100% procesor -zamuła

[Gerwazy]

Od jakiegoś mam zamułe na kompie 100% procesor

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:33, on 2008-07-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\xampp\apache\bin\apache.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\apache.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\xampp\xampp-control.exe
C:\Program Files\No-IP\DUC20.exe
C:\Documents and Settings\Gerwazy\Pulpit\SiloeOTS\TheForgottenServer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-21-1123561945-602162358-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O20 - AppInit_DLLs: nhmxejkl.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

--
End of file - 3318 bytes[/code]

Combo

ComboFix 08-07-19.1 - Gerwazy 2008-07-20 11:49:44.1 - NTFSx86

Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\linkinfo.dll
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ceshleo.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\dllcache\qxchost.exe
C:\WINDOWS\system32\dllcache\shvhost.exe
C:\WINDOWS\system32\dllcache\wintcps.exe
C:\WINDOWS\system32\dndsaf.dll
C:\WINDOWS\system32\drivers\cdralw.sys
C:\WINDOWS\system32\fackwir.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\irdvxc.exe
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\jkhxaklo.dll
C:\WINDOWS\system32\joliom.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\lpmxajkl.exe
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\urdvxc.exe
C:\WINDOWS\system32\welycz.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zptldsys.dll
C:\WINDOWS\system32\zycdex.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRALW
-------\Legacy_LOGITECH_QUICKCAM_MANAGER
-------\Legacy_MICROSOFT_AGENT
-------\Legacy_MICROSOFT_WINDOWS_TCP_PROTOCOL
-------\Service_cdralw
-------\Service_Logitech QuickCam Manager
-------\Service_Microsoft Agent
-------\Service_Microsoft Windows TCP Protocol


((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-19 22:21 . 2008-07-19 22:21 225,792 --ah----- C:\WINDOWS\system32\jfdses.dll
2008-07-18 18:52 . 2008-07-18 18:56 <DIR> d-------- C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 15:53 . 2008-07-19 12:27 <DIR> d-------- C:\!KillBox
2008-07-18 13:08 . 2008-07-19 12:33 424 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 13:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35 96,256 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40 92,672 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33 92,160 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21 91,648 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-18 13:07 . 2003-06-05 21:13 65,536 --a------ C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50 60,928 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36 35,328 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 21:41 . 2008-07-20 11:36 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-16 21:07 . 2008-07-19 01:14 24,576 --a------ C:\WINDOWS\system32\comremo.dll
2008-07-16 21:06 . 2008-07-19 01:14 225,792 --ah----- C:\WINDOWS\system32\zsdgff.dll
2008-07-16 21:05 . 2008-07-19 01:13 240,128 --ah----- C:\WINDOWS\system32\fmcvxy.dll
2008-07-16 21:05 . 2008-07-19 01:13 225,792 --ah----- C:\WINDOWS\system32\jhfrxz.dll
2008-07-16 21:05 . 2008-07-19 01:13 24,576 --a------ C:\WINDOWS\system32\myasemt.dll
2008-07-16 21:04 . 2008-07-19 01:15 36,864 --a------ C:\WINDOWS\system32\ezcron.dll
2008-07-16 21:04 . 2008-07-19 01:13 24,064 --a------ C:\WINDOWS\system32\ezcronk.exe
2008-07-16 15:38 . 2008-07-16 15:38 <DIR> d-------- C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-13 19:55 <DIR> d-------- C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-13 19:27 <DIR> d-------- C:\xampp
2008-07-13 17:47 . 2008-07-13 17:47 <DIR> d-------- C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48 40,230 --a------ C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48 427 --a------ C:\WINDOWS\my.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:46 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-20 09:46 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-20 09:36 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-16 16:55 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-07-14 22:33 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-14 16:03 --------- d-----w C:\Program Files\Tibia
2008-07-13 13:01 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 12:53 --------- d-----w C:\Program Files\Thomson
2008-07-13 12:32 --------- d-----w C:\Program Files\ToniArts
2008-07-13 12:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 12:25 --------- d-----w C:\Program Files\Trend Micro
2008-07-13 12:23 --------- d-----w C:\Program Files\Gigabyte
2008-07-13 12:22 --------- d-----w C:\Program Files\VIA
2008-07-13 12:21 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-13 12:21 --------- d-----w C:\Program Files\AvRack
2008-07-13 12:20 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16 --------- d-----w C:\Program Files\ATI Technologies
2008-07-13 12:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 12:03 558,142 ----a-w C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03 155,995 ----a-w C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02 --------- d-----w C:\Program Files\Usługi online
2004-08-08 23:15 27,370 --sh--w C:\WINDOWS\system32\dehxaklo.exe
2004-08-08 16:38 535,560 --sh--w C:\WINDOWS\system32\nhmxejkl.dll
2004-08-08 23:15 1,560 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 23:22 520 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
2004-08-08 23:22 29,087 --sh--w C:\WINDOWS\system32\zscqahlp.exe
.

------- Sigcheck -------

2002-09-29 00:00 22528 2c32caaba2bc6829af189b3016d620ba C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00 22528 071c877a8eda62c4a76925c1ad68aab0 C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00 1015296 c7532a235215d2e24c78bfd4caa250bd C:\WINDOWS\explorer.exe
2002-09-29 00:00 1015296 a423f0c63f6a3379a37c4684fb574667 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00 23040 044cdaa60f99a5a6fb9750ff4f5ff80e C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00 23040 01694517324cc9e45741a7123a2d725c C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00 60928 b2a4425b93ced041f4c74c343da23494 C:\WINDOWS\system32\spoolsv.exe
2002-09-29 00:00 60928 089feced29d0370e2589e4b47081061f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 887296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7914E0AA-ECCB-4311-B584-C49538227824}"= "C:\WINDOWS\System32\jhfrxz.dll" [2008-07-19 01:13 225792]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\System32\fmcvxy.dll" [2008-07-19 01:13 240128]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= "C:\WINDOWS\System32\zsdgff.dll" [2008-07-19 01:14 225792]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\System32\jfdses.dll" [2008-07-19 22:21 225792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-20 11:46 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nhmxejkl.dll

R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S4 MSDisk;Network helper Service;C:\WINDOWS\System32\irdvxc.exe []
S4 MSWindows;Network Windows Service;C:\WINDOWS\System32\urdvxc.exe []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 11:52:58
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-07-20 11:55:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 09:55:03

Pre-Run: 28,243,271,680 bajtów wolnych
Post-Run: 28,207,529,984 bajt˘w wolnych

191

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\comremo.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\myasemt.dll
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\system32\dehxaklo.exe
C:\WINDOWS\system32\nhmxejkl.dll
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\zscqahlp.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7914E0AA-ECCB-4311-B584-C49538227824}"=-
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"=-
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"=-
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
"appinit_dlls"=""

Driver::
Network Windows Service
Network helper Service

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[gloni]

na fix w HijackThis tryb awaryjny :

Kod: Zaznacz wszystko

   O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll

zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

[Gerwazy]

Z Combofixa tylko takie coś

pushd "C:\327882R2FWJFW\"
Killing '2704'
C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 C:\327882R2FWJFW\nircmd.inf (2704)

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gerwazy\Dane aplikacji
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GERWAZY-3N67HOH
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gerwazy
kmd=CF7969.exe
LOGONSERVER=\\GERWAZY-3N67HOH
NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Gerwazy\USTAWI~1\Temp
TMP=C:\DOCUME~1\Gerwazy\USTAWI~1\Temp
USERDOMAIN=GERWAZY-3N67HOH
USERNAME=Gerwazy
USERPROFILE=C:\Documents and Settings\Gerwazy
windir=C:\WINDOWS

=============================================


if not defined sfxname goto END

If ["C:\Documents and Settings\Gerwazy\Pulpit\CFScript.txt"] == [] Set "SfxCmd="

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

if exist "C:\DOCUME~1\Gerwazy\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\Gerwazy\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF7969.exe"
Liczba skopiowanych plik˘w: 1.

if not exist "C:\WINDOWS\system32\CF7969.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF7969.exe"

For /F "tokens=*" %g in ("C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)

Set FileName 1>FileName 2>nul

GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)

DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00

Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

If exist dirname0? del /Q dirname0?

