub.dat - 2006-12-18 22:33:31 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-08-28 18:27:26 86,016 ----a-w C:\Windows\inf\infstor.dat - 2006-12-18 22:33:31 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-08-28 18:27:34 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-08-28 18:43:53 632,320 ----a-r C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F66110.exe + 2008-08-28 18:43:53 29,184 ----a-r C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F6617.exe - 2008-08-23 15:54:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-08-29 18:12:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-08-23 15:54:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-08-29 18:12:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2006-11-02 09:46:13 41,472 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll - 2008-08-23 15:56:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-08-29 18:14:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-08-23 15:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-29 18:14:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-29 18:14:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-08-23 15:55:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-29 18:13:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-08-23 15:55:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-29 18:13:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-23 15:55:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-08-29 18:13:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 09:46:14 219,648 ----a-w C:\Windows\System32\drivers\UMDF\WpdFs.dll + 2006-11-02 08:55:05 54,784 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS + 2006-03-17 05:00:00 101,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNM_0284.DLL + 2006-03-17 05:00:00 262,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMBR284.DLL + 2006-03-17 05:00:00 511,488 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMDRV.DLL + 2006-03-17 05:00:00 210,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMDUMP5.DLL + 2006-03-17 05:00:00 4,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMFUS.DLL + 2006-03-17 05:00:00 7,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMINST.DLL + 2006-03-17 05:00:00 3,584 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLH.DLL + 2006-03-17 05:00:00 161,792 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLMON2.DLL + 2006-03-17 05:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLR.DLL + 2006-04-27 05:00:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRAR.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRCN.DLL + 2006-04-27 05:00:00 129,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRCZ.DLL + 2006-04-27 05:00:00 149,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRDE.DLL + 2006-04-27 05:00:00 131,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRDK.DLL + 2006-04-27 05:00:00 146,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRES.DLL + 2006-04-27 05:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRFI.DLL + 2006-04-27 05:00:00 146,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRFR.DLL + 2006-04-27 05:00:00 152,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRGR.DLL + 2006-04-27 05:00:00 130,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRHU.DLL + 2006-04-27 05:00:00 145,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRIT.DLL + 2006-03-17 05:00:00 69,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRJ.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRKR.DLL + 2006-04-27 05:00:00 140,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRNL.DLL + 2006-04-27 05:00:00 125,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRNO.DLL + 2006-04-27 05:00:00 143,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRPL.DLL + 2006-04-27 05:00:00 136,192 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRPT.DLL + 2006-04-27 05:00:00 132,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRRU.DLL + 2006-04-27 05:00:00 125,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRSE.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTH.DLL + 2006-04-27 05:00:00 126,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTR.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTW.DLL + 2006-03-17 05:00:00 1,724,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMMR284.DLL + 2006-03-17 05:00:00 178,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMOP7W.DLL + 2006-03-17 05:00:00 757,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP_284.DLL + 2000-12-12 11:10:04 23,280 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP0.DAT + 2000-12-12 11:10:04 27,140 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP1.DAT + 2000-12-12 17:09:20 30,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP2.DAT + 2006-03-17 05:00:00 1,600,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPCOM2.DLL + 2006-03-17 05:00:00 22,528 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPD.DLL + 2006-03-17 05:00:00 65,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPP.DLL + 2006-03-17 05:00:00 96,768 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPV.DLL + 2006-03-17 05:00:00 39,424 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMQUEUE.DLL + 2006-03-17 05:00:00 6,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSE.EXE + 2006-03-17 05:00:00 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSMSD.DLL + 2006-03-17 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSR.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRAR.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRCN.DLL + 2006-04-27 05:00:00 76,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRCZ.DLL + 2006-04-27 05:00:00 90,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRDE.DLL + 2006-04-27 05:00:00 77,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRDK.DLL + 2006-04-27 05:00:00 88,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRES.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRFI.DLL + 2006-04-27 05:00:00 87,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRFR.DLL + 2006-04-27 05:00:00 89,088 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRGR.DLL + 2006-04-27 05:00:00 78,336 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRHU.DLL + 2006-04-27 05:00:00 87,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRIT.DLL + 2006-03-17 05:00:00 42,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRJ.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRKR.DLL + 2006-04-27 05:00:00 81,408 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRNL.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRNO.DLL + 2006-04-27 05:00:00 85,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRPL.DLL + 2006-04-27 05:00:00 82,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRPT.DLL + 2006-04-27 05:00:00 77,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRRU.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRSE.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTH.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTR.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTW.DLL + 2006-03-17 05:00:00 414,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSTMN.DLL + 2006-03-17 05:00:00 1,735,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMUI.DLL + 2006-03-17 05:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMUR.DLL + 2006-04-27 05:00:00 327,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURAR.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURCN.DLL + 2006-04-27 05:00:00 331,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURCZ.DLL + 2006-04-27 05:00:00 356,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURDE.DLL + 2006-04-27 05:00:00 333,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURDK.DLL + 2006-04-27 05:00:00 360,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURES.DLL + 2006-04-27 05:00:00 324,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURFI.DLL + 2006-04-27 05:00:00 356,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURFR.DLL + 2006-04-27 05:00:00 360,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURGR.DLL + 2006-04-27 05:00:00 334,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURHU.DLL + 2006-04-27 05:00:00 354,816 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURIT.DLL + 2006-03-17 05:00:00 241,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURJ.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURKR.DLL + 2006-04-27 05:00:00 347,136 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURNL.DLL + 2006-04-27 05:00:00 325,120 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURNO.DLL + 2006-04-27 05:00:00 348,672 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURPL.DLL + 2006-04-27 05:00:00 345,088 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURPT.DLL + 2006-04-27 05:00:00 338,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURRU.DLL + 2006-04-27 05:00:00 327,168 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURSE.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTH.DLL + 2006-04-27 05:00:00 328,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTR.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTW.DLL + 2006-03-17 05:00:00 8,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMVS.DLL + 2006-03-17 05:00:00 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMW3.DLL - 2008-08-23 15:59:39 108,526 ----a-w C:\Windows\System32\perfc009.dat + 2008-08-29 18:17:14 108,526 ----a-w C:\Windows\System32\perfc009.dat - 2008-08-23 15:59:40 623,342 ----a-w C:\Windows\System32\perfh009.dat + 2008-08-29 18:17:14 623,342 ----a-w C:\Windows\System32\perfh009.dat + 2006-03-17 05:00:00 1,600,512 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMCB7W.DLL + 2006-03-17 05:00:00 101,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMCP7W.DLL + 2006-03-17 05:00:00 210,944 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMD57W.DLL + 2006-03-17 05:00:00 511,488 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMDR7W.DLL + 2006-03-17 05:00:00 4,608 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMFU7W.DLL + 2006-03-17 05:00:00 3,584 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMLH7W.DLL + 2006-03-17 05:00:00 122,368 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMLR7W.DLL + 2006-03-17 05:00:00 178,176 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMOP7W.DLL + 2000-12-12 11:10:04 23,280 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP07W.DAT + 2000-12-12 11:10:04 27,140 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP17W.DAT + 2000-12-12 17:09:20 30,320 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP27W.DAT + 2006-03-17 05:00:00 7,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMPI7W.DLL + 2006-03-17 05:00:00 96,768 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMPV7W.DLL + 2006-03-17 05:00:00 757,760 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSB7W.DLL + 2006-03-17 05:00:00 40,960 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSD7W.DLL + 2006-03-17 05:00:00 6,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSE7W.EXE + 2006-03-17 05:00:00 414,208 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSM7W.DLL + 2006-03-17 05:00:00 39,424 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSQ7W.DLL + 2006-03-17 05:00:00 73,728 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSR7W.DLL + 2006-03-17 05:00:00 262,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUB7W.DLL + 2006-03-17 05:00:00 1,735,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUI7W.DLL + 2006-03-17 05:00:00 1,724,928 