HijackThis
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 22:27:35, on 2007-05-02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F707E3E3-10A7-4FB6-BA4E-BB0A3B46D17C}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Silent Runners
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 150 seconds, including 2 seconds for message boxes)
ComboScan
- Kod: Zaznacz wszystko
ComboScan v20070306.20 run by USER on 2007-05-02 at 22:43:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as USER.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:43:41, on 2007-05-02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\USER\Pulpit\comboscan.exe
C:\DOCUME~1\USER\Pulpit\USER.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F707E3E3-10A7-4FB6-BA4E-BB0A3B46D17C}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
-- Files created between 2007-04-02 and 2007-05-02 -----------------------------
2007-05-02 10:38:50 0 d-a------ C:\WINDOWS\zts2.exe
2007-05-02 10:38:50 0 d-a------ C:\WINDOWS\rundll16.exe
2007-05-02 10:38:50 0 d-a------ C:\WINDOWS\rundl132.dll
2007-05-01 11:32:30 0 d-------- C:\My Downloads<MYDOWN~1>
2007-05-01 08:52:00 0 d-a------ C:\WINDOWS\System32\vcmgcd32.dll
2007-05-01 08:52:00 0 d-a------ C:\WINDOWS\System32\iifgfgf.dll
2007-05-01 08:52:00 0 d-a------ C:\WINDOWS\logo1_.exe
2007-05-01 08:50:38 132608 --a------ C:\WINDOWS\System32\TASKMGR.COM
2007-05-01 08:50:38 132608 --a------ C:\WINDOWS\System32\T.COM
2007-05-01 08:50:37 137216 --a------ C:\WINDOWS\REGEDIT.COM
2007-05-01 08:50:37 137216 --a------ C:\WINDOWS\R.COM
2007-04-30 20:03:02 18976 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2007-04-30 20:03:02 575264 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2007-04-28 21:45:44 0 d-------- C:\Documents and Settings\USER\Application Data\Adobe
2007-04-28 21:39:18 0 d-------- C:\Program Files\Common Files\Vbox
2007-04-28 21:39:05 241664 --a------ C:\WINDOWS\System32\mpg4dmod.dll
2007-04-28 21:39:05 384512 --a------ C:\WINDOWS\System32\mp4sdmod.dll
2007-04-28 21:39:05 316040 --a------ C:\WINDOWS\System32\mp43dmod.dll
2007-04-28 21:39:04 816264 --a------ C:\WINDOWS\System32\wmvdmod.dll
2007-04-28 21:39:04 486536 --a------ C:\WINDOWS\System32\wmspdmod.dll
2007-04-28 21:39:04 760968 --a------ C:\WINDOWS\System32\wmsdmod.dll
2007-04-28 21:39:03 997888 --a------ C:\WINDOWS\System32\wmvdmoe2.dll
2007-04-28 21:39:03 892416 --a------ C:\WINDOWS\System32\wmspdmoe.dll
2007-04-28 21:39:03 1111040 --a------ C:\WINDOWS\System32\wmsdmoe2.dll
2007-04-28 21:39:03 670208 --a------ C:\WINDOWS\System32\wmadmoe.dll
2007-04-28 21:39:03 410248 --a------ C:\WINDOWS\System32\wmadmod.dll
2007-04-28 21:39:03 241664 --a------ C:\WINDOWS\System32\qasf.dll
2007-04-28 21:39:02 981504 --a------ C:\WINDOWS\System32\wmnetmgr.dll
2007-04-28 21:39:02 81408 --a------ C:\WINDOWS\System32\logagent.exe
2007-04-28 21:39:02 6656 --a------ C:\WINDOWS\System32\laprxy.dll
2007-04-28 21:39:01 143360 --a------ C:\WINDOWS\System32\wmidx.dll
2007-04-28 21:38:59 253952 --a------ C:\WINDOWS\System32\msnetobj.dll
2007-04-28 21:38:58 678912 --a------ C:\WINDOWS\System32\drmv2clt.dll
2007-04-28 21:38:58 232960 --a------ C:\WINDOWS\System32\blackbox.dll
2007-04-28 21:38:57 82432 --a------ C:\WINDOWS\System32\drmstor.dll
2007-04-28 21:38:57 301712 --a------ C:\WINDOWS\System32\drmclien.dll
2007-04-28 10:51:26 298104 --a------ C:\WINDOWS\System32\imon.dll
2007-04-28 10:51:26 15424 --a------ C:\WINDOWS\System32\drivers\nod32drv.sys