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
Killing 'Findstr'
Killing '*.cfexe'

If exist "\ComboFix" rd /s/q "\ComboFix"

If exist "\ComboFix" goto :eof

[Magik]

Z Combofixa tylko takie coś

powinien sie wygenerowac nowy log, jesli zrobiles tak jak wojtas Ci napisal

Kod: Zaznacz wszystko

Plik >>> zapisz jako CFScript.txt

wklej nowy log, ktory sie wygeneruje i odpalaj Sdfix

[Gerwazy]

ComboFix

ComboFix 08-07-19.1 - Gerwazy 2008-07-20 15:16:22.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.161 [GMT 2:00]
Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerwazy\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\system32\comremo.dll
C:\WINDOWS\system32\dehxaklo.exe
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\myasemt.dll
C:\WINDOWS\system32\nhmxejkl.dll
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\zscqahlp.exe
C:\WINDOWS\system32\zsdgff.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ceshleo.dll
C:\WINDOWS\system32\comremo.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\dehxaklo.exe
C:\WINDOWS\system32\dndsaf.dll
C:\WINDOWS\system32\drivers\cdralw.sys
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\jkhxaklo.dll
C:\WINDOWS\system32\joliom.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\myasemt.dll
C:\WINDOWS\system32\nhmxejkl.dll
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\welycz.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zptldsys.dll
C:\WINDOWS\system32\zscqahlp.exe
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\zycdex.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRALW
-------\Legacy_LOGITECH_QUICKCAM_MANAGER
-------\Legacy_MICROSOFT_AGENT
-------\Legacy_MICROSOFT_WINDOWS_TCP_PROTOCOL
-------\Service_cdralw


((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 12:32 . 2008-07-20 12:32 28,672 --a------ C:\WINDOWS\system32\woswelc.dll
2008-07-18 18:52 . 2008-07-18 18:56 <DIR> d-------- C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:08 . 2008-07-19 12:33 424 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 13:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35 96,256 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40 92,672 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33 92,160 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21 91,648 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-18 13:07 . 2003-06-05 21:13 65,536 --a------ C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50 60,928 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36 35,328 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-16 15:38 <DIR> d-------- C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-13 19:55 <DIR> d-------- C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-13 19:27 <DIR> d-------- C:\xampp
2008-07-13 17:47 . 2008-07-13 17:47 <DIR> d-------- C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48 40,230 --a------ C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48 427 --a------ C:\WINDOWS\my.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-14 16:03 --------- d-----w C:\Program Files\Tibia
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\tsbjbtvn.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\jjlenkbt.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\jbnshhqj.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\hwexrtne.exe
2008-07-14 13:30 88,064 ----a-w C:\WINDOWS\Help\bzehxvnz.exe
2008-07-13 13:01 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 12:53 --------- d-----w C:\Program Files\Thomson
2008-07-13 12:32 --------- d-----w C:\Program Files\ToniArts
2008-07-13 12:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 12:25 --------- d-----w C:\Program Files\Trend Micro
2008-07-13 12:23 --------- d-----w C:\Program Files\Gigabyte
2008-07-13 12:22 --------- d-----w C:\Program Files\VIA
2008-07-13 12:21 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-13 12:21 --------- d-----w C:\Program Files\AvRack
2008-07-13 12:20 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16 --------- d-----w C:\Program Files\ATI Technologies
2008-07-13 12:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 12:03 558,142 ----a-w C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03 155,995 ----a-w C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02 --------- d-----w C:\Program Files\Usługi online
.

------- Sigcheck -------

2002-09-29 00:00 22528 2c32caaba2bc6829af189b3016d620ba C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00 22528 071c877a8eda62c4a76925c1ad68aab0 C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00 1015296 c7532a235215d2e24c78bfd4caa250bd C:\WINDOWS\explorer.exe
2002-09-29 00:00 1015296 a423f0c63f6a3379a37c4684fb574667 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00 23040 044cdaa60f99a5a6fb9750ff4f5ff80e C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00 23040 01694517324cc9e45741a7123a2d725c C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00 60928 b2a4425b93ced041f4c74c343da23494 C:\WINDOWS\system32\spoolsv.exe
2002-09-29 00:00 60928 089feced29d0370e2589e4b47081061f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 887296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S4 MSDisk;Network helper Service;C:\WINDOWS\System32\irdvxc.exe []
S4 MSWindows;Network Windows Service;C:\WINDOWS\System32\urdvxc.exe []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 15:19:08
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-07-20 15:20:52 - machine was rebooted [Gerwazy]
ComboFix-quarantined-files.txt 2008-07-20 13:20:49

Pre-Run: 28,239,495,168 bajtów wolnych
Post-Run: 28,234,342,400 bajt˘w wolnych

196

SDFix

SDFix: Version 1.206
Run by Gerwazy on 2008-07-20 at 15:26

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MSDisk
MSWindows

Path :
"C:\WINDOWS\System32\irdvxc.exe" /service
"C:\WINDOWS\System32\urdvxc.exe" /service

MSDisk - Deleted
MSWindows - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 15:30:54
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

Remaining Files :



Files with Hidden Attributes :


Finished!

[Magik]

dalej wklejasz do notatnika

Kod: Zaznacz wszystko

FILE::

C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\bzehxvnz.exe
C:\WINDOWS\Help\tsbjbtvn.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa jak poprzednio

[Gerwazy]

