svchost

[lamer]

Witam Mój problem polega na tym,że jak włacze neta(neostrada) to po pewnym czasie pojawia sie taki błąd:


Dodam jeszcze że optymalizowałem windowsa Game Xp(nie wiem czy ktoś zna ale jest to narzędzie Microsoft'u więc raczej jest pewne).Po formacie partycji systemowej problem powtarza się Ludzie pomóżcie

[Robertj]

Skorzystaj z tego uaktualnienia

http://www.microsoft.com/downloads/details.aspx?displaylang=pl&FamilyID=a87b44b9-7a6a-49b6-bd89-afad4e049c48

[lamer]

NIestety nie pomogło

[wojtas]

daj logi na wszelki wypadek oraz :

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

[lamer]

Użylem tego programu i zrobiłem jak napisałeś, wprawdzie messenger nie chciał sie wlaczyć ale jak naraziewszystko jest ok.Dzięki wojtas19162

[wojtas]

daj logi na wszelki wypadek

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[lamer]

Logfile of HijackThis v1.99.1
Scan saved at 13:04:12, on 2007-03-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programy\GG Lite\GG Lite.exe
C:\Programy\K-Meleon\K-Meleon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DiM\Pulpit\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programy\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30354DB4-7BE8-4F12-A07A-1F8A5669D1FA}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{30354DB4-7BE8-4F12-A07A-1F8A5669D1FA}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Dzi@dek]

Odpal HJ i usun ten wpis:

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll (file missing)

Reszta jest OK

[wojtas]

pokaz silenta i comboscana

http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

[lamer]

comboscan:

ComboScan v20070306.20 run by DiM on 2007-03-24 at 21:23:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-24 20:24:00 UTC - RP1 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis (run as DiM.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:58:55, on 2007-03-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programy\BitComet\BitComet.exe
C:\Programy\K-Meleon\K-Meleon.exe
C:\Documents and Settings\DiM\Pulpit\DharmaProject.exe
C:\Programy\GG Lite\GG Lite.exe
C:\Documents and Settings\DiM\Pulpit\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programy\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30354DB4-7BE8-4F12-A07A-1F8A5669D1FA}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{30354DB4-7BE8-4F12-A07A-1F8A5669D1FA}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\DiM\Pulpit\backups\) ----

backup-20070324-150016-953 O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\system32\drivers\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\system32\drivers\adiusbaw.sys
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
3R hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys
3R NtApm (Sterownik interfejsu NT Apm/Legacy) - C:\WINDOWS\system32\drivers\NtApm.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3R VIAudio (Kontroler VIA AC'97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ac97via.sys
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"


