Aktualizacje na programosy.pl: DVDFab PlatinumOperaKaraokeGarmin ExpressCent BrowserDVDFab HD DecrypterPDF24 CreatorPersonal BackupFolderSizes  

  • Ogłoszenie:

prosze o sprawdzenie logów - bardzo wolny komp

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

prosze o sprawdzenie logów - bardzo wolny komp

Postprzez eMaNeTeWu 14 Cze 2008, 20:30

reklama
Prosze o sprawdzenie logów gdyż mój komp jest strasznie zamulony, długo sie wszystko włącza itp i co jakies 3 min na czas 10 sek mam 100% zuzycie procesora... Przeszkadza to w grach sieciowych jak klatki spadaja do np 5 fps... Oto logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:43, on 2008-06-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
G:\Counter Strike 1.6\Steam.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "g:\counter strike 1.6\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F753D6E6-B4A9-4D89-A7BA-4A851A47CCF6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows updata - Unknown owner - C:\WINDOWS\wupdmgr.exe

--
End of file - 8574 bytes

ComboFix 08-06-12.2 - eMaNeTeWu 2008-06-14 20:57:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1406 [GMT 2:00]
Running from: C:\Documents and Settings\eMaNeTeWu\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PegeFile.pif
F:\Autorun.inf
F:\PegeFile.pif
G:\Autorun.inf
G:\PegeFile.pif
I:\Autorun.inf
I:\PegeFile.pif

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-11 19:45 . 2008-06-11 19:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 19:45 . 2008-06-11 19:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 19:15 . 2007-09-10 04:52 374,784 ---hs---- C:\WINDOWS\wupdmgr.exe
2008-06-11 19:15 . 2007-09-10 04:52 374,784 ---hs---- C:\WINDOWS\system32\_wupdmgr.exe
2008-06-11 19:15 . 2008-06-11 19:15 72 --a------ C:\WINDOWS\ReDelBat.bat
2008-06-10 20:26 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:26 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 12:54 . 2008-06-03 12:54 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-03 12:54 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-05-31 03:01 . 2008-05-31 03:03 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Teleca
2008-05-31 03:00 . 2008-05-31 03:00 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-05-31 03:00 . 2008-05-31 03:00 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-31 03:00 . 2008-05-31 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-05-31 03:00 . 2008-05-31 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-31 03:00 . 2008-05-31 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-31 02:58 . 2008-05-31 02:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-31 02:58 . 2008-05-31 02:58 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-05-31 02:58 . 2008-05-31 02:58 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-05-24 16:44 . 2008-06-12 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-05-24 08:02 . 2008-05-24 08:32 23 --a------ C:\WINDOWS\popcinfot.dat
2008-05-22 20:39 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-22 20:39 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-22 20:39 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-22 20:34 . 2008-05-22 20:34 <DIR> d-------- C:\Program Files\Codemasters
2008-05-21 08:11 . 2008-05-21 08:21 <DIR> d-------- C:\Program Files\OpenVPN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 18:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-14 18:05 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-14 17:24 --------- d-----w C:\Program Files\neostrada tp
2008-06-13 15:36 --------- d-----w C:\Program Files\HLSW
2008-06-07 11:26 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Skype
2008-06-07 11:12 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\skypePM
2008-06-03 20:06 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-22 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 06:47 --------- d-----w C:\Program Files\Tibia Auto
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 13:23 --------- d-----w C:\Program Files\sXe Injected
2008-05-04 05:29 --------- d-----w C:\Program Files\AutoConnect
2008-05-03 13:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-02 12:39 739,240 ----a-w C:\vnc-4_1_2-x86_win32(dobreprogramy.pl).exe
2008-05-02 12:39 --------- d-----w C:\Program Files\RealVNC
2008-04-24 17:24 118,200 --sh--r C:\h8i.com
2008-04-22 11:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 15:00 --------- d-----w C:\Program Files\Bluetooth remote
2008-04-16 19:06 --------- d-----w C:\Program Files\PhotoFiltre
2008-04-15 18:23 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\teamspeak2
2008-04-05 10:31 160,603 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-28 19:12 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-09 16:37 22,328 ----a-w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
2007-09-10 02:52 374,784 --sh--w C:\WINDOWS\wupdmgr.exe
2007-09-10 02:52 374,784 --sh--w C:\WINDOWS\system32\_wupdmgr.exe
.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"Steam"="g:\counter strike 1.6\steam.exe" [2008-03-28 15:40 1271032]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08 196608]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 17:55 32768]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"WireLessKeyboard"="C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe" [2005-11-30 13:48 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 10:55 99328]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
--a------ 2006-12-03 01:14 310784 C:\Program Files\AutoConnect\AutoConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]
--a------ 2007-08-29 15:30 685056 C:\Program Files\INTERIAPL\Stefan\Stefan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 15:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Bin\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Soldat\\Soldat.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\counter-strike\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero deleted scenes\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\deathmatch classic\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\ricochet\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\day of defeat\\hl.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"G:\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
"G:\\Counter Strike 1.6\\steam.exe"=
"G:\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:65535
"65535:UDP"= 65535:UDP:65535