2007-04-28 10:51:26 512096 --a------ C:\WINDOWS\System32\drivers\amon.sys
2007-04-27 19:16:07 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-04-27 15:54:25 0 d---s---- C:\Documents and Settings\USER\UserData
2007-04-26 16:47:49 2165888 --a------ C:\WINDOWS\System32\kernel1.exe
2007-04-26 16:25:48 0 d-------- C:\Program Files\TGTSoft
2007-04-26 15:58:31 111104 --a------ C:\WINDOWS\System32\uharc.exe
2007-04-26 13:45:29 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-04-26 13:44:35 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-04-24 18:03:09 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-04-24 17:16:37 49152 --a------ C:\WINDOWS\System32\vfind.exe
2007-04-24 17:16:37 212480 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-04-24 17:16:37 370688 --a------ C:\WINDOWS\System32\swsc.exe
2007-04-24 17:16:37 428032 --a------ C:\WINDOWS\System32\swreg.exe
2007-04-24 17:16:37 38400 --a------ C:\WINDOWS\System32\moveex.exe
2007-04-24 17:16:37 49152 --a------ C:\WINDOWS\nircmd.exe
2007-04-24 17:16:37 86528 --a------ C:\WINDOWS\catchme.exe
2007-04-23 15:32:12 0 d-------- C:\WINDOWS\speech
2007-04-23 15:32:03 0 d-------- C:\Program Files\ivo
2007-04-18 21:22:38 0 d-------- C:\Program Files\Tibia Auto<TIBIAA~1>
2007-04-18 21:21:36 0 d-------- C:\Python24
2007-04-17 16:50:59 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe
2007-04-17 16:50:59 129784 -----n--- C:\WINDOWS\System32\pxafs.dll
2007-04-17 16:50:59 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys
2007-04-17 16:50:59 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys
2007-04-17 16:50:59 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys
2007-04-17 16:50:49 0 d-------- C:\Program Files\Winamp
2007-04-15 16:53:07 5606 --a------ C:\WINDOWS\System32\stci.dll
2007-04-15 16:53:07 5280 --a------ C:\WINDOWS\System32\drivers\alcawh.sys
2007-04-15 16:53:07 70688 --a------ C:\WINDOWS\System32\drivers\alcaudsl.sys
2007-04-15 16:53:07 3968 --a------ C:\WINDOWS\System32\drivers\alcacr.sys
2007-04-15 16:53:04 0 d-------- C:\Program Files\Thomson
2007-04-15 13:55:44 48 --a------ C:\WINDOWS\System32\imon1.dat
2007-04-15 13:34:43 0 d--h----- C:\WINDOWS\PIF
2007-04-13 22:38:12 348160 --a------ C:\WINDOWS\System32\MSVCR71.dll
2007-04-13 22:38:12 499712 --a------ C:\WINDOWS\System32\MSVCP71.dll
2007-04-13 22:38:12 1060864 --a------ C:\WINDOWS\System32\MFC71.dll
2007-04-13 21:06:54 41474 --ahs---- C:\WINDOWS\System32\smsc.exe
2007-04-12 19:24:45 0 d-------- C:\Program Files\Tibia
2007-04-12 17:38:02 0 d-------- C:\WINDOWS\pss
2007-04-12 17:28:36 0 d-------- C:\Documents and Settings\USER\Gadu-Gadu<GADU-G~1>
2007-04-12 17:28:27 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-04-12 17:11:07 53600 --a------ C:\WINDOWS\System32\drivers\alcan5wn.sys
2007-04-12 17:03:28 0 d-------- C:\WINDOWS
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\WinSxS
2007-04-12 17:03:28 0 dr------- C:\WINDOWS\Web
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\twain_32
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\system32
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\wins
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\wbem
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\usmt
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\spool
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\ShellExt
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\Setup