ComboFix 08-07-19.1 - Gerwazy 2008-07-20 15:47:23.3 - NTFSx86

Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerwazy\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Help\bzehxvnz.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\tsbjbtvn.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Help\bzehxvnz.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\tsbjbtvn.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 15:36 . 2008-07-20 15:36 <DIR> d-------- C:\VundoFix Backups
2008-07-20 15:33 . 2008-07-20 15:33 <DIR> d-------- C:\WINDOWS\system32\win1
2008-07-20 15:33 . 2008-07-20 15:33 <DIR> d-------- C:\WINDOWS\system32\sys3
2008-07-20 15:33 . 2008-07-20 15:33 204,876 --a------ C:\WINDOWS\system32\lcntstdm.exe
2008-07-20 15:33 . 2008-07-20 15:33 152,194 --a------ C:\WINDOWS\system32\g22.exe
2008-07-20 15:33 . 2008-07-20 15:33 88,186 --a------ C:\Temp\dpgFG87.exe
2008-07-20 15:33 . 2008-07-20 15:33 64,332 --a------ C:\WINDOWS\system32\tyndhekuoprhlj.exe
2008-07-20 15:32 . 2008-07-20 15:32 <DIR> d-------- C:\WINDOWS\system32\carH04
2008-07-20 15:32 . 2008-07-20 15:34 <DIR> d-------- C:\Temp\btxv15
2008-07-20 15:32 . 2008-07-20 15:47 <DIR> d-------- C:\Temp
2008-07-20 15:24 . 2008-07-20 15:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-20 15:24 . 2008-07-20 15:31 <DIR> d-------- C:\SDFix
2008-07-20 12:32 . 2008-07-20 12:32 28,672 --a------ C:\WINDOWS\system32\woswelc.dll
2008-07-18 18:52 . 2008-07-18 18:56 <DIR> d-------- C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:08 . 2008-07-19 12:33 424 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 13:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35 96,256 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40 92,672 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33 92,160 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21 91,648 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-18 13:07 . 2003-06-05 21:13 65,536 --a------ C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50 60,928 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36 35,328 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-16 15:38 <DIR> d-------- C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-13 19:55 <DIR> d-------- C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-13 19:27 <DIR> d-------- C:\xampp
2008-07-13 17:47 . 2008-07-13 17:47 <DIR> d-------- C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48 40,230 --a------ C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48 427 --a------ C:\WINDOWS\my.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 13:47 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-20 13:43 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-14 16:03 --------- d-----w C:\Program Files\Tibia
2008-07-13 13:01 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 12:53 --------- d-----w C:\Program Files\Thomson
2008-07-13 12:32 --------- d-----w C:\Program Files\ToniArts
2008-07-13 12:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 12:25 --------- d-----w C:\Program Files\Trend Micro
2008-07-13 12:23 --------- d-----w C:\Program Files\Gigabyte
2008-07-13 12:22 --------- d-----w C:\Program Files\VIA
2008-07-13 12:21 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-13 12:21 --------- d-----w C:\Program Files\AvRack
2008-07-13 12:20 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16 --------- d-----w C:\Program Files\ATI Technologies
2008-07-13 12:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 12:03 558,142 ----a-w C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03 155,995 ----a-w C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02 --------- d-----w C:\Program Files\Usługi online
.