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S2 Windows updata;Windows updata;C:\WINDOWS\wupdmgr.exe [2007-09-10 04:52]
S3 TAP;TAP-Win32 Adapter;C:\WINDOWS\system32\DRIVERS\tapdrvr.sys [2004-05-10 06:32]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
conime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dcaa55d-3a07-11dd-9a35-000e50f342eb}]
\Shell\Auto\command - K:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{626057c8-e158-11dc-9949-000e50f342eb}]
\Shell\Auto\command - K:\PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e601d376-e6dd-11dc-9954-000e50f342eb}]
\Shell\Auto\command - K:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 20:59:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-14 21:01:24
ComboFix-quarantined-files.txt 2008-06-14 19:01:01
ComboFix2.txt 2008-06-14 18:28:08
ComboFix3.txt 2008-01-14 16:36:08
ComboFix4.txt 2008-01-14 11:48:38
ComboFix5.txt 2008-01-14 10:15:22

Pre-Run: 2,598,170,624 bajtów wolnych
Post-Run: 2,586,431,488 bajtów wolnych

214 --- E O F --- 2008-06-11 14:14:03

Ostatnio edytowany przez eMaNeTeWu, 14 Cze 2008, 21:04, edytowano w sumie 1 raz
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez Slime 14 Cze 2008, 20:52

Syfu pelno. Na pierwszy rzut oka to widac. Ale puki co wklej caly log z combo bo ci ucielo
Slime
~user
 
Posty: 90
Dołączenie: 25 Maj 2008, 11:37
Pochwały: 1

Góra

Postprzez Okocza 14 Cze 2008, 23:09

otwórz notatnik i wklej w nim:

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dcaa55d-3a07-11dd-9a35-000e50f342eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{626057c8-e158-11dc-9949-000e50f342eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e601d376-e6dd-11dc-9954-000e50f342eb}]


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


Slime napisał(a):Syfu pelno. Na pierwszy rzut oka to widac



gdzie Ty widzisz pełno syfu :|
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Postprzez Slime 14 Cze 2008, 23:31

Sorry. Cos mi sie pomylilo z oprogramowaniem do tel i z jakims haxem jakiego uzywa;)
Slime
~user
 
Posty: 90
Dołączenie: 25 Maj 2008, 11:37
Pochwały: 1

Góra

Postprzez eMaNeTeWu 15 Cze 2008, 11:44

OK dodałem już do rejestru.
z jakims haxem jakiego uzywa;)


:) mam i używam :) ale nie gram na haxach... poprostu to jest narzedzie admina :)

ok czy to juz wszystko? bo komp dalej muli ... :/
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez Okocza 15 Cze 2008, 11:50

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]


tak jak ostatniom poza tym:

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

oraz Przeskanuj komputer pod względem Trojanów tym programem
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Postprzez eMaNeTeWu 16 Cze 2008, 14:32

Hmm... mam problem bo nie moge wejść do trybu awaryjnego... :( Wciskam F8 i nic sie nie dzieje resetuje kompa i probuje jeszcze raz i pokazuje sie ta stronka ze komputer został zle wyłaczaony itp i do wyboru jest tryb awaryjny, z obsługą sieci, ostatnia znana dobra konfiguracja itp i nie moge zmienic na tryb awaryjny. Komputer nie reaguje na klawiature nic sie nie dzieje nawet jak wcisne enter to musze dalej czekac te 30 sekund i samo sie wlaczy... Poprostu nie moge strzalkami zmienić na tryb awaryjny... Da sie jakos inaczej wejsc w ten tryb... ?
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez Magik 16 Cze 2008, 14:36

eMaNeTeWu napisał(a):Hmm... mam problem bo nie moge wejść do trybu awaryjnego...


wklej do notatnika

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"


ZAPISZ JAKO - SafeBoot.reg i odpal plik.natspenie restart iiiiii :arrow:
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886