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\ras
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\oobe
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\npp
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\mui
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\inetsrv
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\IME
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\icsxml
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\ias
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\export
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\drivers
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-04-12 17:03:28 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\dhcp
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\config
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\3076
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\2052
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1054
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1045
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1042
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1041
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1037
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1033
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1031
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1028
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\System32\1025
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\system
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\security
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\repair
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\mui
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\msapps
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\msagent
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Media
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\java
2007-04-12 17:03:28 0 d--h----- C:\WINDOWS\inf
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\ime
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Help
2007-04-12 17:03:28 0 dr--s---- C:\WINDOWS\Fonts
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Debug
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Cursors
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\Config
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\AppPatch
2007-04-12 17:03:28 0 d-------- C:\WINDOWS\addins
2007-04-12 16:31:12 1168 --a------ C:\WINDOWS\mozver.dat
2007-04-12 16:10:50 3072 --a------ C:\WINDOWS\System32\drivers\audstub.sys
2007-04-12 16:10:13 57856 --a------ C:\WINDOWS\System32\drivers\redbook.sys
2007-04-12 16:09:53 9856 --a------ C:\WINDOWS\System32\drivers\gameenum.sys
2007-04-12 16:09:37 27165 --a------ C:\WINDOWS\System32\drivers\fetnd5.sys
2007-04-12 16:09:32 70144 --a------ C:\WINDOWS\System32\usbui.dll
2007-04-12 16:08:33 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-12 16:08:30 0 dr------- C:\Program Files<PROGRA~1>
2007-04-12 16:08:30 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-12 16:08:28 6144 -ra------ C:\WINDOWS\System32\kbdtuq.dll
2007-04-12 16:08:28 6144 -ra------ C:\WINDOWS\System32\kbdtuf.dll
2007-04-12 16:08:28 5632 -ra------ C:\WINDOWS\System32\kbdazel.dll
2007-04-12 16:08:27 5632 -ra------ C:\WINDOWS\System32\kbdmon.dll
2007-04-12 16:08:27 5632 -ra------ C:\WINDOWS\System32\kbdkyr.dll
2007-04-12 16:08:25 8192 -ra------ C:\WINDOWS\System32\kbdhept.dll