-- Files created between 2007-02-24 and 2007-03-24 -----------------------------

2007-03-24 11:26:55 123972 --a------ C:\WINDOWS\system32\unryxnuq.dll
2007-03-24 11:26:09 468481 ---hs---- C:\WINDOWS\system32\mlnpo.bak2
2007-03-24 11:12:58 0 dr--s---- C:\WINDOWS\assembly
2007-03-24 11:12:54 0 d-------- C:\WINDOWS\Microsoft.NET
2007-03-24 11:11:34 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-24 10:41:18 26730 --a------ C:\WINDOWS\system32\urqromk.dll
2007-03-23 16:34:21 0 d-------- C:\Program Files\Common Files\LightScribe
2007-03-23 16:22:31 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-23 16:22:31 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-23 16:21:38 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-23 16:21:37 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-23 16:21:36 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-23 16:21:35 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-23 16:20:42 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-23 16:17:52 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-23 14:51:14 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-23 14:04:36 0 d-------- C:\Program Files\Java Web Start
2007-03-23 14:03:45 41068 -----n--- C:\WINDOWS\system32\ActPanel.dll
2007-03-23 09:27:27 123972 --a------ C:\WINDOWS\system32\omqrvmpc.dll
2007-03-23 09:27:15 437729 ---hs---- C:\WINDOWS\system32\mlnpo.bak1
2007-03-23 09:24:44 280676 ---hs---- C:\WINDOWS\system32\opnlm.dll
2007-03-22 21:11:44 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-22 21:09:37 280676 --a------ C:\WINDOWS\system32\sstsr.dll
2007-03-22 20:03:36 280676 --a------ C:\WINDOWS\system32\sstqp.dll
2007-03-22 19:48:44 280676 --a------ C:\WINDOWS\system32\nnlkk.dll
2007-03-22 19:32:32 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2007-03-22 19:11:15 280676 --a------ C:\WINDOWS\system32\ljjji.dll
2007-03-22 19:09:12 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-03-22 19:09:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-22 19:09:06 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-22 19:09:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-22 19:08:50 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-22 19:08:42 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-22 19:08:42 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-22 19:02:10 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-22 18:50:34 0 d-------- C:\WINDOWS\SHELLNEW
2007-03-22 18:45:57 280676 --a------ C:\WINDOWS\system32\sstrs.dll
2007-03-22 18:44:04 0 dr-h----- C:\MSOCache
2007-03-22 18:32:50 0 d-------- C:\Program Files\Common Files\{5C934B61-0321-1045-0707-990118000030}<{5C934~1>
2007-03-22 18:28:43 0 d-------- C:\Program Files\Common Files\{3C934B61-0321-1045-0707-990118000030}<{3C934~1>
2007-03-22 18:28:36 26637 -----n--- C:\WINDOWS\system32\hggebcc.dll
2007-03-22 18:27:55 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-22 18:27:55 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-22 18:27:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-22 18:27:16 0 d-------- C:\Programy
2007-03-22 18:20:13 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 18:20:10 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 18:20:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 18:19:51 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 18:19:47 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 18:19:43 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 18:19:38 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 18:19:35 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 18:19:32 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 18:19:28 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 18:19:25 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 18:19:15 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-22 18:19:03 9600 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
2007-03-22 18:18:19 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-22 18:17:59 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-22 18:17:46 2826944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-22 18:17:45 3736704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-22 18:17:28 84480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2007-03-22 18:17:27 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 18:17:27 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 18:17:26 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 18:17:20 42240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-03-22 18:17:09 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-22 18:13:47 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-22 18:13:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-22 18:13:39 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-22 18:13:38 0 dr------- C:\Program Files<PROGRA~1>
2007-03-22 18:13:31 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-22 18:13:31 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-22 18:13:31 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-22 18:13:29 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-22 18:13:29 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-22 18:13:26 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-22 18:13:26 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-22 18:13:26 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-22 18:13:26 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-22 18:13:26 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-22 18:13:25 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-22 18:13:25 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-22 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-22 18:13:23 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-22 18:13:23 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-22 18:13:23 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-22 18:13:23 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-22 18:13:17 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-22 18:13:17 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-22 18:13:17 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-22 18:13:17 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-22 18:13:17 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-22 18:13:16 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-22 18:13:16 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-22 18:13:16 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-22 18:13:16 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-22 18:13:16 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-22 18:13:16 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-22 18:13:14 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-22 18:13:14 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-22 18:13:13 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-22 18:13:13 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-22 18:13:13 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-22 18:13:13 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-22 18:13:12 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-22 18:13:12 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-22 18:13:12 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-22 18:13:11 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-22 18:13:11 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-22 18:13:10 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-22 18:13:10 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-22 18:13:10 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-22 18:13:10 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-22 18:13:10 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-22 18:13:09 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-22 18:13:09 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-22 18:13:08 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-22 18:13:08 70144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-22 18:13:04 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-22 18:12:17 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-22 18:12:17 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-22 18:11:38 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-22 18:10:56 127065 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2007-03-22 18:10:56 1531904 --a------ C:\WINDOWS\adiras.exe
2007-03-22 18:10:55 127456 --a------ C:\WINDOWS\system32\ipdetect.exe
2007-03-22 18:10:55 155648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-03-22 18:10:50 126976 --a------ C:\WINDOWS\system32\coclassfast.dll<COCLAS~1.DLL>
2007-03-22 18:10:47 114688 --a------ C:\WINDOWS\system32\unaddrv.exe
2007-03-22 18:10:47 50007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2007-03-22 18:10:47 4981 --a------ C:\WINDOWS\system32\adadix2k.dll
2007-03-22 18:10:47 46892 --a------ C:\WINDOWS\system32\adadix16.dll
2007-03-22 18:10:41 143360 --a------ C:\WINDOWS\autoclk.exe
2007-03-22 18:10:41 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-22 18:10:34 0 d-------- C:\Program Files\SAGEM
2007-03-22 18:08:47 28672 -ra------ C:\WINDOWS\system32\adinst32.dll
2007-03-22 18:06:48 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-22 18:06:38 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-22 18:02:39 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-22 18:01:56 0 d-------- C:\WINDOWS\pss
2007-03-22 17:59:01 172032 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-22 17:59:01 0 d-------- C:\WINDOWS\nview
2007-03-22 17:58:03 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-22 17:53:16 0 d-------- C:\WINDOWS
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\WinSxS
2007-03-22 17:53:16 0 dr------- C:\WINDOWS\Web
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\twain_32
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\wins
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\wbem
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\usmt
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\spool
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\Setup
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\ras
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\oobe
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\npp
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\mui
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\IME
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\ias
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\export
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\drivers
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-22 17:53:16 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\config
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\3076
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\2052
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1054
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1045
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1042
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1041
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1037
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1033
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1031
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1028
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system32\1025
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\system
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\security
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\repair