Góra

Postprzez eMaNeTeWu 14 Lip 2008, 23:06

SDFix :
Kod: Zaznacz wszystko
SDFix: Version 1.126

Run by eMaNeTeWu on 2008-07-14 at 22:25

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 22:32:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:56,1f,19,5e,cc,42,3d,70,c4,33,f1,60,85,f0,86,e5,dc,f0,ef,b1,5e,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8a,c2,6a,b7,e9,a3,63,6f,9e,79,01,34,7a,b3,40,0f,ac,..
"hdf12"=hex:02,bc,af,0a,f4,3d,ee,f6,a4,2a,f2,89,c1,a9,0b,5b,33,73,69,78,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:da,ba,73,59,cf,df,5b,6e,b0,65,a3,17,55,69,3a,1a,68,39,91,79,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:de,2d,86,87,9d,b4,a2,7e,71,5e,5b,66,1e,ba,ae,c7,77,dd,81,6f,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,aa,b9,5d,b7,73,7e,29,44,fe,dc,a1,7d,db,74,a8,66,8f,..
"hdf12"=hex:7a,2e,65,1c,3e,3e,a0,8e,74,04,c6,db,f1,e0,ff,b1,47,6b,2d,24,81,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:22,a6,75,69,48,b8,cb,34,6b,6e,e8,c2,ca,37,d9,1b,b3,2d,7f,97,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:56,1f,19,5e,cc,42,3d,70,c4,33,f1,60,85,f0,86,e5,dc,f0,ef,b1,5e,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8a,c2,6a,b7,e9,a3,63,6f,9e,79,01,34,7a,b3,40,0f,ac,..
"hdf12"=hex:02,bc,af,0a,f4,3d,ee,f6,a4,2a,f2,89,c1,a9,0b,5b,33,73,69,78,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:da,ba,73,59,cf,df,5b,6e,b0,65,a3,17,55,69,3a,1a,68,39,91,79,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:22,a6,75,69,48,b8,cb,34,6b,6e,e8,c2,ca,37,d9,1b,b3,2d,7f,97,ef,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,aa,b9,5d,b7,73,7e,29,44,fe,dc,a1,7d,db,74,a8,66,8f,..
"hdf12"=hex:7a,2e,65,1c,3e,3e,a0,8e,74,04,c6,db,f1,e0,ff,b1,47,6b,2d,24,81,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:22,a6,75,69,48,b8,cb,34,6b,6e,e8,c2,ca,37,d9,1b,b3,2d,7f,97,ef,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A021C0E-1DF5-5426-272F-A124D7BEB6F8}]
"iacafdjdlmnbemhpfd"=hex:6b,61,67,64,6a,62,70,64,6d,65,64,69,6f,6b,6d,61,6c,6f,6f,6f,63,..
"hamalbeefekhgpcp"=hex:6a,61,6c,64,6c,70,6e,68,62,6c,64,68,66,64,67,68,65,65,6f,63,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Bin\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="C:\\Bin\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\counter-strike\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero deleted scenes\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\deathmatch classic\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\ricochet\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\day of defeat\\hl.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"G:\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"="G:\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe:*:Enabled:Robot Arena 2"
"G:\\Counter Strike 1.6\\steam.exe"="G:\\Counter Strike 1.6\\steam.exe:*:Enabled:Steam"
"G:\\Test Drive Unlimited\\TestDriveUnlimited.exe"="G:\\Test Drive Unlimited\\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\half-life 2 deathmatch\\hl2.exe"="G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\eMaNeTeWu\\Pulpit\\OpenLieroX\\OpenLieroX.exe"="C:\\Documents and Settings\\eMaNeTeWu\\Pulpit\\OpenLieroX\\OpenLieroX.exe:*:Enabled:OpenLieroX"
"C:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JD-WinLauncher.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JD-WinLauncher.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon  3 Mar 2008           568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon  3 Mar 2008         5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Mon 14 Jul 2008       102,912 ..SHR --- "C:\WINDOWS\system32\fool0.dll"
Tue  1 Jul 2008       175,416 ..SHR --- "C:\WINDOWS\system32\kxvo.exe"
Mon 10 Sep 2007       374,784 ..SH. --- "C:\WINDOWS\system32\_wupdmgr.exe"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BIT27B.tmp"
Sat  5 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BITD.tmp"
Sat  5 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BITC.tmp"
Sun 10 Feb 2008           444 ...HR --- "C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

Finished!