------- Sigcheck -------

2002-09-29 00:00 22528 2c32caaba2bc6829af189b3016d620ba C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00 22528 071c877a8eda62c4a76925c1ad68aab0 C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00 1015296 c7532a235215d2e24c78bfd4caa250bd C:\WINDOWS\explorer.exe
2002-09-29 00:00 1015296 a423f0c63f6a3379a37c4684fb574667 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00 23040 044cdaa60f99a5a6fb9750ff4f5ff80e C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00 23040 01694517324cc9e45741a7123a2d725c C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00 60928 b2a4425b93ced041f4c74c343da23494 C:\WINDOWS\system32\spoolsv.exe
2002-09-29 00:00 60928 089feced29d0370e2589e4b47081061f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-20_15.20.40.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-17 10:57:07 173,056 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-20 13:24:42 1,310,720 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-20 13:24:42 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-17 10:57:07 173,056 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-20 13:24:38 1,310,720 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-20 13:24:38 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2003-02-20 17:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2003-02-20 17:09:46 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-21 05:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 05:24:10 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
- 2003-02-21 08:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 08:20:44 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 02:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 02:12:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
- 2003-02-21 05:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 05:24:38 17,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
- 2003-02-20 17:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 17:09:40 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 05:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 05:24:42 25,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
- 2003-02-21 05:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 05:24:52 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
- 2003-02-20 17:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 17:09:46 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
- 2003-02-21 05:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 05:25:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
- 2003-02-21 08:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 08:20:38 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2002-09-28 22:00:00 235,008 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2002-09-28 22:00:00 244,736 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-07-18 17:49:16 45,056 ----a-w C:\WINDOWS\system32\carH04\carH041066.exe
- 2008-07-20 13:18:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-20 13:33:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-20 13:18:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-20 13:33:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-20 13:33:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008070720080714\index.dat
+ 2008-07-20 13:33:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008072020080721\index.dat
- 2008-07-20 13:18:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-20 13:33:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-28 22:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\inetwiz.exe
+ 2002-09-28 22:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\inetwiz.exe
- 2002-09-28 22:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\ipconfig.exe
+ 2002-09-28 22:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\ipconfig.exe
- 2002-09-28 22:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
+ 2002-09-28 22:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
- 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\ipxroute.exe
+ 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\ipxroute.exe
- 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe
+ 2002-09-28 22:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe
- 2002-09-28 22:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\label.exe
+ 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\label.exe
- 2002-09-28 22:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe
+ 2002-09-28 22:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe
- 2002-09-28 22:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
+ 2002-09-28 22:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
- 2002-09-28 22:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe
+ 2002-09-28 22:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe
- 2002-09-28 22:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe
+ 2002-09-28 22:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe
- 2002-09-28 22:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2002-09-28 22:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2002-09-28 22:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\logman.exe
+ 2002-09-28 22:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\logman.exe
- 2002-09-28 22:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe
+ 2002-09-28 22:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe
- 2002-09-28 22:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
+ 2002-09-28 22:00:00 514,560 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
- 2002-09-28 22:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe
+ 2002-09-28 22:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe
- 2002-09-28 22:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe
+ 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe
- 2002-09-28 22:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2002-09-28 22:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2002-09-28 22:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2002-09-28 22:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2002-09-28 22:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\makecab.exe
+ 2002-09-28 22:00:00 89,088 -c--a-w C:\WINDOWS\system32\dllcache\makecab.exe
- 2002-09-28 22:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe
+ 2002-09-28 22:00:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe
- 2002-09-28 22:00:00 99,328 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2002-09-28 22:00:00 109,056 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
- 2002-09-28 22:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2002-09-28 22:00:00 232,960 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2002-09-28 22:00:00 242,688 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe
- 2002-09-28 22:00:00 229,376 -c--a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe
+ 2002-09-28 22:00:00 239,104 -c--a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe
- 2002-09-28 22:00:00 774,656 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
+ 2002-09-28 22:00:00 784,384 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
- 2002-09-28 22:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe
+ 2002-09-28 22:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe
- 2002-09-28 22:00:00 136,192 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
+ 2002-09-28 22:00:00 145,920 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
- 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
+ 2002-09-28 22:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
- 2002-09-28 22:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe
+ 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe
- 2002-09-28 22:00:00 806,969 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2002-09-28 22:00:00 819,257 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2002-09-28 22:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\mplay32.exe
+ 2002-09-28 22:00:00 128,000 -c--a-w C:\WINDOWS\system32\dllcache\mplay32.exe
- 2002-09-28 22:00:00 4,639 -c--a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
+ 2002-09-28 22:00:00 14,367 -c--a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
- 2002-09-28 22:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
+ 2002-09-28 22:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
- 2002-09-28 22:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\mqbkup.exe
+ 2002-09-28 22:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mqbkup.exe
- 2002-09-28 22:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\mqsvc.exe
+ 2002-09-28 22:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\mqsvc.exe
- 2002-09-28 22:00:00 97,792 -c--a-w C:\WINDOWS\system32\dllcache\mqtgsvc.exe
+ 2002-09-28 22:00:00 107,520 -c--a-w C:\WINDOWS\system32\dllcache\mqtgsvc.exe
- 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
+ 2002-09-28 22:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
- 2002-09-28 22:00:00 146,944 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2002-09-28 22:00:00 156,672 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
- 2002-09-28 22:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\msdtc.exe
+ 2002-09-28 22:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\msdtc.exe
- 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe
+ 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe
- 2002-09-28 22:00:00 128,000 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
+ 2002-09-28 22:00:00 137,728 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
- 2002-09-28 22:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2002-09-28 22:00:00 64,512 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2002-09-28 22:00:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2002-09-28 22:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\msimn.exe
+ 2002-09-28 22:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\msimn.exe
- 2002-09-28 22:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
+ 2002-09-28 22:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
- 2002-09-28 22:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\msiregmv.exe
+ 2002-09-28 22:00:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\msiregmv.exe
- 2002-09-28 22:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe
+ 2002-09-28 22:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe
- 2002-09-28 22:00:00 342,016 -c--a-w C:\WINDOWS\system32\dllcache\mspaint.exe
+ 2002-09-28 22:00:00 351,744 -c--a-w C:\WINDOWS\system32\dllcache\mspaint.exe
- 2002-09-28 22:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe
+ 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe
- 2002-09-28 22:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\mstinit.exe
+ 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\mstinit.exe
- 2002-09-28 22:00:00 390,144 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
+ 2002-09-28 22:00:00 399,872 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
- 2002-09-28 22:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\mtstocom.exe
+ 2002-09-28 22:00:00 120,832 -c--a-w C:\WINDOWS\system32\dllcache\mtstocom.exe
- 2002-09-28 22:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2002-09-28 22:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2002-09-28 22:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
+ 2002-09-28 22:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
- 2002-09-28 22:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\nddeapir.exe
+ 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\nddeapir.exe
- 2002-09-28 22:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\net.exe
+ 2002-09-28 22:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\net.exe
- 2002-09-28 22:00:00 115,200 -c--a-w C:\WINDOWS\system32\dllcache\net1.exe
+ 2002-09-28 22:00:00 124,928 -c--a-w C:\WINDOWS\system32\dllcache\net1.exe
- 2002-09-28 22:00:00 109,568 -c--a-w C:\WINDOWS\system32\dllcache\netdde.exe
+ 2002-09-28 22:00:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\netdde.exe
- 2002-09-28 22:00:00 83,968 -c--a-w C:\WINDOWS\system32\dllcache\netsh.exe
+ 2002-09-28 22:00:00 93,696 -c--a-w C:\WINDOWS\system32\dllcache\netsh.exe
- 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\netstat.exe
+ 2002-09-28 22:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\netstat.exe
- 2002-09-28 22:00:00 67,072 -c--a-w C:\WINDOWS\system32\dllcache\notepad.exe
+ 2002-09-28 22:00:00 76,800 -c--a-w C:\WINDOWS\system32\dllcache\notepad.exe
- 2002-09-28 22:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe
+ 2002-09-28 22:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe
- 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\nppagent.exe
+ 2002-09-28 22:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\nppagent.exe
- 2002-09-28 22:00:00 74,752 -c--a-w C:\WINDOWS\system32\dllcache\nslookup.exe
+ 2002-09-28 22:00:00 84,480 -c--a-w C:\WINDOWS\system32\dllcache\nslookup.exe
- 2002-09-28 22:00:00 1,157,120 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
+ 2002-09-28 22:00:00 1,166,848 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
- 2002-09-28 22:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe
+ 2002-09-28 22:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe
- 2002-09-28 22:00:00 396,288 -c--a-w C:\WINDOWS\system32\dllcache\ntvdm.exe
+ 2002-09-28 22:00:00 406,016 -c--a-w C:\WINDOWS\system32\dllcache\ntvdm.exe
- 2002-09-28 22:00:00 128,512 -c--a-w C:\WINDOWS\system32\dllcache\nwscript.exe