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUM7W.DLL + 2006-03-17 05:00:00 322,048 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUR7W.DLL + 2006-03-17 05:00:00 8,704 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMVS7W.DLL + 2006-03-17 05:00:00 6,656 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMW37W.DLL + 2006-03-17 05:00:00 22,528 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\CNMPD7W.DLL + 2006-03-17 05:00:00 65,024 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\CNMPP7W.DLL - 2008-08-23 15:57:11 2,746 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-532142658-81520476-2677136760-1000_UserData.bin + 2008-08-28 22:05:50 3,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-532142658-81520476-2677136760-1000_UserData.bin - 2008-08-23 15:57:11 54,924 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-08-29 18:14:35 56,778 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-23 15:57:05 28,242 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-08-29 18:14:34 29,828 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2000-08-31 07:00:00 68,096 ----a-w C:\Windows\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 00:41 20034600] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 05:25 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 05:25 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 05:25 81920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 21:12 323216] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-29 00:42 46704] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 23:44 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 17:58 333120] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872] Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-07-21 11:49:06 319488] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AD98A94B-BAA1-4492-9577-CB064B5864F5}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{95D3D0D5-FBD0-40C7-8AAC-D20288CD096B}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{160CA5EA-6676-4C98-BCB1-37B1D4B4CC77}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{27BE4EFF-9F08-4C1D-888E-E38A707B8BDE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 15:35] R1 filar;Filseclab Dynamic Defense System Driver;C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys [2007-12-18 17:56] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 15:36] R3 filpp;filpp;C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys [2007-12-19 21:47] R3 IMMDRV;IMMDRV;C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys [2007-11-26 20:24] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-19 01:09] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-19 01:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . - - - - ORPHANS REMOVED - - - - HKCU-Run-QUAD Scheduler - C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 20:47:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-29 20:47:58 ComboFix-quarantined-files.txt 2008-08-29 19:47:52 ComboFix2.txt 2008-08-23 16:21:56 Pre-Run: 132,450,254,848 bytes free Post-Run: 132,430,778,368 bytes free 303

**Posty:** 8001 · przez **Okocza** 29 Sie 2008, 22:28

wstaw log w tag "code"

**Posty:** 5 · przez **bogdiw** 29 Sie 2008, 22:45

nie bardzo wiem jak,mozesz pomoc?

**Posty:** 8001 · przez **Okocza** 29 Sie 2008, 22:48

tak jak na początku...

zaznaczasz cały log i kilkasz przycisk "code"

**Posty:** 5 · przez **bogdiw** 29 Sie 2008, 22:49

Kod: Zaznacz wszystko: ComboFix 08-08-21.02 - bogdan 2008-08-29 20:45:20.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.446 [GMT 1:00] Running from: C:\Users\bogdan\Downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2008-08-28 23:14 . 2008-08-29 18:41 <DIR> d-------- C:\Users\Administrator 2008-08-28 22:29 . 2008-08-28 22:29 <DIR> d-------- C:\SAV32CLI 2008-08-28 20:17 . 2008-08-29 19:13 <DIR> d-------- C:\SDFix 2008-08-28 19:43 . 2008-08-28 19:44 <DIR> d-------- C:\Users\All Users\WinZip 2008-08-28 19:43 . 2008-08-28 19:44 <DIR> d-------- C:\ProgramData\WinZip 2008-08-28 19:28 . 2008-08-28 19:28 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-08-28 19:28 . 2008-08-28 19:28 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-08-28 19:26 . 2006-03-17 06:00 161,792 --a------ C:\WINDOWS\System32\CNMLM7W.DLL 2008-08-27 18:27 . 2008-08-29 20:42 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\Users\All Users\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\ProgramData\Skype 2008-08-27 18:27 . 2008-08-27 18:27 <DIR> d-------- C:\Program Files\Skype 2008-08-24 12:13 . 2008-08-29 20:39 13,072 --a------ C:\Users\bogdan\AppData\Roaming\nvModes.dat 2008-08-23 17:09 . 2008-08-23 17:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-22 23:08 . 2008-08-22 23:08 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\QUAD Backups 2008-08-22 23:07 . 2008-08-28 20:11 <DIR> d-------- C:\Program Files\QUAD Utilities 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\WinPatrol 2008-08-22 22:37 . 2008-08-22 22:37 <DIR> d-------- C:\Program Files\BillP Studios 2008-08-22 21:08 . 2008-08-22 21:08 <DIR> d-------- C:\Program Files\Filseclab 2008-08-22 21:08 . 2008-08-24 23:46 <DIR> d-------- C:\Program Files\Common Files\Filseclab 2008-08-22 21:06 . 2008-08-22 21:06 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\InstallShield 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:30 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-08-22 21:01 . 2008-08-22 21:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 19:53 . 2008-08-22 19:53 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-22 19:53 . 2008-07-19 15:36 51,280 --a------ C:\WINDOWS\System32\drivers\aswMonFlt.sys 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Searches 2008-08-22 17:38 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Contacts 2008-08-22 17:37 . 