[code] ComboFix 08-07-14.2 - eMaNeTeWu 2008-07-14 22:48:15.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1454 [GMT 2:00]
Running from: C:\Bin\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\kxvo.exe
F:\Autorun.inf
G:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 19:41 . 2008-07-01 16:48 175,416 -r-hs---- C:\wak.cmd
2008-07-14 19:17 . 2008-07-14 19:18 <DIR> d-------- C:\Nowy folder
2008-07-14 19:12 . 2008-07-14 19:12 <DIR> d-------- C:\Program Files\UndeleteMyFiles
2008-07-14 17:06 . 2008-07-14 17:08 <DIR> d-------- C:\Program Files\Game Cam
2008-07-14 16:13 . 2008-07-14 17:00 <DIR> d-------- C:\Program Files\Game Cam V2
2008-07-14 10:59 . 2008-07-14 10:59 <DIR> d-------- C:\Program Files\VentSrv
2008-07-14 10:58 . 2008-07-14 10:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 10:30 . 2008-07-12 10:30 <DIR> d-------- C:\Automap
2008-07-09 18:30 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-07-09 18:30 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-05 00:34 . 2008-07-05 00:34 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-03 16:07 . 2008-07-03 16:07 <DIR> d-------- C:\Program Files\MSBuild
2008-07-03 16:05 . 2008-07-03 16:05 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-03 16:03 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-03 13:56 . 2008-07-03 13:56 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony Setup
2008-06-21 13:24 . 2008-06-21 13:24 72 ---hs---- C:\desktop.ini
2008-06-21 12:23 . 2008-06-21 12:23 <DIR> d-------- C:\Program Files\iPod
2008-06-21 12:23 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:38 --------- d-----w C:\Program Files\neostrada tp
2008-07-14 18:34 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Skype
2008-07-14 18:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-14 17:48 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\skypePM
2008-07-14 15:24 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-14 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 07:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-07-13 19:29 --------- d-----w C:\Program Files\HLSW
2008-07-12 08:30 --------- d-----w C:\Program Files\Tibia
2008-07-11 13:09 --------- d-----w C:\Program Files\A4Tech
2008-07-09 15:34 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-09 13:56 --------- d-----w C:\Program Files\Softstunt MOV to AVI MPEG WMV Converter
2008-07-09 13:56 --------- d-----w C:\Program Files\SkanerOnline
2008-07-09 13:53 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Cream Software
2008-07-09 13:52 --------- d-----w C:\Program Files\OpenVPN
2008-07-09 13:52 --------- d-----w C:\Program Files\My Video Converter
2008-07-09 13:51 --------- d-----w C:\Program Files\Multimedia Keyboard Driver
2008-07-09 13:45 --------- d-----w C:\Program Files\eMule
2008-07-09 13:45 --------- d-----w C:\Program Files\ChickenInvaders2Polish
2008-07-09 13:44 --------- d-----w C:\Program Files\Azureus
2008-07-09 13:40 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 10:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-07-07 11:57 --------- d-----w C:\Program Files\Tibia Auto
2008-07-06 07:41 --------- d-----w C:\Program Files\Easy RealMedia Tools
2008-07-06 07:41 --------- d-----w C:\Program Files\Dziobas Rar Player
2008-07-05 15:39 --------- d-----w C:\Program Files\IrfanView
2008-07-05 14:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-03 15:21 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony
2008-07-03 15:16 --------- d-----w C:\Program Files\Sony
2008-07-03 11:56 --------- d-----w C:\Program Files\Sony Setup
2008-06-27 11:33 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Tibia
2008-06-22 19:09 --------- d-----w C:\Program Files\MoorHunt
2008-06-21 10:26 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Apple Computer
2008-06-21 10:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-03 10:54 --------- d-----w C:\Program Files\Total Video Converter
2008-05-31 01:03 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Teleca
2008-05-31 01:00 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-31 01:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-31 01:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-31 01:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-31 00:58 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-05-31 00:58 5,808 ----a-w C:\WINDOWS\system32\drivers\w810wh.sys
2008-01-28 19:12 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-09 16:37 22,328 ----a-w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
2007-09-10 02:52 374,784 --sh--w C:\WINDOWS\system32\_wupdmgr.exe
.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-30_19.12.36.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:06:10 73,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 14:06:08 55,296 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 14:06:11 216,064 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:10:54 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 14:06:10 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:27:18 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:27:18 216,288 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:27:17 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:27:20 723,680 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:27:31 386,784 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
+ 2008-07-03 14:04:19 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-03 14:04:54 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-07-03 14:04:56 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-07-03 14:04:17 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-07-03 14:04:54 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-07-03 14:04:54 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-07-03 14:04:56 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-07-03 14:04:56 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-07-03 14:04:56 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-07-03 14:04:56 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-07-03 14:04:55 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-07-03 14:04:55 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-07-03 14:04:56 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-07-03 14:04:19 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-07-03 14:04:19 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-07-03 14:04:19 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-07-03 14:04:19 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-07-03 14:04:19 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-07-03 14:04:22 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-07-03 14:04:22 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-07-03 14:04:21 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-07-03 14:04:56 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-07-03 14:07:00 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-07-03 14:07:01 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-07-03 14:07:00 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-07-03 14:04:55 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-07-03 14:04:55 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-07-03 14:04:55 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-07-03 14:04:55 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-07-03 14:04:53 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-07-03 14:04:56 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-07-14 07:27:42 53,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\76652dc8a62e45a7eb0c49fb39a51bb6\AjaVideoProperties.ni.dll
+ 2008-07-03 14:10:15 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe
+ 2008-07-14 07:27:59 98,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ControlLibrary\7b7f8fd8ffd70319c320816595f87faf\ControlLibrary.ni.dll
+ 2008-07-14 07:27:52 1,302,528 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\[u]0[/u]d4fe1cb7d25bd70e56d30c8e4389066\CoreGraphics.XmlSerializers.ni.dll
+ 2008-07-14 07:27:48 1,605,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics\b81f4422f2e59f0f1cdbfffbf7f63d2d\CoreGraphics.ni.dll
+ 2008-07-14 07:27:43 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CorePrimitives\e79f3c8b27c7adc5caa10ffe3b4ef4bd\CorePrimitives.ni.dll