+ 2002-09-28 22:00:00 138,240 -c--a-w C:\WINDOWS\system32\dllcache\nwscript.exe
- 2002-09-28 22:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
+ 2002-09-28 22:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
- 2002-09-28 22:00:00 53,248 -c--a-w C:\WINDOWS\system32\dllcache\odbcconf.exe
+ 2002-09-28 22:00:00 65,536 -c--a-w C:\WINDOWS\system32\dllcache\odbcconf.exe
- 2002-09-28 22:00:00 56,320 -c--a-w C:\WINDOWS\system32\dllcache\oemig50.exe
+ 2002-09-28 22:00:00 66,048 -c--a-w C:\WINDOWS\system32\dllcache\oemig50.exe
- 2002-09-28 22:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
+ 2002-09-28 22:00:00 59,904 -c--a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
- 2002-09-28 22:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\opnfiles.exe
+ 2002-09-28 22:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\opnfiles.exe
- 2002-09-28 22:00:00 212,992 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2002-09-28 22:00:00 222,720 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2002-09-28 22:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
+ 2002-09-28 22:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
- 2002-09-28 22:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
+ 2002-09-28 22:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
- 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe
+ 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe
- 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe
+ 2002-09-28 22:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe
- 2002-09-28 22:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2002-09-28 22:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
- 2002-09-28 22:00:00 274,944 -c--a-w C:\WINDOWS\system32\dllcache\pinball.exe
+ 2002-09-28 22:00:00 284,672 -c--a-w C:\WINDOWS\system32\dllcache\pinball.exe
- 2002-09-28 22:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\ping.exe
+ 2002-09-28 22:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\ping.exe
- 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe
+ 2002-09-28 22:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe
- 2002-09-28 22:00:00 70,144 -c--a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
+ 2002-09-28 22:00:00 79,872 -c--a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
- 2002-09-28 22:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\print.exe
+ 2002-09-28 22:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\print.exe
- 2002-09-28 22:00:00 207,360 -c--a-w C:\WINDOWS\system32\dllcache\progman.exe
+ 2002-09-28 22:00:00 217,088 -c--a-w C:\WINDOWS\system32\dllcache\progman.exe
- 2002-09-28 22:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\proquota.exe
+ 2002-09-28 22:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\proquota.exe
- 2002-09-28 22:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\proxycfg.exe
+ 2002-09-28 22:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\proxycfg.exe
- 2002-09-28 22:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
+ 2002-09-28 22:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
- 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\qprocess.exe
+ 2002-09-28 22:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\qprocess.exe
- 2002-09-28 22:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\query.exe
+ 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\query.exe
- 2002-09-28 22:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe
+ 2002-09-28 22:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe
- 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
+ 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
- 2002-09-28 22:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
+ 2002-09-28 22:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
- 2002-09-28 22:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
+ 2002-09-28 22:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
- 2002-09-28 22:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\rasphone.exe
+ 2002-09-28 22:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\rasphone.exe
- 2002-09-28 22:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
+ 2002-09-28 22:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
- 2002-09-28 22:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\rcp.exe
+ 2002-09-28 22:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\rcp.exe
- 2002-09-28 22:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\rdpclip.exe
+ 2002-09-28 22:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\rdpclip.exe
- 2002-09-28 22:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
+ 2002-09-28 22:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
- 2002-09-28 22:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\rdshost.exe
+ 2002-09-28 22:00:00 71,680 -c--a-w C:\WINDOWS\system32\dllcache\rdshost.exe
- 2002-09-28 22:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe
+ 2002-09-28 22:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe
- 2002-09-28 22:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\reg.exe
+ 2002-09-28 22:00:00 60,928 -c--a-w C:\WINDOWS\system32\dllcache\reg.exe
- 2002-09-28 22:00:00 137,216 -c--a-w C:\WINDOWS\system32\dllcache\regedit.exe
+ 2002-09-28 22:00:00 146,944 -c--a-w C:\WINDOWS\system32\dllcache\regedit.exe
- 2002-09-28 22:00:00 3,584 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe
+ 2002-09-28 22:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe
- 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe
+ 2002-09-28 22:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe
- 2002-09-28 22:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
+ 2002-09-28 22:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
- 2002-09-28 22:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\regsvr32.exe
+ 2002-09-28 22:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\regsvr32.exe
- 2002-09-28 22:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe
+ 2002-09-28 22:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe
- 2002-09-28 22:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe
+ 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe
- 2002-09-28 22:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe
+ 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe
- 2002-09-28 22:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\rexec.exe
+ 2002-09-28 22:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\rexec.exe
- 2002-09-28 22:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe
+ 2002-09-28 22:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe
- 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\rsh.exe
+ 2002-09-28 22:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\rsh.exe
- 2002-09-28 22:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
+ 2002-09-28 22:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
- 2002-09-28 22:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe
+ 2002-09-28 22:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe
- 2002-09-28 22:00:00 103,936 -c--a-w C:\WINDOWS\system32\dllcache\rsnotify.exe
+ 2002-09-28 22:00:00 113,664 -c--a-w C:\WINDOWS\system32\dllcache\rsnotify.exe
- 2002-09-28 22:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\rsopprov.exe
+ 2002-09-28 22:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\rsopprov.exe
- 2002-09-28 22:00:00 373,248 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
+ 2002-09-28 22:00:00 382,976 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
- 2002-09-28 22:00:00 132,608 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe
+ 2002-09-28 22:00:00 142,336 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe
- 2002-09-28 22:00:00 74,752 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
+ 2002-09-28 22:00:00 84,480 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
- 2002-09-28 22:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe
+ 2002-09-28 22:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe
- 2002-09-28 22:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\rundll32.exe
+ 2002-09-28 22:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\rundll32.exe
- 2002-09-28 22:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\runonce.exe
+ 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\runonce.exe
- 2002-09-28 22:00:00 42,574 -c--a-w C:\WINDOWS\system32\dllcache\rvsezm.exe
+ 2002-09-28 22:00:00 52,302 -c--a-w C:\WINDOWS\system32\dllcache\rvsezm.exe
- 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
+ 2002-09-28 22:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
- 2002-09-28 22:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
+ 2002-09-28 22:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
- 2002-09-28 22:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe
+ 2002-09-28 22:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe
- 2002-09-28 22:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe
+ 2002-09-28 22:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe
- 2002-09-28 22:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\scardsvr.exe
+ 2002-09-28 22:00:00 105,472 -c--a-w C:\WINDOWS\system32\dllcache\scardsvr.exe
- 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\scrcons.exe
+ 2002-09-28 22:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\scrcons.exe
- 2002-09-28 22:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\sctasks.exe
+ 2002-09-28 22:00:00 129,536 -c--a-w C:\WINDOWS\system32\dllcache\sctasks.exe
- 2002-09-28 22:00:00 71,680 -c--a-w C:\WINDOWS\system32\dllcache\sdbinst.exe
+ 2002-09-28 22:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\sdbinst.exe
- 2002-09-28 22:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\secedit.exe
+ 2002-09-28 22:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\secedit.exe
- 2002-09-28 22:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
+ 2002-09-28 22:00:00 111,616 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
- 2002-09-28 22:00:00 130,048 -c--a-w C:\WINDOWS\system32\dllcache\sessmgr.exe
+ 2002-09-28 22:00:00 139,776 -c--a-w C:\WINDOWS\system32\dllcache\sessmgr.exe
- 2002-09-28 22:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\sethc.exe
+ 2002-09-28 22:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\sethc.exe
- 2002-09-28 22:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\setup.exe
+ 2002-09-28 22:00:00 30,720 -c--a-w C:\WINDOWS\system32\dllcache\setup.exe
- 2002-09-28 22:00:00 225,280 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2002-09-28 22:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2002-09-28 22:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\setup50.exe
+ 2002-09-28 22:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\setup50.exe
- 2002-09-28 22:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe
+ 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe
- 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe
+ 2002-09-28 22:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe
- 2002-09-28 22:00:00 33,280 -c--a-w C:\WINDOWS\system32\dllcache\shmgrate.exe
+ 2002-09-28 22:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\shmgrate.exe
- 2002-09-28 22:00:00 70,144 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
+ 2002-09-28 22:00:00 79,872 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
- 2002-05-14 10:08:54 16,437 -c--a-w C:\WINDOWS\system32\dllcache\shtml.exe
+ 2002-05-14 10:08:54 28,725 -c--a-w C:\WINDOWS\system32\dllcache\shtml.exe
- 2002-09-28 22:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\shutdown.exe
+ 2002-09-28 22:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\shutdown.exe
- 2002-09-28 22:00:00 42,573 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
+ 2002-09-28 22:00:00 52,301 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
- 2002-09-28 22:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
+ 2002-09-28 22:00:00 76,288 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
- 2002-09-28 22:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\skeys.exe
+ 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\skeys.exe
- 2002-09-28 22:00:00 84,480 -c--a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe
+ 2002-09-28 22:00:00 94,208 -c--a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe
- 2002-09-28 22:00:00 125,440 -c--a-w C:\WINDOWS\system32\dllcache\sndrec32.exe
+ 2002-09-28 22:00:00 135,168 -c--a-w C:\WINDOWS\system32\dllcache\sndrec32.exe
- 2002-09-28 22:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
+ 2002-09-28 22:00:00 148,992 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
- 2002-09-28 22:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
+ 2002-09-28 22:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
- 2002-09-28 22:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\snmptrap.exe
+ 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\snmptrap.exe
- 2002-09-28 22:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
+ 2002-09-28 22:00:00 67,072 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
- 2002-09-28 22:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe
+ 2002-09-28 22:00:00 33,280 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe
- 2002-09-28 22:00:00 534,016 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
+ 2002-09-28 22:00:00 543,744 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
- 2002-09-28 22:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe
+ 2002-09-28 22:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe
- 2002-09-28 22:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
+ 2002-09-28 22:00:00 30,720 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
- 2002-09-28 22:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe
+ 2002-09-28 22:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe
- 2002-09-28 22:00:00 70,144 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
+ 2002-09-28 22:00:00 79,872 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
- 2002-09-28 22:00:00 37,376 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
+ 2002-09-28 22:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
- 2002-09-28 22:00:00 104,448 -c--a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe
+ 2002-09-28 22:00:00 114,176 -c--a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe
- 2002-09-28 22:00:00 3,072 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe
+ 2002-09-28 22:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe
- 2002-09-28 22:00:00 74,752 -c--a-w C:\WINDOWS\system32\dllcache\taskkill.exe
+ 2002-09-28 22:00:00 84,480 -c--a-w C:\WINDOWS\system32\dllcache\taskkill.exe
- 2002-09-28 22:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\tasklist.exe
+ 2002-09-28 22:00:00 83,456 -c--a-w C:\WINDOWS\system32\dllcache\tasklist.exe
- 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe
+ 2002-09-28 22:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe
- 2002-09-28 22:00:00 132,608 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe
+ 2002-09-28 22:00:00 142,336 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe
- 2002-09-28 22:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
+ 2002-09-28 22:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
- 2002-09-28 22:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
+ 2002-09-28 22:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
- 2002-05-14 10:08:54 32,827 -c--a-w C:\WINDOWS\system32\dllcache\tcptest.exe
+ 2002-05-14 10:08:54 45,115 -c--a-w C:\WINDOWS\system32\dllcache\tcptest.exe
- 2002-09-28 22:00:00 73,216 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2002-09-28 22:00:00 82,944 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2002-09-28 22:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2002-09-28 22:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
- 2002-09-28 22:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\tintlphr.exe
+ 2002-09-28 22:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\tintlphr.exe
- 2002-09-28 22:00:00 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2002-09-28 22:00:00 464,896 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
- 2002-09-28 22:00:00 59,904 -c--a-w C:\WINDOWS\system32\dllcache\tlntadmn.exe
+ 2002-09-28 22:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\tlntadmn.exe
- 2002-09-28 22:00:00 75,776 -c--a-w C:\WINDOWS\system32\dllcache\tlntsess.exe
+ 2002-09-28 22:00:00 85,504 -c--a-w C:\WINDOWS\system32\dllcache\tlntsess.exe
- 2002-09-28 22:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\tlntsvr.exe
+ 2002-09-28 22:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\tlntsvr.exe
- 2002-09-28 22:00:00 346,624 -c--a-w C:\WINDOWS\system32\dllcache\tourstrt.exe
+ 2002-09-28 22:00:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\tourstrt.exe
- 2002-09-28 22:00:00 232,448 -c--a-w C:\WINDOWS\system32\dllcache\tracerpt.exe
+ 2002-09-28 22:00:00 242,176 -c--a-w C:\WINDOWS\system32\dllcache\tracerpt.exe
- 2002-09-28 22:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\tracert.exe
+ 2002-09-28 22:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\tracert.exe
- 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe
+ 2002-09-28 22:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe
- 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe
+ 2002-09-28 22:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe
- 2002-09-28 22:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe
+ 2002-09-28 22:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe
- 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
+ 2002-09-28 22:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
- 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe
+ 2002-09-28 22:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe
- 2002-09-28 22:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\tsprof.exe
+ 2002-09-28 22:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\tsprof.exe
- 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
+ 2002-09-28 22:00:00 27,648 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
- 2002-09-28 22:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
+ 2002-09-28 22:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
- 2002-09-28 22:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\typeperf.exe
+ 2002-09-28 22:00:00 46,592 -c--a-w C:\WINDOWS\system32\dllcache\typeperf.exe
- 2002-09-28 22:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
+ 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
- 2002-09-28 22:00:00 249,856 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2002-09-28 22:00:00 262,144 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2002-09-28 22:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
+ 2002-09-28 22:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
- 2002-09-28 22:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\uploadm.exe
+ 2002-09-28 22:00:00 148,992 -c--a-w C:\WINDOWS\system32\dllcache\uploadm.exe
- 2002-09-28 22:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\upnpcont.exe
+ 2002-09-28 22:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\upnpcont.exe
- 2002-09-28 22:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\ups.exe
+ 2002-09-28 22:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\ups.exe
- 2002-09-28 22:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\userinit.exe
+ 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\userinit.exe
- 2002-09-28 22:00:00 47,616 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2002-09-28 22:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2002-09-28 22:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
+ 2002-09-28 22:00:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
- 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
+ 2002-09-28 22:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
- 2002-09-28 22:00:00 277,504 -c--a-w C:\WINDOWS\system32\dllcache\vssvc.exe
+ 2002-09-28 22:00:00 287,232 -c--a-w C:\WINDOWS\system32\dllcache\vssvc.exe
- 2002-09-28 22:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe
+ 2002-09-28 22:00:00 60,928 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe
- 2002-09-28 22:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
+ 2002-09-28 22:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
- 2002-09-28 22:00:00 27,648 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
+ 2002-09-28 22:00:00 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
- 2002-09-28 22:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe
+ 2002-09-28 22:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe
- 2002-09-28 22:00:00 159,744 -c--a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
+ 2002-09-28 22:00:00 169,472 -c--a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
- 2002-09-28 22:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\wextract.exe
+ 2002-09-28 22:00:00 71,168 -c--a-w C:\WINDOWS\system32\dllcache\wextract.exe
- 2002-09-28 22:00:00 416,768 -c--a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe
+ 2002-09-28 22:00:00 426,496 -c--a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe
- 2002-09-28 22:00:00 268,800 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
+ 2002-09-28 22:00:00 278,528 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
- 2002-09-28 22:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe
+ 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe
- 2002-09-28 22:00:00 519,168 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
+ 2002-09-28 22:00:00 528,896 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
+ 2002-09-28 22:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
- 2002-09-28 22:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
+ 2002-09-28 22:00:00 129,536 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
- 2002-09-28 22:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
+ 2002-09-28 22:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
- 2002-09-28 22:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\winver.exe
+ 2002-09-28 22:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\winver.exe
- 2002-09-28 22:00:00 183,808 -c--a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
+ 2002-09-28 22:00:00 193,536 -c--a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
- 2002-09-28 22:00:00 117,248 -c--a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe
+ 2002-09-28 22:00:00 126,976 -c--a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe
- 2002-09-28 22:00:00 337,408 -c--a-w C:\WINDOWS\system32\dllcache\wmic.exe
+ 2002-09-28 22:00:00 347,136 -c--a-w C:\WINDOWS\system32\dllcache\wmic.exe
- 2002-09-28 22:00:00 203,776 -c--a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe
+ 2002-09-28 22:00:00 213,504 -c--a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe
- 2002-09-28 22:00:00 520,192 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2002-09-28 22:00:00 532,480 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2002-09-28 22:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpstub.exe
+ 2002-09-28 22:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\wmpstub.exe
- 2002-09-28 22:00:00 203,264 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
+ 2002-09-28 22:00:00 212,992 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
- 2002-09-28 22:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
+ 2002-09-28 22:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
- 2002-09-28 22:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
+ 2002-09-28 22:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
- 2002-09-28 22:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
+ 2002-09-28 22:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
- 2002-09-28 22:00:00 118,834 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2002-09-28 22:00:00 131,122 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
- 2002-09-28 22:00:00 142,336 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2002-09-28 22:00:00 152,064 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2002-09-28 22:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
+ 2002-09-28 22:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
- 2002-09-28 22:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\xcopy.exe
+ 2002-09-28 22:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\xcopy.exe
- 2002-09-28 22:00:00 36,937 -c--a-w C:\WINDOWS\system32\dllcache\zclientm.exe
+ 2002-09-28 22:00:00 46,665 -c--a-w C:\WINDOWS\system32\dllcache\zclientm.exe
- 2002-09-28 22:00:00 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
+ 2002-09-28 22:00:00 23,552 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
- 2002-09-28 22:00:00 28,160 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
+ 2002-09-28 22:00:00 37,888 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
- 2002-09-28 22:00:00 50,176 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
+ 2002-09-28 22:00:00 59,904 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2002-09-28 22:00:00 47,104 ----a-w C:\WINDOWS\system32\Restore\srdiag.exe
+ 2002-09-28 22:00:00 56,832 ----a-w C:\WINDOWS\system32\Restore\srdiag.exe
+ 2008-07-03 19:15:10 61,440 ----a-w C:\WINDOWS\system32\sys3\setpack22.exe
- 2003-02-21 03:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
+ 2003-02-21 03:16:08 61,440 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
- 2002-09-28 22:00:00 99,328 ----a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2002-09-28 22:00:00 109,056 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2002-09-28 22:00:00 229,376 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
+ 2002-09-28 22:00:00 239,104 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
- 2002-09-28 22:00:00 16,384 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2002-09-28 22:00:00 26,112 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2002-09-28 22:00:00 33,792 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
+ 2002-09-28 22:00:00 43,520 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
- 2002-09-28 22:00:00 16,896 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
+ 2002-09-28 22:00:00 26,624 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
- 2002-09-28 22:00:00 159,744 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
+ 2002-09-28 22:00:00 169,472 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
- 2002-09-28 22:00:00 13,824 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
+ 2002-09-28 22:00:00 23,552 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
- 2002-09-28 22:00:00 337,408 ----a-w C:\WINDOWS\system32\wbem\wmic.exe
+ 2002-09-28 22:00:00 347,136 ----a-w C:\WINDOWS\system32\wbem\wmic.exe
- 2002-09-28 22:00:00 61,440 ----a-w C:\WINDOWS\system32\wextract.exe
+ 2002-09-28 22:00:00 71,168 ----a-w C:\WINDOWS\system32\wextract.exe
+ 2007-08-14 21:22:50 34,833 ----a-w C:\WINDOWS\system32\win1\SFRuID2.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 887296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]