2007-04-12 16:08:25 6656 -ra------ C:\WINDOWS\System32\kbdhela3.dll
2007-04-12 16:08:25 6144 -ra------ C:\WINDOWS\System32\kbdhela2.dll
2007-04-12 16:08:25 5632 -ra------ C:\WINDOWS\System32\kbdhe319.dll
2007-04-12 16:08:25 5632 -ra------ C:\WINDOWS\System32\kbdhe220.dll
2007-04-12 16:08:25 5632 -ra------ C:\WINDOWS\System32\kbdhe.dll
2007-04-12 16:08:25 6144 -ra------ C:\WINDOWS\System32\kbdgkl.dll
2007-04-12 16:08:24 6144 -ra------ C:\WINDOWS\System32\kbdlv1.dll
2007-04-12 16:08:24 6144 -ra------ C:\WINDOWS\System32\kbdlv.dll
2007-04-12 16:08:24 5632 -ra------ C:\WINDOWS\System32\kbdlt1.dll
2007-04-12 16:08:24 5632 -ra------ C:\WINDOWS\System32\kbdlt.dll
2007-04-12 16:08:24 6144 -ra------ C:\WINDOWS\System32\kbdest.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdycl.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdsl1.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdsl.dll
2007-04-12 16:08:22 5632 --a------ C:\WINDOWS\System32\kbdro.dll
2007-04-12 16:08:22 5632 --a------ C:\WINDOWS\System32\kbdhu1.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdhu.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdcz2.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdcz1.dll
2007-04-12 16:08:22 7168 --a------ C:\WINDOWS\System32\kbdcz.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\kbdcr.dll
2007-04-12 16:08:22 6656 --a------ C:\WINDOWS\System32\KBDAL.DLL
2007-04-12 16:08:21 24661 --a------ C:\WINDOWS\System32\spxcoins.dll
2007-04-12 16:08:21 13312 --a------ C:\WINDOWS\System32\irclass.dll
2007-04-12 16:08:21 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll
2007-04-12 16:08:21 10496 --a------ C:\WINDOWS\System32\drivers\irenum.sys
2007-04-12 16:08:21 85532 --a------ C:\WINDOWS\System32\dgsetup.dll
2007-04-12 16:08:21 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll
2007-04-12 16:08:20 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-04-12 16:08:20 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-12 16:08:20 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-12 16:08:20 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-12 16:08:20 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-12 16:08:20 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-12 16:08:20 69712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-12 16:08:20 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-12 16:08:20 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-12 16:08:20 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-12 16:08:19 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-12 16:08:19 72192 --a------ C:\WINDOWS\System32\storprop.dll
2007-04-12 16:08:19 6656 --a------ C:\WINDOWS\System32\batt.dll
2007-04-12 16:08:19 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-12 16:08:19 67072 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-12 16:07:59 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-04-12 16:07:59 0 d-------- C:\WINDOWS\System32\CatRoot
2007-04-12 16:07:40 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-04-12 15:54:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-12 15:54:40 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-12 15:54:03 0 d-------- C:\Program Files\Lavasoft
2007-04-12 15:51:35 516096 -----n--- C:\WINDOWS\System32\ati2sgag.exe
2007-04-12 15:51:21 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-04-12 15:50:56 0 d-------- C:\ATI