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\PeerNet
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\pchealth
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\mui
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\msapps
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\msagent
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Media
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\java
2007-03-22 17:53:16 0 d--h----- C:\WINDOWS\inf
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\ime
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Help
2007-03-22 17:53:16 0 dr--s---- C:\WINDOWS\Fonts
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\ehome
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Debug
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Cursors
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\Config
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\AppPatch
2007-03-22 17:53:16 0 d-------- C:\WINDOWS\addins
2007-03-22 17:52:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-22 17:52:35 27904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-03-22 17:52:08 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 17:50:53 0 d--hs---- C:\WINDOWS\ftpcache
2007-03-22 17:45:20 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-22 17:45:16 0 d-------- C:\WINDOWS\Prefetch
2007-03-22 17:35:49 0 d-------- C:\WINDOWS\system32\xircom
2007-03-22 17:35:48 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-22 17:34:15 0 -rahs---- C:\MSDOS.SYS
2007-03-22 17:34:15 0 -rahs---- C:\IO.SYS
2007-03-22 17:34:15 0 --a------ C:\CONFIG.SYS
2007-03-22 17:34:15 0 --a------ C:\AUTOEXEC.BAT
2007-03-22 17:33:30 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-22 17:30:19 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-22 17:30:19 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-22 17:29:45 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-22 17:29:35 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-22 17:28:54 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-22 17:28:23 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-22 17:28:12 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-22 17:28:10 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-22 17:28:05 0 d---s---- C:\WINDOWS\Tasks
2007-03-22 17:28:05 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-22 17:28:04 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-22 17:27:59 0 d-------- C:\WINDOWS\srchasst
2007-03-22 17:27:58 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-22 17:27:55 120320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-22 17:27:54 36864 --a------ C:\WINDOWS\system32\wups.dll
2007-03-22 17:27:54 113664 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-22 17:27:54 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-22 17:27:54 184320 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-22 17:27:54 1134592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-22 17:27:53 168960 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-22 17:27:53 112128 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-22 17:27:53 431616 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-22 17:27:53 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-22 17:27:53 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-22 17:27:53 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-22 17:27:52 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-22 17:27:47 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-22 17:27:42 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-22 17:27:42 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-22 17:27:42 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-22 17:27:41 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-22 17:27:38 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-22 17:27:38 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-22 17:27:37 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-22 17:27:37 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-22 17:27:37 0 d-------- C:\WINDOWS\system32\Restore
2007-03-22 17:27:37 124800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-22 17:27:36 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-22 17:27:36 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-22 17:27:36 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-22 17:27:35 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-22 17:27:35 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-22 17:27:35 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-22 17:27:35 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-22 17:27:35 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-22 17:27:32 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-22 17:27:32 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-22 17:27:30 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-22 17:27:30 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-22 17:27:28 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-22 17:27:28 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-22 17:27:27 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-22 17:27:27 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-22 17:27:27 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-22 17:27:27 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-22 17:27:26 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-22 17:25:22 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-22 17:24:52 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-22 17:24:19 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-22 17:24:14 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-22 17:24:14 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-22 17:23:58 139264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-22 17:23:58 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-22 17:23:58 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-22 17:23:58 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-22 17:23:57 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-22 17:23:57 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-22 17:23:47 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-22 17:23:47 80896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-22 17:23:47 115200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-22 17:23:46 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-22 17:23:46 57344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-22 17:23:45 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-22 17:23:45 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-22 17:23:45 128000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-22 17:23:45 55808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-22 17:23:44 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-22 17:23:44 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-22 17:23:44 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-22 17:23:44 15360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-22 17:23:44 15360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-22 17:23:44 16384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-22 17:23:44 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-22 17:23:43 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-22 17:23:43 22528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-22 17:23:43 17408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-22 17:23:43 22528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-22 17:23:43 15872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-22 17:23:43 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-22 17:23:41 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-22 17:23:41 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-22 17:23:41 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-22 17:23:41 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-22 17:23:41 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-22 17:23:41 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-22 17:23:41 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-22 17:23:40 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-22 17:23:30 187904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-22 17:23:29 132608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-22 17:23:29 124928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-22 17:23:29 349696 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-22 17:23:28 539136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-22 17:23:28 345088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-22 17:23:28 103424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-22 17:23:28 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-22 17:23:27 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-22 17:23:27 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-22 17:23:27 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-22 17:23:27 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-22 17:23:26 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-22 17:23:26 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-22 17:23:26 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-22 17:23:26 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-22 17:23:26 408576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-22 17:23:25 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-22 17:23:25 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-22 17:23:25 141824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-22 17:23:25 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-22 17:23:25 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-22 17:23:24 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-22 17:23:24 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-22 17:23:24 20992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-22 17:23:24 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-22 17:23:24 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-22 17:23:24 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-22 17:23:24 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-22 17:23:23 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-22 17:23:23 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-22 17:23:23 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-22 17:23:23 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-22 17:23:22 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-22 17:23:22 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-22 17:23:21 0 d-------- C:\WINDOWS\system32\Com
2007-03-22 17:23:21 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-22 17:23:21 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-22 17:23:21 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-22 17:23:21 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-22 17:23:21 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-22 17:23:20 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-22 17:23:20 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-22 17:23:20 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-22 17:23:09 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-22 17:23:09 17920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-22 17:23:08 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-22 17:23:08 187904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-22 17:23:03 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-22 17:23:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys


-- Find3M Report ---------------------------------------------------------------

2007-03-24 19:36:58 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-03-24 12:01:50 0 d---s---- C:\Documents and Settings\DiM\Dane aplikacji\Microsoft<MICROS~1>
2007-03-24 11:41:03 495436 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-24 11:41:02 73532 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-23 19:35:04 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\foobar2000
2007-03-23 13:11:16 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Macromedia
2007-03-23 13:03:04 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\K-Meleon
2007-03-22 21:36:13 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\vlc
2007-03-22 19:08:32 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Real
2007-03-22 18:12:47 62 --ahs---- C:\Documents and Settings\DiM\Dane aplikacji\desktop.ini
2007-03-22 17:46:58 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Identities<IDENTI~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy Handler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ch"
"hkey"="HKLM"
"command"="C:\\Programy\\ch128\\ch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="unryxnuq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\unryxnuq.dll\",setvm"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A25CF3EC-6EF5-4021-9F23-D135E969085B}"=""
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"="\"C:\\Program Files\\Common Files\\{5C934B61-0321-1045-0707-990118000030}\\Update.exe\" mc-110-12-0001291"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"="\"C:\\Program Files\\Common Files\\{5C934B61-0321-1045-0707-990118000030}\\Update.exe\" mc-110-12-0001291"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"="\"C:\\Program Files\\Common Files\\{5C934B61-0321-1045-0707-990118000030}\\Update.exe\" mc-110-12-0001291"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggebcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqromk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-24 at 21:27:47 ------------------------

i

ComboScan v20070306.20 run by DiM on 2007-03-24 at 21:23:37
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish

CPU 0: Procesor Intel Celeron
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 127.55 MiB / 20.73 MiB
Pagefile Memory (total/avail): 307.63 MiB / 90.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1999.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 3.45 GiB total, 1.41 GiB free.
D: is Fixed (FAT32) - 5.86 GiB total, 1.17 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DiM\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIM-32D4FEBE200
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DiM
LOGONSERVER=\\DIM-32D4FEBE200
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DiM\USTAWI~1\Temp
TMP=C:\DOCUME~1\DiM\USTAWI~1\Temp
USERDOMAIN=DIM-32D4FEBE200
USERNAME=DiM
USERPROFILE=C:\Documents and Settings\DiM
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DiM (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aktualizacja dla systemu Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Archiwizator WinRAR --> C:\Programy\WinRAR\uninstall.exe
BearShare --> C:\Programy\BearShare\UNWISE.EXE C:\Programy\BearShare\INSTALL.LOG
BitComet 0.73 --> C:\Programy\BitComet\uninst.exe
foobar2000 v0.9.4.2 --> "C:\Programy\foobar2000\uninstall.exe"
Foxit Reader --> C:\Programy\Foxit Software\Foxit Reader\Uninstall.exe
Gadu-Gadu 7.6 --> C:\Programy\Gadu-Gadu\Setup.exe
HijackThis 1.99.1 --> C:\Documents and Settings\DiM\Pulpit\HijackThis.exe /uninstall
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
jv16 PowerTools 2006 --> "C:\Programy\jv16 PowerTools 2006\unins000.exe"
K-Lite Mega Codec Pack 1.63 --> "C:\Programy\K-Lite Codec Pack\unins000.exe"
K-Meleon (remove only) --> C:\Programy\K-Meleon\uninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
MWSnap 3 --> "C:\Programy\MWSnap\uninstall.exe"
Nero OEM --> C:\Programy\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15
SKoM 1.2.2 --> C:\Programy\Some Kind of Message\uninst.exe
VideoLAN VLC media player 0.8.6 --> C:\Programy\VideoLAN\VLC\uninstall.exe