*Newly Created Service* - CDRALW
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 15:48:20
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\linkinfo.dll 53248 bytes executable
C:\WINDOWS\system32\drivers\cdralw.sys 15872 bytes executable
C:\WINDOWS\system32\linkinfo.dll 15360 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdralw]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
Completion time: 2008-07-20 15:49:15
ComboFix-quarantined-files.txt 2008-07-20 13:49:12

Pre-Run: 28,208,111,616 bajtów wolnych
Post-Run: 28,206,985,216 bajtów wolnych

676

[Magik]

odpal
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

wkeljasz do notatnika

Kod: Zaznacz wszystko

C:\WINDOWS\system32\lcntstdm.exe
C:\WINDOWS\system32\g22.exe
C:\Temp\dpgFG87.exe
C:\WINDOWS\system32\tyndhekuoprhlj.exe
C:\WINDOWS\system32\tmp.reg

zapisujesz jako///reszte juz dobrze wiesz

[Gerwazy]

ComboFix

ComboFix 08-07-19.1 - Gerwazy 2008-07-20 16:02:40.4 - NTFSx86

Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerwazy\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 15:59 . 2008-07-20 15:59 36,864 --a------ C:\WINDOWS\system32\ezcron.dll
2008-07-20 15:59 . 2008-07-20 15:59 24,064 --a------ C:\WINDOWS\system32\ezcronk.exe
2008-07-20 15:36 . 2008-07-20 15:36 <DIR> d-------- C:\VundoFix Backups
2008-07-20 15:33 . 2008-07-20 15:33 <DIR> d-------- C:\WINDOWS\system32\win1
2008-07-20 15:33 . 2008-07-20 15:33 <DIR> d-------- C:\WINDOWS\system32\sys3
2008-07-20 15:33 . 2008-07-20 15:33 204,876 --a------ C:\WINDOWS\system32\lcntstdm.exe
2008-07-20 15:33 . 2008-07-20 15:33 152,194 --a------ C:\WINDOWS\system32\g22.exe
2008-07-20 15:33 . 2008-07-20 15:33 88,186 --a------ C:\Temp\dpgFG87.exe
2008-07-20 15:33 . 2008-07-20 15:33 64,332 --a------ C:\WINDOWS\system32\tyndhekuoprhlj.exe
2008-07-20 15:32 . 2008-07-20 15:32 <DIR> d-------- C:\WINDOWS\system32\carH04
2008-07-20 15:32 . 2008-07-20 15:34 <DIR> d-------- C:\Temp\btxv15
2008-07-20 15:32 . 2008-07-20 15:47 <DIR> d-------- C:\Temp
2008-07-20 15:24 . 2008-07-20 15:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-20 15:24 . 2008-07-20 15:31 <DIR> d-------- C:\SDFix
2008-07-20 12:32 . 2008-07-20 12:32 28,672 --a------ C:\WINDOWS\system32\woswelc.dll
2008-07-18 18:52 . 2008-07-18 18:56 <DIR> d-------- C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35 96,256 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40 92,672 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33 92,160 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21 91,648 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-18 13:07 . 2003-06-05 21:13 65,536 --a------ C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50 60,928 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36 35,328 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-16 15:38 <DIR> d-------- C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-13 19:55 <DIR> d-------- C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-13 19:27 <DIR> d-------- C:\xampp
2008-07-13 17:47 . 2008-07-13 17:47 <DIR> d-------- C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48 40,230 --a------ C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48 427 --a------ C:\WINDOWS\my.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 13:57 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-20 13:57 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-20 13:57 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-20 13:43 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-14 16:03 --------- d-----w C:\Program Files\Tibia
2008-07-13 13:01 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 12:53 --------- d-----w C:\Program Files\Thomson
2008-07-13 12:32 --------- d-----w C:\Program Files\ToniArts
2008-07-13 12:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 12:25 --------- d-----w C:\Program Files\Trend Micro
2008-07-13 12:23 --------- d-----w C:\Program Files\Gigabyte
2008-07-13 12:22 --------- d-----w C:\Program Files\VIA
2008-07-13 12:21 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-13 12:21 --------- d-----w C:\Program Files\AvRack
2008-07-13 12:20 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16 --------- d-----w C:\Program Files\ATI Technologies
2008-07-13 12:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 12:03 558,142 ----a-w C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03 155,995 ----a-w C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02 --------- d-----w C:\Program Files\Usługi online
.