+ 2008-07-14 07:27:58 913,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\560f08baa4529f20827d5e59e3698847\CoreUI.XmlSerializers.ni.dll
+ 2008-07-14 07:27:54 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI\81ab0caba66bc0b0841f753b04bc12fc\CoreUI.ni.dll
+ 2008-07-14 07:28:03 46,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop\6af344ea6e630a4c8717aa5cae477c8e\Interop.ni.dll
+ 2008-07-03 14:10:18 1,114,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\[u]0[/u]19a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll
+ 2008-07-03 14:10:19 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-07-03 14:05:26 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-07-03 14:10:29 1,564,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll
+ 2008-07-03 14:05:58 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll
+ 2008-07-03 14:05:57 11,980,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll
+ 2008-07-03 14:06:52 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe
+ 2008-07-03 14:06:48 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\[u]0[/u]766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll
+ 2008-07-03 14:06:48 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll
+ 2008-07-03 14:06:46 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll
+ 2008-07-03 14:06:33 14,659,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll
+ 2008-07-03 14:06:50 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll
+ 2008-07-03 14:06:37 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll
+ 2008-07-03 14:06:42 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll
+ 2008-07-03 14:10:19 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\[u]0[/u]bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe
+ 2008-07-03 14:10:20 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll
+ 2008-07-03 14:10:21 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe
+ 2008-07-14 07:27:39 671,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Capture\4f31623d4eb11b729fd6dc77ee2422e8\Sony.Capture.ni.dll
+ 2008-07-14 07:27:35 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\11bd241106c521da5c914539b53334a3\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2008-07-14 07:27:41 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\11e43b5258478961b80132bec4ae3983\Sony.Vegas.NetRender.ni.dll
+ 2008-07-14 07:27:33 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\6f0e05cf6b78a52491ef4300453acc0d\Sony.Vegas.ni.dll
+ 2008-07-03 14:10:37 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-07-03 14:05:32 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-07-03 14:05:32 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-07-03 14:05:25 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-07-03 14:09:36 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll
+ 2008-07-03 14:09:35 978,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll
+ 2008-07-03 14:09:37 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll
+ 2008-07-03 14:07:26 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\[u]0[/u]0e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-07-03 14:06:44 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll
+ 2008-07-03 14:05:28 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\[u]0[/u]898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-07-03 14:05:29 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-07-03 14:09:41 2,351,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll
+ 2008-07-03 14:10:13 17,354,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll
+ 2008-07-03 14:10:37 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll
+ 2008-07-03 14:07:09 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll
+ 2008-07-03 14:07:21 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll
+ 2008-07-03 14:07:25 2,093,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll
+ 2008-07-03 14:10:41 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll
+ 2008-07-03 14:10:43 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll
+ 2008-07-03 14:05:58 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll
+ 2008-07-03 14:05:58 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll
+ 2008-07-14 07:28:02 1,441,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\[u]0[/u]a5730e190f666f31591a78766c4ee17\WidgetLibrary.ni.dll
+ 2008-07-03 14:05:18 3,260,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll
+ 2008-07-03 14:10:45 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll
+ 2008-07-03 14:10:22 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\[u]0[/u]2436080d129210828823210ce879fd8\WsatConfig.ni.exe
+ 2008-07-09 16:29:46 10,134 ----a-r C:\WINDOWS\Installer\{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe
+ 2008-07-09 16:29:46 136,448 ----a-r C:\WINDOWS\Installer\{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe
+ 2006-10-30 02:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 01:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-29 21:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-29 21:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-29 21:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 01:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 01:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 01:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 01:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 01:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 01:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 01:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 01:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 01:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 01:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 01:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 01:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 01:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 01:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 01:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 01:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 01:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 01:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 01:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 01:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 01:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 01:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 01:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 01:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 01:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 01:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-29 21:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-29 21:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-29 21:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-29 21:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-29 21:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-29 21:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 01:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 01:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 01:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 01:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 01:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 01:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 01:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 01:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 01:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 01:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 01:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 01:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 01:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 01:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 01:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 01:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 01:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 01:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 01:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 01:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 01:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 01:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 01:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-29 21:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-29 21:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 01:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 01:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-03 14:04:08 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2008-07-03 14:04:08 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 01:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 01:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 01:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-10-30 01:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 01:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 01:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 01:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 01:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 01:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 01:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 01:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 01:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-25 19:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 14:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 14:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 12:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-20 19:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-20 19:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-20 19:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-20 19:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-20 19:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-20 19:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2007-12-09 17:00:01 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-07-03 15:20:41 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-07-09 13:41:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2004-08-03 21:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:38:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2006-10-14 14:43:18 27,648 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2004-08-03 22:44:22 73,216 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 13:34:53 73,216 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-03 22:44:06 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:42:21 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-03 22:44:26 56,832 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 13:34:50 55,296 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-03 22:44:26 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 13:34:52 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-14 14:44:44 671,744 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-03 22:44:14 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:39:39 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-08-03 22:44:30 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 13:34:52 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-14 18:21:58 580,352 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2006-10-14 18:22:00 1,698,048 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2008-02-20 05:38:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-10-20 19:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-20 19:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 2008-06-26 14:25:13 260,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-09 16:34:15 259,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-10-30 01:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2006-10-30 01:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
+ 2006-10-30 01:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2004-08-03 22:44:22 73,216 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 13:34:53 73,216 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-20 19:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
- 2004-08-03 22:44:06 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:42:21 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2007-05-15 13:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-07-19 08:55:18 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-03 22:44:26 56,832 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 13:34:50 55,296 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-03 22:44:26 216,064 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 13:34:52 216,064 ----a-w C:\WINDOWS\system32\osk.exe
- 2008-05-31 00:59:08 71,154 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-03 14:07:28 78,934 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-31 00:59:08 89,048 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-07-03 14:07:28 96,828 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-31 00:59:08 423,718 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-03 14:07:28 459,014 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-31 00:59:08 481,234 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-07-03 14:07:28 517,864 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2006-10-24 10:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
+ 2006-10-20 19:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-20 19:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-20 19:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-20 19:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2006-10-14 14:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll
+ 2006-08-24 14:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-10-14 14:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2004-08-04 11:26:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2006-10-14 14:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2004-08-04 11:14:14 198,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2006-10-14 14:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-08-04 11:13:36 620,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-10-14 14:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 14:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-10-14 14:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 14:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-20 19:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2004-08-03 22:44:14 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:39:39 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-03 22:44:30 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 13:34:52 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-24 10:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 10:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
+ 2006-10-24 10:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
+ 2006-10-14 18:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2006-10-14 18:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-20 19:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-11-06 23:19:32 161,784 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2007-11-06 18:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 23:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 23:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19:38 1,156,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2007-11-06 23:19:38 1,162,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 23:19:16 41,472 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-06 23:19:16 41,984 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-06 23:19:28 60,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-06 23:19:28 60,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-06 23:19:28 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-06 23:19:16 47,104 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-06 23:19:16 46,592 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 19:31 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^RocketDock.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^TransBar.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^UberIcon.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
--a------ 2006-12-03 01:14 310784 C:\Program Files\AutoConnect\AutoConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-05-16 11:58 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 17:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2007-09-27 19:20 263
Ostatnio edytowany przez eMaNeTeWu, 14 Lip 2008, 23:28, edytowano w sumie 1 raz
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez wojtas 14 Lip 2008, 23:14