2008-08-22 17:37 0 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RW774EA#ABU)_Y5335KV_0U_QCNF6523L1M_E436463-033_4A_I30B8_SQuanta_V65.2B_F.3E_T071227_WV3-0_L409_M1023_J160_7AMD_8F82_91.80_#080822_N10DE0269_(RW774EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK 2008-08-22 17:36 . 2008-08-22 17:36 44 --a------ C:\WINDOWS\system\hpsysdrv.dat 2008-08-22 17:34 . 2008-08-22 17:34 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Hewlett-Packard 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Videos 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Saved Games 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Pictures 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Music 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> dr------- C:\Users\bogdan\Links 2008-08-22 17:32 . 2008-08-29 20:43 <DIR> dr------- C:\Users\bogdan\Downloads 2008-08-22 17:32 . 2008-08-27 18:27 <DIR> dr------- C:\Users\bogdan\Documents 2008-08-22 17:32 . 2006-11-02 13:37 <DIR> d-------- C:\Users\bogdan\AppData\Roaming\Media Center Programs 2008-08-22 17:32 . 2008-08-22 17:38 <DIR> d--h----- C:\Users\bogdan\AppData 2008-08-22 17:32 . 2008-08-28 19:44 <DIR> d-------- C:\Users\bogdan 2008-08-22 17:32 . 2008-08-22 17:32 81 --a------ C:\WINDOWS\System32\LOG 2008-08-22 17:25 . 2008-08-22 17:25 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 21:51 --------- d-----w C:\Program Files\Microsoft Works 2008-08-22 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-22 21:32 --------- d-----w C:\ProgramData\CyberLink 2008-08-22 21:32 --------- d-----w C:\Program Files\HP 2008-08-22 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-22 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-22 19:45 --------- d-----w C:\ProgramData\Symantec 2008-08-22 18:16 --------- d-----w C:\Program Files\Google 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Templates 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Start Menu 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Favorites 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Documents 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Desktop 2008-08-22 16:25 --------- d-sh--w C:\ProgramData\Application Data 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.21.37.63 ))))))))))))))))))))))))))))))))))))))))) . - 2006-12-18 22:33:32 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-08-28 18:27:35 51,200 ----a-w C:\Windows\inf\infpub.dat - 2006-12-18 22:33:31 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-08-28 18:27:26 86,016 ----a-w C:\Windows\inf\infstor.dat - 2006-12-18 22:33:31 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-08-28 18:27:34 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-08-28 18:43:53 632,320 ----a-r C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F66110.exe + 2008-08-28 18:43:53 29,184 ----a-r C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F6617.exe - 2008-08-23 15:54:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-08-29 18:12:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-08-23 15:54:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-08-29 18:12:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2006-11-02 09:46:13 41,472 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll - 2008-08-23 15:56:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-08-29 18:14:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-08-23 15:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-29 18:14:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-29 18:14:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-08-23 15:55:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-29 18:13:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-08-23 15:55:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-29 18:13:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-23 15:55:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-08-29 18:13:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 09:46:14 219,648 ----a-w C:\Windows\System32\drivers\UMDF\WpdFs.dll + 2006-11-02 08:55:05 54,784 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS + 2006-03-17 05:00:00 101,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNM_0284.DLL + 2006-03-17 05:00:00 262,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMBR284.DLL + 2006-03-17 05:00:00 511,488 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMDRV.DLL + 2006-03-17 05:00:00 210,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMDUMP5.DLL + 2006-03-17 05:00:00 4,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMFUS.DLL + 2006-03-17 05:00:00 7,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMINST.DLL + 2006-03-17 05:00:00 3,584 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLH.DLL + 2006-03-17 05:00:00 161,792 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLMON2.DLL + 2006-03-17 05:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLR.DLL + 2006-04-27 05:00:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRAR.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRCN.DLL + 2006-04-27 05:00:00 129,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRCZ.DLL + 2006-04-27 05:00:00 149,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRDE.DLL + 2006-04-27 05:00:00 131,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRDK.DLL + 2006-04-27 05:00:00 146,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRES.DLL + 2006-04-27 05:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRFI.DLL + 2006-04-27 05:00:00 146,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRFR.DLL + 2006-04-27 05:00:00 152,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRGR.DLL + 2006-04-27 05:00:00 130,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRHU.DLL + 2006-04-27 05:00:00 145,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRIT.DLL + 2006-03-17 05:00:00 69,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRJ.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRKR.DLL + 2006-04-27 05:00:00 140,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRNL.DLL + 2006-04-27 05:00:00 125,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRNO.DLL + 2006-04-27 05:00:00 143,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRPL.DLL + 2006-04-27 05:00:00 136,192 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRPT.DLL + 2006-04-27 05:00:00 132,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRRU.DLL + 2006-04-27 05:00:00 125,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRSE.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTH.DLL + 2006-04-27 05:00:00 126,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTR.DLL + 2006-04-13 11:00:00 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMLRTW.DLL + 2006-03-17 05:00:00 1,724,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMMR284.DLL + 2006-03-17 05:00:00 178,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMOP7W.DLL + 2006-03-17 05:00:00 757,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP_284.DLL + 2000-12-12 11:10:04 23,280 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP0.DAT + 2000-12-12 11:10:04 27,140 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP1.DAT + 2000-12-12 17:09:20 30,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMP2.DAT + 2006-03-17 05:00:00 1,600,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPCOM2.DLL + 2006-03-17 05:00:00 22,528 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPD.DLL + 2006-03-17 05:00:00 65,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPP.DLL + 2006-03-17 05:00:00 96,768 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMPV.DLL + 2006-03-17 05:00:00 39,424 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMQUEUE.DLL + 2006-03-17 05:00:00 6,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSE.EXE + 2006-03-17 05:00:00 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSMSD.DLL + 2006-03-17 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSR.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRAR.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRCN.DLL + 2006-04-27 05:00:00 76,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRCZ.DLL + 2006-04-27 05:00:00 90,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRDE.DLL + 2006-04-27 05:00:00 77,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRDK.DLL + 2006-04-27 05:00:00 88,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRES.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRFI.DLL + 2006-04-27 05:00:00 87,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRFR.DLL + 2006-04-27 05:00:00 89,088 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRGR.DLL + 2006-04-27 05:00:00 78,336 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRHU.DLL + 2006-04-27 05:00:00 87,552 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRIT.DLL + 2006-03-17 05:00:00 42,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRJ.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRKR.DLL + 2006-04-27 05:00:00 81,408 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRNL.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRNO.DLL + 2006-04-27 05:00:00 85,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRPL.DLL + 2006-04-27 05:00:00 82,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRPT.DLL + 2006-04-27 05:00:00 77,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRRU.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRSE.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTH.DLL + 2006-04-27 05:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTR.DLL + 2006-04-13 11:00:00 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSRTW.DLL + 2006-03-17 05:00:00 414,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMSTMN.DLL + 2006-03-17 05:00:00 1,735,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMUI.DLL + 2006-03-17 05:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMUR.DLL + 2006-04-27 05:00:00 327,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURAR.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURCN.DLL + 2006-04-27 05:00:00 331,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURCZ.DLL + 2006-04-27 05:00:00 356,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURDE.DLL + 2006-04-27 05:00:00 333,824 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURDK.DLL + 2006-04-27 05:00:00 360,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURES.DLL + 2006-04-27 05:00:00 324,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURFI.DLL + 2006-04-27 05:00:00 356,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURFR.DLL + 2006-04-27 05:00:00 360,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURGR.DLL + 2006-04-27 05:00:00 334,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURHU.DLL + 2006-04-27 05:00:00 354,816 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURIT.DLL + 2006-03-17 05:00:00 241,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURJ.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURKR.DLL + 2006-04-27 05:00:00 347,136 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURNL.DLL + 2006-04-27 05:00:00 325,120 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURNO.DLL + 2006-04-27 05:00:00 348,672 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURPL.DLL + 2006-04-27 05:00:00 345,088 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURPT.DLL + 2006-04-27 05:00:00 338,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURRU.DLL + 2006-04-27 05:00:00 327,168 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURSE.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTH.DLL + 2006-04-27 05:00:00 328,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTR.DLL + 2006-04-13 11:00:00 322,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMURTW.DLL + 2006-03-17 05:00:00 8,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMVS.DLL + 2006-03-17 05:00:00 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\ip1700.inf_c12ef551\PRN2KXP\CNMW3.DLL - 2008-08-23 15:59:39 108,526 ----a-w C:\Windows\System32\perfc009.dat + 2008-08-29 18:17:14 108,526 ----a-w C:\Windows\System32\perfc009.dat - 2008-08-23 15:59:40 623,342 ----a-w C:\Windows\System32\perfh009.dat + 2008-08-29 18:17:14 623,342 ----a-w C:\Windows\System32\perfh009.dat + 2006-03-17 05:00:00 1,600,512 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMCB7W.DLL + 2006-03-17 05:00:00 101,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMCP7W.DLL + 2006-03-17 05:00:00 210,944 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMD57W.DLL + 2006-03-17 05:00:00 511,488 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMDR7W.DLL + 2006-03-17 05:00:00 4,608 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMFU7W.DLL + 2006-03-17 05:00:00 3,584 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMLH7W.DLL + 2006-03-17 05:00:00 122,368 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMLR7W.DLL + 2006-03-17 05:00:00 178,176 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMOP7W.DLL + 2000-12-12 11:10:04 23,280 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP07W.DAT + 2000-12-12 11:10:04 27,140 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP17W.DAT + 2000-12-12 17:09:20 30,320 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMP27W.DAT + 2006-03-17 05:00:00 7,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMPI7W.DLL + 2006-03-17 05:00:00 96,768 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMPV7W.DLL + 2006-03-17 05:00:00 757,760 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSB7W.DLL + 2006-03-17 05:00:00 40,960 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSD7W.DLL + 2006-03-17 05:00:00 6,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSE7W.EXE + 2006-03-17 05:00:00 414,208 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSM7W.DLL + 2006-03-17 05:00:00 39,424 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSQ7W.DLL + 2006-03-17 05:00:00 73,728 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMSR7W.DLL + 2006-03-17 05:00:00 262,144 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUB7W.DLL + 2006-03-17 05:00:00 1,735,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUI7W.DLL + 2006-03-17 05:00:00 1,724,928 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUM7W.DLL + 2006-03-17 05:00:00 322,048 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMUR7W.DLL + 2006-03-17 05:00:00 8,704 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMVS7W.DLL + 2006-03-17 05:00:00 6,656 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\CNMW37W.DLL + 2006-03-17 05:00:00 22,528 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\CNMPD7W.DLL + 2006-03-17 05:00:00 65,024 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\CNMPP7W.DLL - 2008-08-23 15:57:11 2,746 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-532142658-81520476-2677136760-1000_UserData.bin + 2008-08-28 22:05:50 3,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-532142658-81520476-2677136760-1000_UserData.bin - 2008-08-23 15:57:11 54,924 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-08-29 18:14:35 56,778 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-23 15:57:05 28,242 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-08-29 18:14:34 29,828 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2000-08-31 07:00:00 68,096 ----a-w C:\Windows\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 00:41 20034600] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 05:25 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 05:25 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 05:25 81920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 21:12 323216] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-29 00:42 46704] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 23:44 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 17:58 333120] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872] Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-07-21 11:49:06 319488] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AD98A94B-BAA1-4492-9577-CB064B5864F5}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{95D3D0D5-FBD0-40C7-8AAC-D20288CD096B}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{160CA5EA-6676-4C98-BCB1-37B1D4B4CC77}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{27BE4EFF-9F08-4C1D-888E-E38A707B8BDE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 15:35] R1 filar;Filseclab Dynamic Defense System Driver;C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys [2007-12-18 17:56] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 15:36] R3 filpp;filpp;C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys [2007-12-19 21:47] R3 IMMDRV;IMMDRV;C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys [2007-11-26 20:24] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-19 01:09] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-19 01:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . - - - - ORPHANS REMOVED - - - - HKCU-Run-QUAD Scheduler - C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 20:47:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-29 20:47:58 ComboFix-quarantined-files.txt 2008-08-29 19:47:52 ComboFix2.txt 2008-08-23 16:21:56 Pre-Run: 132,450,254,848 bytes free Post-Run: 132,430,778,368 bytes free 303

Edit by mike013
Następnym razem wstawiaj logi w taki [code] treść wiadomości[/code.] (bez kropki)