-- End of ComboScan: finished at 2007-03-24 at 21:27:47 ------------------------

A teraz Silent Runners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{5C934B61-0321-1045-0707-990118000030}" = ""C:\Program Files\Common Files\{5C934B61-0321-1045-0707-990118000030}\Update.exe" mc-110-12-0001291" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{A25CF3EC-6EF5-4021-9F23-D135E969085B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hggebcc.dll" [null data]
{C1B4DEC2-2623-438e-9CA2-C9043AB28508}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Bar888"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll" [file not found]
{EAF7E40C-8671-4A37-83B8-8281300B00F8}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\opnlm.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programy\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{A25CF3EC-6EF5-4021-9F23-D135E969085B}" = "*_" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hggebcc.dll" [null data]
<<!>> "{182B90A3-F372-438A-800C-6814B4DE417B}" = "*_" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\urqromk.dll" [null data]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> hggebcc\DLLName = "hggebcc.dll" [null data]
<<!>> opnlm\DLLName = "C:\WINDOWS\system32\opnlm.dll" [null data]
<<!>> urqromk\DLLName = "urqromk.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CopyHandlerShellExt\(Default) = "{E7A4C2DA-F3AF-4145-AC19-E3B215306A54}"
-> {HKLM...CLSID} = "MenuExt Class"
\InProcServer32\(Default) = "C:\Programy\ch128\chext.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyHandlerShellExt\(Default) = "{E7A4C2DA-F3AF-4145-AC19-E3B215306A54}"
-> {HKLM...CLSID} = "MenuExt Class"
\InProcServer32\(Default) = "C:\Programy\ch128\chext.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programy\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CopyHandlerShellExt\(Default) = "{E7A4C2DA-F3AF-4145-AC19-E3B215306A54}"
-> {HKLM...CLSID} = "MenuExt Class"
\InProcServer32\(Default) = "C:\Programy\ch128\chext.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programy\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMBalloonTip" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}

"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}

"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}

"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "DiM" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programy\Microsoft Office\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 226 seconds, including 18 seconds for message boxes)

[wojtas]

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\unryxnuq.dll
C:\WINDOWS\system32\mlnpo.bak2
C:\WINDOWS\system32\urqromk.dll
C:\WINDOWS\system32\omqrvmpc.dll
C:\WINDOWS\system32\mlnpo.bak1
C:\WINDOWS\system32\opnlm.dll
C:\WINDOWS\system32\sstsr.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\nnlkk.dll
C:\WINDOWS\system32\ljjji.dll
C:\WINDOWS\system32\sstrs.dll
C:\WINDOWS\system32\hggebcc.dll

Folders to delete:

C:\Program Files\Common Files\{5C934B61-0321-1045-0707-990118000030}
C:\Program Files\Common Files\{3C934B61-0321-1045-0707-990118000030}

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

otworz notatnik wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A25CF3EC-6EF5-4021-9F23-D135E969085B}"=-
"{182B90A3-F372-438A-800C-6814B4DE417B}"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{5C934B61-0321-1045-0707-990118000030}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggebcc]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlm]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqromk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + combo

[lamer]