wrzuc caly log na jakis serwerek :P
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Postprzez eMaNeTeWu 14 Lip 2008, 23:32

ComboFix.txt
hijackthis.log

niech będzie tak, chociaz nie utnie :D:D:D
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez wojtas 14 Lip 2008, 23:41

Otworz notatnik i wklej w nim to:

File::
C:\wak.cmd
C:\desktop.ini
C:\WINDOWS\system32\_wupdmgr.exe
C:\WINDOWS\wupdmgr.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab5e8978-4fe5-11dd-9a7d-000e50f342eb}]

Driver::
Windows updata


Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

Autor postu otrzymał pochwałę
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Postprzez eMaNeTeWu 15 Lip 2008, 15:42

Kod: Zaznacz wszystko
ComboFix 08-07-14.2 - eMaNeTeWu 2008-07-15 15:25:04.9 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1542 [GMT 2:00]
Running from: C:\Bin\ComboFix.exe
Command switches used :: C:\Documents and Settings\eMaNeTeWu\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\desktop.ini
C:\wak.cmd
C:\WINDOWS\system32\_wupdmgr.exe
C:\WINDOWS\wupdmgr.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\wak.cmd
C:\WINDOWS\system32\_wupdmgr.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_UPDATA
-------\Service_Windows updata


(((((((((((((((((((((((((   Files Created from 2008-06-15 to 2008-07-15  )))))))))))))))))))))))))))))))
.

2008-07-15 14:56 . 2008-07-15 14:56   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-07-15 14:56 . 2008-07-15 14:56   1,409   --a------   C:\WINDOWS\QTFont.for
2008-07-14 19:17 . 2008-07-14 19:18   <DIR>   d--------   C:\Nowy folder
2008-07-14 19:12 . 2008-07-14 19:12   <DIR>   d--------   C:\Program Files\UndeleteMyFiles
2008-07-14 17:06 . 2008-07-14 17:08   <DIR>   d--------   C:\Program Files\Game Cam
2008-07-14 16:13 . 2008-07-14 17:00   <DIR>   d--------   C:\Program Files\Game Cam V2
2008-07-14 10:59 . 2008-07-14 10:59   <DIR>   d--------   C:\Program Files\VentSrv
2008-07-14 10:58 . 2008-07-14 10:58   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 10:30 . 2008-07-12 10:30   <DIR>   d--------   C:\Automap
2008-07-09 18:30 . 2008-03-03 14:25   5,702   --ah-----   C:\WINDOWS\nod32restoretemdono.reg
2008-07-09 18:30 . 2008-03-03 18:21   568   --ah-----   C:\WINDOWS\nod32fixtemdono.reg
2008-07-05 00:34 . 2008-07-05 00:34   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-07-03 16:07 . 2008-07-03 16:07   <DIR>   d--------   C:\Program Files\MSBuild
2008-07-03 16:05 . 2008-07-03 16:05   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-07-03 16:04 . 2008-07-03 16:04   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-07-03 16:03 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-07-03 13:56 . 2008-07-03 13:56   <DIR>   d--------   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony Setup
2008-06-21 12:23 . 2008-06-21 12:23   <DIR>   d--------   C:\Program Files\iPod
2008-06-21 12:23 . 2004-12-18 20:32   38,229   ---------   C:\WINDOWS\system32\drivers\StMp3Rec.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 13:22   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-07-15 11:58   ---------   d-----w   C:\Program Files\neostrada tp
2008-07-14 18:34   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Skype
2008-07-14 17:48   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\skypePM
2008-07-14 15:24   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-14 15:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-14 07:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-07-13 19:29   ---------   d-----w   C:\Program Files\HLSW
2008-07-12 08:30   ---------   d-----w   C:\Program Files\Tibia
2008-07-11 13:09   ---------   d-----w   C:\Program Files\A4Tech
2008-07-09 15:34   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-07-09 13:56   ---------   d-----w   C:\Program Files\Softstunt MOV to AVI MPEG WMV Converter
2008-07-09 13:56   ---------   d-----w   C:\Program Files\SkanerOnline
2008-07-09 13:53   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Cream Software
2008-07-09 13:52   ---------   d-----w   C:\Program Files\OpenVPN
2008-07-09 13:52   ---------   d-----w   C:\Program Files\My Video Converter
2008-07-09 13:51   ---------   d-----w   C:\Program Files\Multimedia Keyboard Driver
2008-07-09 13:45   ---------   d-----w   C:\Program Files\eMule
2008-07-09 13:45   ---------   d-----w   C:\Program Files\ChickenInvaders2Polish
2008-07-09 13:44   ---------   d-----w   C:\Program Files\Azureus
2008-07-09 13:40   ---------   d-----w   C:\Program Files\Lavasoft
2008-07-08 10:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-07-07 11:57   ---------   d-----w   C:\Program Files\Tibia Auto
2008-07-06 07:41   ---------   d-----w   C:\Program Files\Easy RealMedia Tools
2008-07-06 07:41   ---------   d-----w   C:\Program Files\Dziobas Rar Player
2008-07-05 15:39   ---------   d-----w   C:\Program Files\IrfanView
2008-07-05 14:13   ---------   d-----w   C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-03 15:21   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony
2008-07-03 15:16   ---------   d-----w   C:\Program Files\Sony
2008-07-03 11:56   ---------   d-----w   C:\Program Files\Sony Setup
2008-06-27 11:33   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Tibia
2008-06-22 19:09   ---------   d-----w   C:\Program Files\MoorHunt
2008-06-21 10:26   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Apple Computer
2008-06-21 10:25   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56   34,312   ----a-w   C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48   53,256   ----a-w   C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47   39,944   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
2008-06-03 10:54   ---------   d-----w   C:\Program Files\Total Video Converter
2008-05-31 01:03   ---------   d-----w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Teleca
2008-05-31 01:00   ---------   d-----w   C:\Program Files\Sony Ericsson
2008-05-31 01:00   ---------   d-----w   C:\Program Files\Common Files\Teleca Shared
2008-05-31 01:00   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-31 01:00   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-31 00:58   6,176   ----a-w   C:\WINDOWS\system32\drivers\w810cm.sys
2008-05-31 00:58   5,808   ----a-w   C:\WINDOWS\system32\drivers\w810wh.sys
2008-01-28 19:12   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-09 16:37   22,328   ----a-w   C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
.