------- Sigcheck -------

2002-09-29 00:00 22528 2c32caaba2bc6829af189b3016d620ba C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00 22528 071c877a8eda62c4a76925c1ad68aab0 C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00 1015296 c7532a235215d2e24c78bfd4caa250bd C:\WINDOWS\explorer.exe
2002-09-29 00:00 1015296 a423f0c63f6a3379a37c4684fb574667 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00 23040 044cdaa60f99a5a6fb9750ff4f5ff80e C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00 23040 01694517324cc9e45741a7123a2d725c C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00 60928 b2a4425b93ced041f4c74c343da23494 C:\WINDOWS\system32\spoolsv.exe
2002-09-29 00:00 60928 089feced29d0370e2589e4b47081061f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-07-20_15.49.06.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-20 13:33:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-20 13:59:39 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-20 13:33:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-20 13:59:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-07-20 13:33:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-20 13:59:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-28 22:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\ipv6.exe
+ 2002-09-28 22:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\ipv6.exe
- 2002-09-28 22:00:00 219,648 -c--a-w C:\WINDOWS\system32\dllcache\logon.scr
+ 2002-09-28 22:00:00 229,376 -c--a-w C:\WINDOWS\system32\dllcache\logon.scr
- 2002-09-28 22:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\relog.exe
+ 2002-09-28 22:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\relog.exe
- 2002-09-28 22:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\route.exe
+ 2002-09-28 22:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\route.exe
- 2002-09-28 22:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\scrnsave.scr
+ 2002-09-28 22:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\scrnsave.scr
+ 2008-07-20 13:57:32 5,632 ----a-w C:\WINDOWS\temp\wmsetup.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 887296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-20 15:57 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=ezcron.dll


*Newly Created Service* - CDRALW
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 16:03:28
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\linkinfo.dll 53248 bytes executable
C:\WINDOWS\system32\drivers\cdralw.sys 15872 bytes executable
C:\WINDOWS\system32\linkinfo.dll 15360 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdralw]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
Completion time: 2008-07-20 16:04:22
ComboFix-quarantined-files.txt 2008-07-20 14:04:18

Pre-Run: 28,607,791,104 bajtów wolnych
Post-Run: 28,599,545,856 bajtów wolnych


154

FixIEDef

********************************************************************************
* *
* FixIEDef Log *
* Version 1.5.1.5999 *
* *
********************************************************************************

Created at 15:59:37 on Sunday, July 20, 2008

Time Zone :

Logged On User : Gerwazy

Operating System : Dodatek Service Pack. 1
OS Version :
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\System32

Total Physical Memory : 261616 KB
Free Physical Memory : 99808 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2025872 KB

Boot State :

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\tmp.txt

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

[wojtas]

na początek:

Wykonaj to co jest podane w tym temacie
potem zainstaluj:

http://www.programosy.pl/program,comodo-firewall.html
i to:
http://www.programosy.pl/program,nod32.html

potem:

Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej

C:\WINDOWS\system32\carH04
C:\Temp
C:\VundoFix Backups
C:\WINDOWS\system32\win1
C:\WINDOWS\system32\sys3
C:\WINDOWS\system32\lcntstdm.exe
C:\WINDOWS\system32\g22.exe
C:\Temp\dpgFG87.exe
C:\WINDOWS\system32\tyndhekuoprhlj.exe
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\system32\woswelc.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\system32\linkinfo.dll
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\AppPatch\AcPlugin.dll

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Po całej operacji należy zresetować komputer

potem wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
"appinit_dlls"=""

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


i wracasz z nowymi logami z combofixa i hijacka

[Gerwazy]

ComboFix 08-07-19.1 - Gerwazy 2008-07-20 19:04:23.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.36 [GMT 2:00]
Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 18:59 . 2008-07-20 19:00 713,728 --a------ C:\WINDOWS\system32\hqghumea.dll
2008-07-20 17:40 . 2008-07-20 17:40 389,120 ---hs---- C:\WINDOWS\system32\winsro.exe
2008-07-20 16:37 . 2008-07-20 16:37 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-20 16:36 . 2008-07-20 16:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 16:36 . 2008-07-20 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-20 15:24 . 2008-07-20 15:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-18 18:52 . 2008-07-18 18:56 <DIR> d-------- C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40 83,456 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21 82,432 --a------ C:\WINDOWS\system32\404FIX.EXE
2008-07-18 13:07 . 2003-06-05 21:13 57,344 --a------ C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50 51,712 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36 26,112 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-20 16:47 <DIR> d-------- C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-20 16:46 <DIR> d-------- C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-20 16:56 <DIR> d-------- C:\xampp
2008-07-13 17:47 . 2008-07-20 16:48 <DIR> d-------- C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48 40,230 --a------ C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48 427 --a------ C:\WINDOWS\my.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 14:46 --------- d-----w C:\Program Files\Tibia
2008-07-20 14:45 --------- d-----w C:\Program Files\AvRack
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-13 13:01 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 12:53 --------- d-----w C:\Program Files\Thomson
2008-07-13 12:32 --------- d-----w C:\Program Files\ToniArts
2008-07-13 12:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 12:25 --------- d-----w C:\Program Files\Trend Micro
2008-07-13 12:23 --------- d-----w C:\Program Files\Gigabyte
2008-07-13 12:22 --------- d-----w C:\Program Files\VIA
2008-07-13 12:21 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-13 12:20 --------- d-----w C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16 --------- d-----w C:\Program Files\ATI Technologies
2008-07-13 12:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 12:03 558,142 ----a-w C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03 155,995 ----a-w C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02 --------- d-----w C:\Program Files\Usługi online
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

------- Sigcheck -------

md5deep: C:\WINDOWS\system32\svchost.exe: Permission denied
2002-09-29 00:00 12800 2a97d47128cf7f388c7614dd141e18a6 C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00 1006080 59bde136249c3c8792280f9ca7e63be0 C:\WINDOWS\EXPLORER.EXE
2002-09-29 00:00 1006080 1d189592616d67d20ac11996bc486bfd C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00 13824 eea18fa5de87a6305b45bdbd008fe8ee C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00 13824 ae65d00dddffc4d466e93700ff8f6e66 C:\WINDOWS\system32\dllcache\ctfmon.exe

md5deep: C:\WINDOWS\system32\spoolsv.exe: Permission denied
2002-09-29 00:00 51200 a632cbf77b95c443c45cbf12e0cfed14 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 878080]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 45056]

R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\System32\DRIVERS\nvmini.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 19:08:44
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-20 19:11:08
ComboFix-quarantined-files.txt 2008-07-20 17:10:34

Pre-Run: 27,627,814,912 bajtów wolnych
Post-Run: 27,612,672,000 bajtów wolnych

116

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:02, on 2008-07-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-21-1123561945-602162358-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Urządzenie alarmowe (Alerter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Przeglądarka komputera (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Usługi kryptograficzne (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Klient DHCP (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer dysków logicznych (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient DNS (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serwer (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Stacja robocza (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Połączenia sieciowe (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rejestr zdalny (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logowanie pomocnicze (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zapora połączenia internetowego / Udostępnianie połączenia internetowego (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Bufor wydruku (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługi terminalowe (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Kompozycje (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer przekazywania (uploadmgr) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Numer seryjny nośnika przenośnego (WmdmPmSp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe

--
End of file - 7930 bytes

[Magik]

Log z Hijacka wzorowo czysty

co zostalo...ano to

wklej do notatnika

Kod: Zaznacz wszystko

FILE::

C:\WINDOWS\system32\hqghumea.dll

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa

[Gerwazy]

Ok dzięki JAK NARAZIE WSZYSTKO DOBRZE.

[wojtas]

C:\WINDOWS\system32\winsro.exe

skasuj jeszcze to ^^ do kosza