2007-04-12 15:48:49 5888 --a------ C:\WINDOWS\System32\drivers\splitter.sys
2007-04-12 15:48:48 77440 --a------ C:\WINDOWS\System32\drivers\wdmaud.sys
2007-04-12 15:48:46 50048 --a------ C:\WINDOWS\System32\drivers\DMusic.sys
2007-04-12 15:48:46 40960 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-04-12 15:48:43 54272 --a------ C:\WINDOWS\System32\drivers\swmidi.sys
2007-04-12 15:48:40 142208 --a------ C:\WINDOWS\System32\drivers\aec.sys
2007-04-12 15:48:38 159360 --a------ C:\WINDOWS\System32\drivers\kmixer.sys
2007-04-12 15:48:37 2816 --a------ C:\WINDOWS\System32\drivers\drmkaud.sys
2007-04-12 15:48:36 56832 --a------ C:\WINDOWS\System32\drivers\sysaudio.sys
2007-04-12 15:48:23 7040 --a------ C:\WINDOWS\System32\drivers\MSKSSRV.sys
2007-04-12 15:48:22 4608 --a------ C:\WINDOWS\System32\drivers\MSPQM.sys
2007-04-12 15:48:21 5120 --a------ C:\WINDOWS\System32\drivers\MSPCLOCK.sys
2007-04-12 15:48:15 4096 --a------ C:\WINDOWS\System32\ksuser.dll
2007-04-12 15:48:15 44416 --a------ C:\WINDOWS\System32\drivers\stream.sys
2007-04-12 15:48:15 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys
2007-04-12 15:48:15 131712 --a------ C:\WINDOWS\System32\drivers\ks.sys
2007-04-12 15:48:15 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys
2007-04-12 15:48:07 10527744 --a------ C:\WINDOWS\System32\RTLCPL.exe
2007-04-12 15:48:07 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-04-12 15:48:05 143360 --a------ C:\WINDOWS\System32\RtlCPAPI.dll
2007-04-12 15:48:05 3972672 --a------ C:\WINDOWS\System32\drivers\alcxwdm.sys
2007-04-12 15:48:05 577536 --a------ C:\WINDOWS\soundman.exe
2007-04-12 15:48:04 315392 --a------ C:\WINDOWS\alcupd.exe
2007-04-12 15:48:04 217088 --a------ C:\WINDOWS\Alcrmv.exe
2007-04-12 15:48:04 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-12 15:47:29 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\UC.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\RAR.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\LHA.PIF
2007-04-12 15:43:43 545 --a------ C:\WINDOWS\ARJ.PIF
2007-04-12 15:43:43 0 d-------- C:\totalcmd
2007-04-12 15:28:26 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-04-12 15:28:15 0 d--h----- C:\Documents and Settings\USER\Ustawienia lokalne<USTAWI~1>
2007-04-12 15:28:15 0 dr------- C:\Documents and Settings\USER\Ulubione
2007-04-12 15:28:15 0 d--h----- C:\Documents and Settings\USER\Szablony
2007-04-12 15:28:15 0 d-------- C:\Documents and Settings\USER\Pulpit
2007-04-12 15:28:15 4980736 --ah----- C:\Documents and Settings\USER\NTUSER.DAT
2007-04-12 15:28:15 0 dr------- C:\Documents and Settings\USER\Moje dokumenty<MOJEDO~1>
2007-04-12 15:28:15 0 dr------- C:\Documents and Settings\USER\Menu Start<MENUST~1>
2007-04-12 15:28:15 0 dr-h----- C:\Documents and Settings\USER\Dane aplikacji<DANEAP~1>
2007-04-12 15:27:21 0 d-------- C:\WINDOWS\Prefetch
2007-04-12 15:27:21 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-12 15:18:00 0 d-------- C:\WINDOWS\System32\xircom
2007-04-12 15:18:00 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-12 15:17:40 0 -rahs---- C:\MSDOS.SYS
2007-04-12 15:17:40 0 -rahs---- C:\IO.SYS
2007-04-12 15:17:40 0 --a------ C:\CONFIG.SYS
2007-04-12 15:17:40 0 -----n--- C:\AUTOEXEC.BAT
2007-04-12 15:17:27 112128 --a------ C:\WINDOWS\System32\mapi32.dll
2007-04-12 15:16:31 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-12 15:16:31 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-12 15:16:05 0 d-------- C:\WINDOWS\System32\DirectX