------- Sigcheck -------

2007-06-13 15:23  976896  e74ef52c79f3347a0b105b0b92bfed38   C:\WINDOWS\explorer.exe
2007-06-13 15:12  1034752  8db0650b211425b9cdb7d1c4a8f6b482   C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44  1033728  379098a96e6c165b659de7e4328010ea   C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  976896  e74ef52c79f3347a0b105b0b92bfed38   C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot_2008-07-14_23.01.15.90   )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 19:31 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^RocketDock.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^TransBar.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^UberIcon.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
--a------ 2006-12-03 01:14 310784 C:\Program Files\AutoConnect\AutoConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-05-16 11:58 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 17:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2007-09-27 19:20 2633728 C:\Program Files\RivaTuner v2.05\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-03-19 00:05 630784 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 12:38 866816 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 15:40 1271032 g:\Counter Strike 1.6\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]
--a------ 2007-08-29 15:30 685056 C:\Program Files\INTERIAPL\Stefan\Stefan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a------ 2006-12-26 09:08 196608 C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 17:55 32768 C:\PROGRA~1\NEOSTR~1\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 15:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Bin\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Soldat\\Soldat.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\counter-strike\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\condition zero deleted scenes\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\deathmatch classic\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\ricochet\\hl.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\day of defeat\\hl.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"G:\\Counter Strike 1.6\\steam.exe"=
"G:\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"G:\\Counter Strike 1.6\\SteamApps\\emanetewu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Documents and Settings\\eMaNeTeWu\\Pulpit\\OpenLieroX\\OpenLieroX.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JD-WinLauncher.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:65535
"65535:UDP"= 65535:UDP:65535

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 17:30]
S3 TAP;TAP-Win32 Adapter;C:\WINDOWS\system32\DRIVERS\tapdrvr.sys [2004-05-10 06:32]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
conime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b88ccc6-4dc8-11dd-9a73-000e50f342eb}]
\Shell\Auto\command - L:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b88ccc7-4dc8-11dd-9a73-000e50f342eb}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 15:30:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-15 15:40:45 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-15 13:39:41
ComboFix2.txt  2008-07-14 21:02:34
ComboFix3.txt  2008-06-30 17:13:33
ComboFix4.txt  2008-06-14 19:01:25

Pre-Run: 4,455,518,208 bajtów wolnych
Post-Run: 4,453,965,824 bajt˘w wolnych

263   --- E O F ---   2008-07-09 01:00:30
"Co nie może zabić to wzmocni..."
Awatar użytkownika
eMaNeTeWu
~user
 
Posty: 370
Dołączenie: 08 Gru 2006, 17:25
Miejscowość: obróc się to zobaczysz
Pochwały: 29

Góra

Postprzez Okocza 15 Lip 2008, 15:44

otwórz notatnik i wklej:

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b88ccc6-4dc8-11dd-9a73-000e50f342eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b88ccc7-4dc8-11dd-9a73-000e50f342eb}]


zapisujesz jako fix.reg - klikasz 2 razy i dodajesz do rejestru

Autor postu otrzymał pochwałę
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości

Powered by phpBB © Group
Forum Programosy.pl