Więc The Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dcggfmie

*******************

Script file located at: \??\C:\WINDOWS\lhkbfkwr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\unryxnuq.dll deleted successfully.
File C:\WINDOWS\system32\mlnpo.bak2 deleted successfully.
File C:\WINDOWS\system32\urqromk.dll deleted successfully.
File C:\WINDOWS\system32\omqrvmpc.dll deleted successfully.
File C:\WINDOWS\system32\mlnpo.bak1 deleted successfully.
File C:\WINDOWS\system32\opnlm.dll deleted successfully.
File C:\WINDOWS\system32\sstsr.dll deleted successfully.
File C:\WINDOWS\system32\sstqp.dll deleted successfully.
File C:\WINDOWS\system32\nnlkk.dll deleted successfully.
File C:\WINDOWS\system32\ljjji.dll deleted successfully.
File C:\WINDOWS\system32\sstrs.dll deleted successfully.
File C:\WINDOWS\system32\hggebcc.dll deleted successfully.
Folder C:\Program Files\Common Files\{5C934B61-0321-1045-0707-990118000030} deleted successfully.
Folder C:\Program Files\Common Files\{3C934B61-0321-1045-0707-990118000030} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

i Comboscan:

ComboScan v20070306.20 run by DiM on 2007-03-25 at 12:34:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-25 12:34:51
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programy\GG Lite\GG Lite.exe
C:\Programy\K-Meleon\k-meleon.exe
C:\Documents and Settings\DiM\Pulpit\comboscan.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A25CF3EC-6EF5-4021-9F23-D135E969085B} - C:\WINDOWS\system32\hggebcc.dll (file missing)
O2 - BHO: (no name) - {B2D70DAF-D702-44FA-9511-85A43493B7F4} - C:\WINDOWS\system32\opnlm.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C934~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programy\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{30354DB4-7BE8-4F12-A07A-1F8A5669D1FA}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Urządzenie alarmowe (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NOD32 Kernel Service (NOD32krn) - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rejestr zdalny (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{B925FE56-EB32-4AB4-8EA6-69E538109621}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-02-25 and 2007-03-25 -----------------------------