2007-04-12 15:15:41 40960 --a------ C:\WINDOWS\System32\safrslv.dll
2007-04-12 15:15:41 26624 --a------ C:\WINDOWS\System32\safrdm.dll
2007-04-12 15:15:41 39424 --a------ C:\WINDOWS\System32\safrcdlg.dll
2007-04-12 15:15:41 33792 --a------ C:\WINDOWS\System32\racpldlg.dll
2007-04-12 15:15:40 11264 --a------ C:\WINDOWS\System32\atrace.dll
2007-04-12 15:15:33 12288 --a------ C:\WINDOWS\System32\nmevtmsg.dll
2007-04-12 15:15:33 32768 --a------ C:\WINDOWS\System32\mnmsrvc.exe
2007-04-12 15:15:33 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll
2007-04-12 15:15:32 67584 --a------ C:\WINDOWS\System32\acctres.dll
2007-04-12 15:15:30 49152 --a------ C:\WINDOWS\System32\inetres.dll
2007-04-12 15:15:27 0 d---s---- C:\WINDOWS\Tasks
2007-04-12 15:15:27 81920 --a------ C:\WINDOWS\System32\isign32.dll
2007-04-12 15:15:27 270336 --a------ C:\WINDOWS\System32\inetcfg.dll
2007-04-12 15:15:27 61440 --a------ C:\WINDOWS\System32\icwphbk.dll
2007-04-12 15:15:27 69632 --a------ C:\WINDOWS\System32\icwdial.dll
2007-04-12 15:15:27 16384 --a------ C:\WINDOWS\System32\icfgnt5.dll
2007-04-12 15:15:24 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-12 15:15:21 0 d-------- C:\WINDOWS\srchasst
2007-04-12 15:15:20 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll
2007-04-12 15:15:20 221696 --a------ C:\WINDOWS\System32\qmgr.dll
2007-04-12 15:15:20 0 d-------- C:\WINDOWS\System32\Macromed
2007-04-12 15:15:19 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-12 15:15:16 159232 --a------ C:\WINDOWS\System32\srsvc.dll
2007-04-12 15:15:16 227328 --a------ C:\WINDOWS\System32\srrstr.dll
2007-04-12 15:15:16 63488 --a------ C:\WINDOWS\System32\srclient.dll
2007-04-12 15:15:16 0 d-------- C:\WINDOWS\System32\Restore
2007-04-12 15:15:16 73728 --a------ C:\WINDOWS\System32\ils.dll
2007-04-12 15:15:16 69248 --a------ C:\WINDOWS\System32\drivers\sr.sys
2007-04-12 15:15:16 0 d-------- C:\WINDOWS\PCHealth
2007-04-12 15:15:15 24576 --a------ C:\WINDOWS\System32\nmmkcert.dll
2007-04-12 15:15:15 65536 --a------ C:\WINDOWS\System32\msconf.dll
2007-04-12 15:15:15 32256 --a------ C:\WINDOWS\System32\mnmdd.dll
2007-04-12 15:15:14 81408 --a------ C:\WINDOWS\System32\msoert2.dll
2007-04-12 15:15:14 228864 --a------ C:\WINDOWS\System32\msoeacct.dll
2007-04-12 15:15:11 160256 --a------ C:\WINDOWS\System32\schedsvc.dll
2007-04-12 15:15:11 9728 --a------ C:\WINDOWS\System32\mstinit.exe
2007-04-12 15:15:11 587776 --a------ C:\WINDOWS\System32\inetcomm.dll
2007-04-12 15:15:10 253952 --a------ C:\WINDOWS\System32\mstask.dll
2007-04-12 15:14:39 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-12 15:14:24 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-12 15:14:19 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-12 15:14:19 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-04-12 15:14:12 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-12 15:14:08 5632 --a------ C:\WINDOWS\System32\write.exe
2007-04-12 15:14:08 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-12 15:14:02 139264 --a------ C:\WINDOWS\System32\sndvol32.exe
2007-04-12 15:14:02 125440 --a------ C:\WINDOWS\System32\sndrec32.exe
2007-04-12 15:14:02 494592 --a------ C:\WINDOWS\System32\hypertrm.dll
2007-04-12 15:14:02 44544 --a------ C:\WINDOWS\System32\hticons.dll
2007-04-12 15:14:02 73216 --a------ C:\WINDOWS\System32\avwav.dll
2007-04-12 15:14:02 231424 --a------ C:\WINDOWS\System32\avtapi.dll
2007-04-12 15:14:02 16384 --a------ C:\WINDOWS\System32\avmeter.dll
2007-04-12 15:14:02 183296 --a------ C:\WINDOWS\System32\accwiz.exe
2007-04-12 15:14:01 35328 --a------ C:\WINDOWS\System32\winchat.exe
2007-04-12 15:13:57 605696 --a------ C:\WINDOWS\System32\getuname.dll
2007-04-12 15:13:57 80896 --a------ C:\WINDOWS\System32\charmap.exe
2007-04-12 15:13:56 119808 --a------ C:\WINDOWS\System32\winmine.exe
2007-04-12 15:13:56 57344 --a------ C:\WINDOWS\System32\sol.exe
2007-04-12 15:13:56 128000 --a------ C:\WINDOWS\System32\mshearts.exe
2007-04-12 15:13:56 55808 --a------ C:\WINDOWS\System32\freecell.exe
2007-04-12 15:13:56 115200 --a------ C:\WINDOWS\System32\calc.exe
2007-04-12 15:13:54 1225 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-04-12 15:13:54 17920 --a------ C:\WINDOWS\System32\tsshutdn.exe
2007-04-12 15:13:54 16384 --a------ C:\WINDOWS\System32\tskill.exe
2007-04-12 15:13:54 15360 --a------ C:\WINDOWS\System32\tsdiscon.exe
2007-04-12 15:13:54 15360 --a------ C:\WINDOWS\System32\tscon.exe
2007-04-12 15:13:54 15360 --a------ C:\WINDOWS\System32\shadow.exe
2007-04-12 15:13:54 9728 --a------ C:\WINDOWS\System32\reset.exe
2007-04-12 15:13:54 61952 --a------ C:\WINDOWS\System32\rdshost.exe
2007-04-12 15:13:54 20232 --a------ C:\WINDOWS\System32\drivers\tdtcp.sys
2007-04-12 15:13:54 11144 --a------ C:\WINDOWS\System32\drivers\tdpipe.sys
2007-04-12 15:13:52 16384 --a------ C:\WINDOWS\System32\rwinsta.exe
2007-04-12 15:13:52 33792 --a------ C:\WINDOWS\System32\regini.exe
2007-04-12 15:13:52 4608 --a------ C:\WINDOWS\System32\rdpcfgex.dll
2007-04-12 15:13:52 22528 --a------ C:\WINDOWS\System32\qwinsta.exe
2007-04-12 15:13:52 19456 --a------ C:\WINDOWS\System32\qprocess.exe
2007-04-12 15:13:51 9728 --a------ C:\WINDOWS\System32\xolehlp.dll
2007-04-12 15:13:51 17408 --a------ C:\WINDOWS\System32\qappsrv.exe
2007-04-12 15:13:51 83968 --a------ C:\WINDOWS\System32\mtxoci.dll
2007-04-12 15:13:51 22528 --a------ C:\WINDOWS\System32\msg.exe
2007-04-12 15:13:51 151040 --a------ C:\WINDOWS\System32\msdtcuiu.dll
2007-04-12 15:13:51 869376 --a------ C:\WINDOWS\System32\msdtctm.dll
2007-04-12 15:13:51 54784 --a------ C:\WINDOWS\System32\msdtclog.dll
2007-04-12 15:13:51 6144 --a------ C:\WINDOWS\System32\msdtc.exe
2007-04-12 15:13:51 15872 --a------ C:\WINDOWS\System32\logoff.exe
2007-04-12 15:13:51 15872 --a------ C:\WINDOWS\System32\cdmodem.dll
2007-04-12 15:13:50 25088 --a------ C:\WINDOWS\System32\mtxlegih.dll
2007-04-12 15:13:50 4096 --a------ C:\WINDOWS\System32\mtxex.dll
2007-04-12 15:13:50 20480 --a------ C:\WINDOWS\System32\mtxdm.dll
2007-04-12 15:13:50 5120 --a------ C:\WINDOWS\System32\dcomcnfg.exe
2007-04-12 15:13:50 82432 --a------ C:\WINDOWS\System32\comrepl.dll
2007-04-12 15:13:50 25600 --a------ C:\WINDOWS\System32\comaddin.dll
2007-04-12 15:13:50 56832 --a------ C:\WINDOWS\System32\colbact.dll
2007-04-12 15:13:49 54272 --a------ C:\WINDOWS\System32\stclient.dll
2007-04-12 15:13:49 495616 --a------ C:\WINDOWS\System32\comuid.dll
2007-04-12 15:13:49 147456 --a------ C:\WINDOWS\System32\comsnap.dll
2007-04-12 15:13:49 468480 --a------ C:\WINDOWS\System32\clbcatq.dll
2007-04-12 15:13:49 100864 --a------ C:\WINDOWS\System32\clbcatex.dll
2007-04-12 15:13:49 85504 --a------ C:\WINDOWS\System32\catsrvps.dll
2007-04-12 15:13:49 215040 --a------ C:\WINDOWS\System32\catsrv.dll
2007-04-12 15:13:41 53248 --a------ C:\WINDOWS\System32\servdeps.dll
2007-04-12 15:13:41 16896 --a------ C:\WINDOWS\System32\mmfutil.dll