2007-03-25 12:23:17 0 d-------- C:\avenger
2007-03-24 12:12:58 0 dr--s---- C:\WINDOWS\assembly
2007-03-24 12:12:54 0 d-------- C:\WINDOWS\Microsoft.NET
2007-03-24 12:11:34 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-23 17:34:21 0 d-------- C:\Program Files\Common Files\LightScribe
2007-03-23 17:22:31 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-23 17:22:31 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-23 17:21:38 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-23 17:21:37 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-23 17:21:36 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-23 17:21:35 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-23 17:20:42 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-23 17:17:52 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-23 15:51:14 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-23 15:04:36 0 d-------- C:\Program Files\Java Web Start
2007-03-23 15:03:45 41068 -----n--- C:\WINDOWS\system32\ActPanel.dll
2007-03-22 22:11:44 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-22 20:32:32 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2007-03-22 20:09:12 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-03-22 20:09:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-22 20:09:06 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-22 20:09:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-22 20:08:50 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-22 20:08:42 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-22 20:08:42 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-22 20:02:10 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-22 19:50:34 0 d-------- C:\WINDOWS\SHELLNEW
2007-03-22 19:44:04 0 dr-h----- C:\MSOCache
2007-03-22 19:27:55 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-22 19:27:55 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-22 19:27:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-22 19:27:16 0 d-------- C:\Programy
2007-03-22 19:20:13 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 19:20:10 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 19:20:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 19:19:51 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 19:19:47 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 19:19:43 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 19:19:38 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 19:19:35 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 19:19:32 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 19:19:28 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 19:19:25 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 19:19:15 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-22 19:19:03 9600 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
2007-03-22 19:18:19 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-22 19:17:59 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-22 19:17:46 2826944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-22 19:17:45 3736704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-22 19:17:28 84480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2007-03-22 19:17:27 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 19:17:27 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 19:17:26 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 19:17:20 42240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-03-22 19:17:09 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-22 19:13:47 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-22 19:13:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-22 19:13:39 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-22 19:13:38 0 dr------- C:\Program Files<PROGRA~1>
2007-03-22 19:13:31 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-22 19:13:31 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-22 19:13:31 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-22 19:13:29 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-22 19:13:29 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-22 19:13:26 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-22 19:13:26 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-22 19:13:26 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-22 19:13:26 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-22 19:13:26 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-22 19:13:25 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-22 19:13:25 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-22 19:13:24 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-22 19:13:23 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-22 19:13:23 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-22 19:13:23 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-22 19:13:23 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-22 19:13:17 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-22 19:13:17 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-22 19:13:17 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-22 19:13:17 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-22 19:13:17 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-22 19:13:16 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-22 19:13:16 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-22 19:13:16 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-22 19:13:16 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-22 19:13:16 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-22 19:13:16 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-22 19:13:14 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-22 19:13:14 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-22 19:13:13 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-22 19:13:13 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-22 19:13:13 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-22 19:13:13 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-22 19:13:12 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-22 19:13:12 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-22 19:13:12 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-22 19:13:11 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-22 19:13:11 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-22 19:13:10 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-22 19:13:10 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-22 19:13:10 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-22 19:13:10 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-22 19:13:10 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-22 19:13:09 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-22 19:13:09 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-22 19:13:08 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-22 19:13:08 70144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-22 19:13:04 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-22 19:12:17 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-22 19:12:17 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-22 19:11:38 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-22 19:10:56 127065 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2007-03-22 19:10:56 1531904 --a------ C:\WINDOWS\adiras.exe
2007-03-22 19:10:55 127456 --a------ C:\WINDOWS\system32\ipdetect.exe
2007-03-22 19:10:55 155648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-03-22 19:10:50 126976 --a------ C:\WINDOWS\system32\coclassfast.dll<COCLAS~1.DLL>
2007-03-22 19:10:47 114688 --a------ C:\WINDOWS\system32\unaddrv.exe
2007-03-22 19:10:47 50007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2007-03-22 19:10:47 4981 --a------ C:\WINDOWS\system32\adadix2k.dll
2007-03-22 19:10:47 46892 --a------ C:\WINDOWS\system32\adadix16.dll
2007-03-22 19:10:41 143360 --a------ C:\WINDOWS\autoclk.exe
2007-03-22 19:10:41 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-22 19:10:34 0 d-------- C:\Program Files\SAGEM
2007-03-22 19:08:47 28672 -ra------ C:\WINDOWS\system32\adinst32.dll
2007-03-22 19:06:48 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-22 19:06:38 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-22 19:02:39 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-22 19:01:56 0 d-------- C:\WINDOWS\pss
2007-03-22 18:59:01 172032 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-22 18:59:01 0 d-------- C:\WINDOWS\nview
2007-03-22 18:58:03 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-22 18:53:16 0 d-------- C:\WINDOWS
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\WinSxS
2007-03-22 18:53:16 0 dr------- C:\WINDOWS\Web
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\twain_32
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\wins
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\wbem
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\usmt
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\spool
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\Setup
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\ras
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\oobe
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\npp
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\mui
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\IME
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\ias
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\export
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\drivers
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-22 18:53:16 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\config
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\3076
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\2052
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1054
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1045
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1042
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1041
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1037
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1033
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1031
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1028
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system32\1025
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\system
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\security
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\repair
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\PeerNet
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\pchealth
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\mui
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\msapps
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\msagent
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Media
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\java
2007-03-22 18:53:16 0 d--h----- C:\WINDOWS\inf
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\ime
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Help
2007-03-22 18:53:16 0 dr--s---- C:\WINDOWS\Fonts
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\ehome
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Debug
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Cursors
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\Config
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\AppPatch
2007-03-22 18:53:16 0 d-------- C:\WINDOWS\addins
2007-03-22 18:52:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-22 18:52:35 27904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-03-22 18:52:08 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 18:50:53 0 d--hs---- C:\WINDOWS\ftpcache