2007-04-12 15:13:41 177152 --a------ C:\WINDOWS\System32\cmprops.dll
2007-04-12 15:13:37 9216 --a------ C:\WINDOWS\System32\wuauserv.dll
2007-04-12 15:13:37 189440 --a------ C:\WINDOWS\System32\wuaueng.dll
2007-04-12 15:13:37 142336 --a------ C:\WINDOWS\System32\wuauclt.exe
2007-04-12 15:13:37 534016 --a------ C:\WINDOWS\System32\spider.exe
2007-04-12 15:13:37 342016 --a------ C:\WINDOWS\System32\mspaint.exe
2007-04-12 15:13:37 118272 --a------ C:\WINDOWS\System32\mplay32.exe
2007-04-12 15:13:37 115976 --a------ C:\WINDOWS\System32\drivers\rdpwd.sys
2007-04-12 15:13:37 99328 --a------ C:\WINDOWS\System32\clipbrd.exe
2007-04-12 15:13:37 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-12 15:13:36 89088 --a------ C:\WINDOWS\System32\tscfgwmi.dll
2007-04-12 15:13:36 130048 --a------ C:\WINDOWS\System32\sessmgr.exe
2007-04-12 15:13:36 56832 --a------ C:\WINDOWS\System32\remotepg.dll
2007-04-12 15:13:36 12288 --a------ C:\WINDOWS\System32\rdsaddin.exe
2007-04-12 15:13:36 135680 --a------ C:\WINDOWS\System32\rdchost.dll
2007-04-12 15:13:36 598016 --a------ C:\WINDOWS\System32\mstscax.dll
2007-04-12 15:13:36 390144 --a------ C:\WINDOWS\System32\mstsc.exe
2007-04-12 15:13:34 40960 --a------ C:\WINDOWS\System32\tscupgrd.exe
2007-04-12 15:13:34 201216 --a------ C:\WINDOWS\System32\termsrv.dll
2007-04-12 15:13:34 75912 --a------ C:\WINDOWS\System32\rdpwsx.dll
2007-04-12 15:13:34 14848 --a------ C:\WINDOWS\System32\rdpsnd.dll
2007-04-12 15:13:34 44032 --a------ C:\WINDOWS\System32\rdpclip.exe
2007-04-12 15:13:33 359936 --a------ C:\WINDOWS\System32\msdtcprx.dll
2007-04-12 15:13:33 0 d-------- C:\WINDOWS\System32\MsDtc
2007-04-12 15:13:33 9216 --a------ C:\WINDOWS\System32\icaapi.dll
2007-04-12 15:13:33 0 d-------- C:\WINDOWS\System32\Com
2007-04-12 15:13:33 32768 --a------ C:\WINDOWS\System32\cfgbkend.dll
2007-04-12 15:13:33 582656 --a------ C:\WINDOWS\System32\catsrvut.dll
2007-04-12 15:13:32 1172992 --a------ C:\WINDOWS\System32\comsvcs.dll
2007-04-12 15:13:29 57856 --a------ C:\WINDOWS\System32\licwmi.dll
2007-04-12 15:13:24 38024 --a------ C:\WINDOWS\System32\drivers\termdd.sys
2007-04-12 15:13:24 182400 --a------ C:\WINDOWS\System32\drivers\rdpdr.sys
-- Find3M Report ---------------------------------------------------------------
2007-05-02 11:30:52 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\TrojanHunter<TROJAN~1>
2007-04-30 18:11:26 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Gadu-Gadu<GADU-G~1>
2007-04-23 18:13:01 0 d---s---- C:\Documents and Settings\USER\Dane aplikacji\Microsoft<MICROS~1>
2007-04-17 11:59:49 355486 --a------ C:\WINDOWS\System32\perfh015.dat
2007-04-17 11:59:49 49492 --a------ C:\WINDOWS\System32\perfc015.dat
2007-04-16 12:00:36 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\PC Tools<PCTOOL~1>
2007-04-13 13:13:01 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Help
2007-04-12 16:31:21 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Macromedia<MACROM~1>
2007-04-12 16:23:28 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Lavasoft
2007-04-12 16:08:12 62 --ahs---- C:\Documents and Settings\USER\Dane aplikacji\desktop.ini
2007-04-12 15:54:45 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Mozilla
2007-04-12 15:28:24 0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Identities<IDENTI~1>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-05-02 at 22:43:55 ------------------------