2007-03-22 18:45:20 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-22 18:45:16 0 d-------- C:\WINDOWS\Prefetch
2007-03-22 18:35:49 0 d-------- C:\WINDOWS\system32\xircom
2007-03-22 18:35:48 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-22 18:34:15 0 -rahs---- C:\MSDOS.SYS
2007-03-22 18:34:15 0 -rahs---- C:\IO.SYS
2007-03-22 18:34:15 0 --a------ C:\CONFIG.SYS
2007-03-22 18:34:15 0 --a------ C:\AUTOEXEC.BAT
2007-03-22 18:33:30 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-22 18:30:19 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-22 18:30:19 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-22 18:29:45 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-22 18:29:35 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-22 18:28:54 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-22 18:28:23 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-22 18:28:12 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-22 18:28:10 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-22 18:28:05 0 d---s---- C:\WINDOWS\Tasks
2007-03-22 18:28:05 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-22 18:28:04 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-22 18:27:59 0 d-------- C:\WINDOWS\srchasst
2007-03-22 18:27:58 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-22 18:27:55 120320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-22 18:27:54 36864 --a------ C:\WINDOWS\system32\wups.dll
2007-03-22 18:27:54 113664 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-22 18:27:54 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-22 18:27:54 184320 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-22 18:27:54 1134592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-22 18:27:53 168960 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-22 18:27:53 112128 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-22 18:27:53 431616 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-22 18:27:53 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-22 18:27:53 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-22 18:27:53 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-22 18:27:52 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-22 18:27:47 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-22 18:27:42 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-22 18:27:42 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-22 18:27:42 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-22 18:27:41 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-22 18:27:38 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-22 18:27:38 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-22 18:27:37 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-22 18:27:37 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-22 18:27:37 0 d-------- C:\WINDOWS\system32\Restore
2007-03-22 18:27:37 124800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-22 18:27:36 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-22 18:27:36 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-22 18:27:36 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-22 18:27:35 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-22 18:27:35 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-22 18:27:35 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-22 18:27:35 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-22 18:27:35 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-22 18:27:32 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-22 18:27:32 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-22 18:27:30 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-22 18:27:30 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-22 18:27:28 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-22 18:27:28 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-22 18:27:27 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-22 18:27:27 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-22 18:27:27 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-22 18:27:27 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-22 18:27:26 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-22 18:25:22 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-22 18:24:52 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-22 18:24:19 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-22 18:24:14 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-22 18:24:14 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-22 18:23:58 139264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-22 18:23:58 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-22 18:23:58 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-22 18:23:58 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-22 18:23:57 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-22 18:23:57 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-22 18:23:47 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-22 18:23:47 80896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-22 18:23:47 115200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-22 18:23:46 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-22 18:23:46 57344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-22 18:23:45 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-22 18:23:45 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-22 18:23:45 128000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-22 18:23:45 55808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-22 18:23:44 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-22 18:23:44 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-22 18:23:44 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-22 18:23:44 15360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-22 18:23:44 15360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-22 18:23:44 16384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-22 18:23:44 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-22 18:23:43 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-22 18:23:43 22528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-22 18:23:43 17408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-22 18:23:43 22528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-22 18:23:43 15872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-22 18:23:43 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-22 18:23:41 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-22 18:23:41 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-22 18:23:41 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-22 18:23:41 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-22 18:23:41 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-22 18:23:41 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-22 18:23:41 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-22 18:23:40 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-22 18:23:30 187904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-22 18:23:29 132608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-22 18:23:29 124928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-22 18:23:29 349696 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-22 18:23:28 539136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-22 18:23:28 345088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-22 18:23:28 103424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-22 18:23:28 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-22 18:23:27 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-22 18:23:27 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-22 18:23:27 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-22 18:23:27 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-22 18:23:26 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-22 18:23:26 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-22 18:23:26 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-22 18:23:26 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-22 18:23:26 408576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-22 18:23:25 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-22 18:23:25 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-22 18:23:25 141824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-22 18:23:25 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-22 18:23:25 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-22 18:23:24 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-22 18:23:24 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-22 18:23:24 20992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-22 18:23:24 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-22 18:23:24 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-22 18:23:24 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-22 18:23:24 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-22 18:23:23 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-22 18:23:23 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-22 18:23:23 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-22 18:23:23 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-22 18:23:22 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-22 18:23:22 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-22 18:23:21 0 d-------- C:\WINDOWS\system32\Com
2007-03-22 18:23:21 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-22 18:23:21 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-22 18:23:21 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-22 18:23:21 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-22 18:23:21 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-22 18:23:20 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-22 18:23:20 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-22 18:23:20 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-22 18:23:09 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-22 18:23:09 17920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-22 18:23:08 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-22 18:23:08 187904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-22 18:23:03 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-22 18:23:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys


-- Find3M Report ---------------------------------------------------------------

2007-03-25 12:15:34 435978 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 12:15:34 67078 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-24 20:36:58 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-03-24 13:01:50 0 d---s---- C:\Documents and Settings\DiM\Dane aplikacji\Microsoft<MICROS~1>
2007-03-23 20:35:04 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\foobar2000
2007-03-23 14:11:16 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Macromedia
2007-03-23 14:03:04 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\K-Meleon
2007-03-22 22:36:13 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\vlc
2007-03-22 20:08:32 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Real
2007-03-22 19:12:47 62 --ahs---- C:\Documents and Settings\DiM\Dane aplikacji\desktop.ini
2007-03-22 18:46:58 0 d-------- C:\Documents and Settings\DiM\Dane aplikacji\Identities<IDENTI~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy Handler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ch"
"hkey"="HKLM"
"command"="C:\\Programy\\ch128\\ch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-25 at 12:35:51 ------------------------

[wojtas]

juz jest ok